ADATA LogoESG Logo
Search
LanguageLanguage
< Back
English
中文

Risk Management(Global)

Risk Management
Risk Management

Risk Management

ADATA conducts regular internal audits and self assessments, and establishes clear regulations to ensure operational risk control and to safeguard the information assets of customers and consumers.

Internal Audit

Mandate and Operations of the Internal Audit Function

The Company’s Internal Audit Department reports directly to the Board of Directors and performs its audit functions in accordance with the Global Internal Audit Standards (GIAS) issued by the Institute of Internal Auditors (IIA) and applicable regulatory requirements. Its main responsibilities include:

 

  1. Assessing the soundness, reasonableness, and effectiveness of the internal control and management systems, and ensuring they operate continuously and align with the Company’s strategic and operational needs.
  2. Planning and executing the annual internal audit plan and project-based audits, while coordinating with external auditors conducting concurrent assurance work.
  3. Reviewing the execution of operational processes, identifying control deficiencies, evaluating efficiency and risk exposure, and providing timely recommendations to assist the Board of Directors and management in fulfilling their responsibilities.
  4. Advising and monitoring business units to enhance internal processes and controls, improving operational efficiency and risk management performance.

 

Scope of Internal Audit

Internal audit activities cover group-wide operational processes, including the Company and all subsidiaries. The scope includes:

 

  1. Reviewing the execution of operational plans and evaluating the achievement of performance targets.
  2. Examining the utilization of corporate resources to ensure efficiency.
  3. Evaluating the completeness, compliance, and consistency of internal policies and procedures.
  4. Executing the annual audit plan and performing ad-hoc or special audits when necessary.
  5. Reviewing regulatory compliance and ensuring the safety of corporate assets, operations, and personnel.
  6. Identifying operational risks and recommending improvements to the risk management system.

 

Audit Timing and Procedures

The Internal Audit Department develops an annual audit plan based on risk assessment results and implements it after approval by the Board of Directors. Key procedures include:

 

  1. Defining the audit plan and scope based on industry trends, operational risks, and past audit frequency and results.
  2. Conducting fieldwork as planned, preparing working papers, and drafting audit reports. Audit findings and recommendations are communicated with audited units, which must submit corrective action plans and implementation timelines.
  3. Submitting audit reports to the Chairperson and relevant executives after review by the Chief Audit Executive (CAE). The Internal Audit Department conducts follow-up reviews to validate the progress of corrective actions and reports the results to the Board of Directors and independent directors.
  4. Reviewing the "Self-Assessment of Internal Control System" results conducted by business units and subsidiaries annually, and evaluating their accuracy and completeness. This serves as the primary basis for the Board of Directors to issue the Statement of Internal Control System.

 

Organization and Staffing of Internal Audit

 

  1. The Internal Audit Department comprises one Chief Audit Executive and five auditors. The Department reports directly to the Board of Directors and submits filings to the Financial Supervisory Commission (FSC) annually as required.
  2. The appointment or dismissal of the Chief Audit Executive shall be approved by the Audit Committee and ratified by the Board of Directors. The CAE reports on audit plan execution, results, and improvement progress at each regular board meeting.
  3. The appointment, evaluation, and compensation of audit personnel are approved by the Chairperson based on the recommendation of the Chief Audit Executive. Auditor qualifications and training requirements comply with the FSC’s "Regulations Governing the Establishment of Internal Control Systems by Public Companies."
  4. Audit personnel complete the required annual continuing professional education (CPE) hours and report to the competent authority within the prescribed period to maintain professional competence and comply with regulatory and international internal auditing standards.

 

Communication Mechanisms Among Independent Directors, the Chief Audit Executive, and External Auditors

 

  1. Independent directors may communicate at any time with the Chief Financial Officer, Chief Audit Executive, and external auditors on significant or unusual matters and convene meetings when necessary.
  2. Upon completing an audit report, the Chief Audit Executive submits it to independent directors for review before the end of the following month and reports audit execution progress and corrective actions at regular board meetings.
  3. Independent directors meet with the Chief Audit Executive and external auditors at least once a year in person to ensure open communication and information transparency.