●Articles of Incorporation
Articles of Incorporation
● Internal Audit
Operation of Internal Audit
Statement of Internal Control System
I. On August 11, 2020, the Board of Directors approved the appointment of a dedicated Corporate Governance Officer, who is the top executive in charge of corporate governance-related matters . The business implementation included the following :
1. Organize the meetings of the Board of Directors and the Shareholders' meetings in accordance with the law.
2. Prepare the minutes of the meetings of the Board of Directors and the Shareholders' meetings.
3. Assist directors in assuming office and pursuing continuing education.
4. Provide directors with required information for business execution.
5. Assist directors in complying with the laws and regulations.
6. Report to the Board of Directors on the reviewing results of the compliance of the independent directors’ qualifications with the relevant laws and regulations at the time of their nomination, election and during their term of office.
7. Handle matters related to the change of directors.
8. Other matters stipulated in the Articles of Incorporation or contracts.
III. The continuing education of the Corporate Governance Officer is as follows:
Professional training institutes
|Taiwan Institute for Sustainable Energy
IV. The Corporate Governance Report as follows :
●Implementation of prevention of insider trading
I. The Company has stipulated the prohibition of insider trading in Article 8 of the "Code of Ethical Conduct for Directors and Mangers", Article 15 of the "Procedures for Ethical Management and Guidelines for Conduct", and the "Procedures for Handling Material Inside Information". Besides, it has stipulated the prevention of improper disclosure of information in the "Procedures for Handling Material Internal Information".
II.The Company has stipulated the prohibition of insider trading in Article 16-1 of the ''Procedures for Handling Material Inside Information'' :
The directors ,managers and employees not to trade their shares before the news was made public or during the closed periods
1.Upon actually knowing any company financial report that will have a material impact on the price of the securities of persons specified, after the information is made definite, and prior to the public disclosure of such information, or within 18 hours after its public disclosure, such persons shall not purchase or sell, in the person's own name or in the name of another, non-equity corporate bonds that are listed on an exchange or an over-the-counter market.
2.Not to trade their shares before the news was made public or during the closed periods of 30 days before the annual financial report announcement and 15 days before the quarterly financial report announcement
III. The Company electronically informed the directors of the date of the meeting of the Board of Directors and the date of the financial report announcement . Additionally, it reminded the directors and insiders not to trade their shares before the news was made public or during the closed periods of 30 days before the annual financial report announcement and 15 days before the quarterly financial report announcement to comply with the laws and regulations.
IV. The details of the Company's insider trading education and training for 2023 are as follows:
Directors and managerial officers
Promotion of Non-compliance Patterns in Declaration of Insider Equity Changes
2023 Annual Prevention of Insider Trading Promotion Conference
112(2023) Awareness Education for Compliance in Insider Share Trading
Implementation of Integrity in Business (including "Prevention of Insider Trading" and "Insider Trading Case Study")
2023 Awareness Education for Compliance in Insider Share Trading
V.Related specifications as follows :
Directors and Managers Morality
code of conduct
Integrity management procedures and Code
Internal procedures for handling major
●Human Rights Policy andHuman Rights Concerns and Operations
I. The Company complies with the laws and regulations of its location and follows the spirit and basic principles of human rights protection enshrined in the Universal Declaration of Human Rights, the Global Covenant, the International Labor Organization Convention and various international human rights conventions, and actively implements various policies to protect human rights in the formulation of various regulations, treats and values all employees, and fully realizes its responsibility to respect and protect human rights.
II. The details of the Company's ''Huaman Rights Policy'' and ''Human Rights Concerns and Operations'' as follows :
Human Rights Policy Statement
Human Rights Concerns and Operations
I.The Company’s employee benefits include the following: Labor insurance, employer's compensation contract liability insurance, retirement benefits, annual health checkups, gifts for weddings, funerals, or births, working uniforms, bonuses or gifts for the three major holidays, employee remuneration, discounts for employees to purchase the Company’s construction projects, specific hotel accommodation discounts, year-end evening parties, and employee travels.
II.The Company has formulated the "Measures for Employee Travals''domestic and international tourism was organized,and holds regular or irregular seminars on education and training for employees.
III.Employee benefits and implementation,Work environment and employee safety protection measures as follows :
Employee benefits and
●Risk Management Policies and Procedures
I. On November 11, 2020, the Board of Directors resolved to formulate the "Risk Management Policies" to strengthen the Company's governance and establish sound risk management to control the risks that may arise from various businesses within a tolerable range, so as to reasonably ensure the achievement of the Company's objectives.
II. The Company's risk management policies cover organization authority and responsibility, risk analysis, risk types, risk management process, information and communication.
III. The Company has established a risk management organization to distinguish risk management authorities and responsibilities. Each department must analyze and identify risks in order to effectively identify, measure, and control each of the Company's risks and keep them within acceptable range.
●Risk management scope and organizational structure
I. The risk management of the Company includes the management of "market risk", "investment risk", "credit risk", "hazard risk", "operational risk", "legal risk" and "other risks", as described below :
1. Market risk: Including the impact on the Company's finance and business due to domestic and foreign economic as well as technological and industrial changes, and the risk of financial loss resulting from changes in the value of financial assets and liabilities (including assets and liabilities on- and off-the statement of financial position) due to fluctuations in market risk factors (interest rates, exchange rates, stock prices and commodity prices).
2. Investment risk: Including fluctuations in the market price of short-term investments such as derivative transactions and financial wealth management; the operation and management of long-term investee companies.
3.Credit risk: refers to risks that customers, suppliers and counter-parties may fail to fulfill their contracts or obligations, resulting in losses.
4.Hazard risk: Safety protection and emergency response, referring to the risk of occurrence of major hazard events and losses.
5.Operational risk: refers to losses to the Company due to internal control negligence, human management and information system improprieties or failures.
Legal risk: refers to potential risks of financial or goodwill losses due to failure to comply with relevant regulations or the contract itself has no legal effect, ultra vires behavior, inadequate regulations, omissions in terms, or other factors, resulting in failure to bind the counterparty to perform its obligations in accordance with the contract.
7.Other risks: refer to risks that are not one of the above, but that would cause the Company to incur a material loss.
II. The Company's risk management organization structure, descriptions and appendices are as follows :
1. Board of Directors
The Board of Directors is the highest governance unit of the Company to establish effective risk management. It determines the overall risk management policy, supervises the operation mechanism related to risk management, and assumes the responsibility of risk management in accordance with the overall operation strategy and business environment.
2. Risk management promotion and implementation unit
The Company assigns the Senior Management to be the promotion and implementation unit for risk management, in charge of planning, executing and supervising risk management related matters.
3. Senior Management (President, Vice Presidents)
Coordinate cross-departmental risk management and communication.
4. Executives of all the Company's divisions
(1) Perform daily risk management activities.
(2) Responsible for analyzing and monitoring the risks associated with their units.
(3) After the risk is resolved, what shall be done to avoid or reduce the risk in the future?
5. Auditing Office
Supervise the risk management of each department of the Company.
Risk Management Policies
●Risk management operations
The Company's risk management operations were reported to the meetings of the Board of Directors on March 16, 2023, May 11, 2023, August 10, 2023, and November 11, 2023, and the reports are as follows:
1. Operational risks: The Company reviews the operational risks arising from the internal and
external environment from time to time, and responds to them early to reduce risks and losses.
2.Interest Rate Risk：Central Bank of the R.O.C. continuous interest rate hikes since 2022,that increase the cost of capital , hence,issued guaranteed ordinary corporate bonds in 2023 September to reduce capital pressure and risks .
3.Human capital risk : Resently younger generations are less interested in the construction industry has led to labor shortages,the company are evaluating others manpower deployment.
●Cyber Security Management:
(I) Cyber security risk management framework
In order to enhance the cyber security management, the executive of Information Department and colleagues are currently performing the duties related to "cyber security management unit" to regularly evaluate cyber security risks, review cyber security policies and implement the promotion. Besides, the results of cyber security implementation are regularly reported to the Board of Directors every year.
(II) Cyber security policy
1. The Company follows the laws and regulations to establish relevant information
security management regulations and provides appropriate protection for our
information assets to ensure their confidentiality, integrity, availability and legal
2. Regularly evaluate the impact of various man-made and natural disasters on our
information assets, and formulate disaster prevention and recovery plans for important
information assets and critical businesses to ensure the continuity of our business
3. Supervise our colleagues to implement cyber security protection, to establish the
concept of "information security, everyone's responsibility", and to raise the awareness
of cyber security among all divisions and employees
(III) Specific Cyber Security Management schemes
In addition to conforming to international cyber security standards, cyber related operations must also comply with relevant domestic cyber security laws and regulations.
2.Software and hardware protection
If the software system requires external connection for maintenance, it must pass the firewall rule and dynamically establish connection information for connection. For hardware equipment, access to the information room must be controlled by the access control system to reduce theft or vandalism.
3.Backup and restoration
The system backups are automatically executed in batches, and are included in the daily inspection checklist, and are verified by information personnel one by one, so that the system can be restored within a short period of time in response to various unexpected situations that cause system damage, and so that colleagues can resume normal operations as soon as possible.
4.Prevention and drills
The Company regularly reviews the information security mechanism and performs routine security tests. In addition, it irregularly educates our employees about cyber security in order to prevent in advance, effectively detect incidents, and prevent the spread.
5.New knowledge of cyber security
In recent years, the prevalent attack methods include DDoS, ransomware viruses, social engineering, and even fake websites (password modification, lottery notification, etc.). The Company keeps in touch and communicates with domestic cyber securityrelated vendors to understand the new cyber security threats and contingency measures of the current Internet generation through existing network resources.
Continuous response to the Covid-19
Establish a secure and reliable cloud office operating environment, including: VPN connection, cloud switchboard and import cloud enterprise resources tools (including online meeting), to meet the needs of employees to continue to work from home in response to the epidemic and to ensure that the Company's business can maintain normal operations.
(IV) Invest resources in the cyber security management
In recent years, the Company has gradually invested in following equipment, services and policies to strengthen the internal cyber security：
1.Build a secure communication network
In order to enhance the security of the Company's network, the Information Department has gradually upgraded related network security equipment in recent years, such as FireWall, Thin AP, and other hardware to divide the wired and wireless network applications into public and private parts, and the VPN connection mechanism is used to provide external locations or employees who need to work in different locations to ensure that employees can complete their work remotely and synchronously in a secure way.
2.Provide complete data storage mechanism
By using NAS devices to build local and off-site synchronous backup mechanism, information personnel can assist in restoring the operation in a short time when the relevant system equipment or computers are damaged; or in case of any natural, technical or human-generated hazardous events, the risk of data loss and irreversibility can be greatly reduced.
3.Import cloudbased enterprise resource management tools
In terms of hardware equipment, a large amount of system construction, management and maintenance costs can be eliminated, allowing information teams to focus on providing more secure system services and applications; and in terms of software services, the combination of complete, professional and reliable tool services from system service providers not only allows employees to greatly reduce the risk of exposure to advertising mail, spam and mail viruses when sending and receiving emails, but also enables employees to use online collaboration tools more quickly and securely to complete tasks in this fast-changing information generation through occasional education and promotion by information personnel. In addition, through regular education and promotion by information personnel, employees can make good use of online collaborative operation tools to complete tasks more quickly and safely in this fast-changing information generation, thus enhancing team work efficiency
4. Employee operation certification mechanism
Based on human resources management, the Company has gradually established a complete and consistent operation certification method, which can integrate access control and related business equipment usage to ensure the safety of equipment, personnel, and data, and to maintain the confidentiality of each employee's work within their responsibilities
5. Legal asset use management
The Company uses asset management tools to take inventory of related information equipment and software resources within the enterprise. It ensures the legality and security of resource usage authorization through daily inspections and regular auditing operations to avoid the use of resources from unknown sources that may create unintended cyber security loopholes and cause unnecessary losses to the Company.
6. Enhance employees’ cyber security awareness
In response to the ever-changing cyber security attack techniques and risks, the information team conducts cyber security promotion and audits irregularly, such as information bulletins, case sharing, education and training, and system audits, to enhance employees' information literacy and cyber security awareness.
(V) Risk management operations of cyber security
The Company reported the risk management operations to the Board of Directors in 2023 as follows:
1.Avoid the use of resources from unauthorized sources that may create unintended cyber security loopholes.
2.Reminding colleagues to change passwords from time to time to reduce the risk of hacker attacks.
3. The Company reviews the operational risks arising from the internal and external environment from time to time, and responds to them early to reduce risks and losses.
(VI) The losses, possible impacts and countermeasures of major cyber security incidents in the most recent year and up to the date of publication of the annual report: None