●Articles of Incorporation

Articles of Incorporation
(2022.06.23股東會通過)

● Internal Audit

Operation of Internal Audit

  1. 本公司稽核人員執行稽核工作前,應擬定稽核計畫,其內容包括稽核期間、稽核項目及稽核範圍,以達成調查評估公司各執行其指定職能之效率為目的。
  2. 稽核人員應將稽核計劃呈董事長核示、董事會通過。定期性稽核由稽核人員依計劃執行;專案稽核由董事會、董事長或其授權人員之指示辦理。
  3. 稽核人員應就稽核工作所發掘之問題加以分析,並與受查單位就稽核項目查核結果充分溝通,對於檢查所發現之內部控制制度缺失及異常事項,應據實揭露於稽核報告,並向適當層級之管理階層、董事會及監察人溝通,並及時改善。
  4. 稽核人員於稽核報告陳核後應追蹤該報告所提之改進事項的執行進度及結果,並至少按季作成追蹤報告至改善為止,以確定相關單位業已及時採取適當之改善措施及時改善。

Statement of Internal Control System

內部稽核人員之任免、考評、薪資報酬

  1. 本公司於「員工職等薪資管理辦法」規定:內部稽核人員之考評、薪資報酬由稽核主管簽報董事長核定。
  2. 本公司109年度內部稽核主管之任免,簽報董事長核定,並經審計委員會二分之一以上同意及董事會過半數決議通過。
  3. 本公司110年度內部稽核主管並無異動。
  4. 本公司110年度內部稽核人員考評及薪資報酬,由稽核主管簽報至本公司董事長。
  5. 本公司111年度內部稽核人員考評及薪資報酬,由稽核主管簽報至本公司董事長。

●公司治理主管之設置及職權

I. On August 11, 2020, the Board of Directors approved the appointment of a dedicated Corporate Governance Officer, who is the top executive in charge of corporate governance-related matters . The business implementation included the following :

1. Organize the meetings of the Board of Directors and the Shareholders' meetings in accordance with the law.

2. Prepare the minutes of the meetings of the Board of Directors and the Shareholders' meetings.

3. Assist directors in assuming office and pursuing continuing education.

4. Provide directors with required information for business execution.

5. Assist directors in complying with the laws and regulations.

6. Report to the Board of Directors on the reviewing results of the compliance of the independent directors’ qualifications with the relevant laws and regulations at the time of their nomination, election and during their term of office.

7. Handle matters related to the change of directors.

8. Other matters stipulated in the Articles of Incorporation or contracts.

二、公司治理主管業務執行情形如下:

  1.協助董事執行職務、提供所需資料並安排董事進修:

   (1).針對公司經營領域以及公司治理相關之最新法令規章修訂發展,提供董事會成員,並定期更新。

   (2).檢視相關資訊機密等級並提供董事所需之公司資訊,維持董事和公司內部溝通、交流順暢。

   (3).獨立董事依照公司治理實務守則,有與內部稽核主管或簽證會計師個別會面瞭解公司財務業務之需要時,協助安排相關會議。

   (4).依照公司產業特性及董事學、經歷背景,協助獨立董事及一般董事擬定年度進修計畫及安排課程。

  2.協助董事會及股東會議事程序及決議法遵事宜:

   (1).確認公司股東會及董事會召開是否符合相關法律及公司治理守則規範。

   (2).協助且提醒董事於執行業務或做成董事會正式決議時應遵守之法規。

   (3).會後負責檢核董事會重要決議之重大訊息發布事宜,確保重訊內容之適法性及正確性,以保障投資人交易資訊對等。

  3.擬訂董事會議程、召集會議,並於會議七日前通知董事及提供會議資料,議題如需利益迴避予以事前提醒,並於會後二十天內完成董事會議事錄。

  4.依法辦理股東會日期事前登記、法定期限內製作開會通知、議事手冊、議事錄。

III. The continuing education of the Corporate Governance Officer is as follows: 

Training period

Professional training institutes

Training courses

Course Hours

112Course Hours

From

To

112/04/20 112/04/22 Taiwan Institute for Sustainable Energy 上市公司氣候行動管理人員培訓班 20

20

IV. The Corporate Governance Report as follows :

Organization
Chart

●Implementation of prevention of insider trading

I. The Company has stipulated the prohibition of insider trading in Article 8 of the "Code of Ethical Conduct for Directors and Mangers", Article 15 of the "Procedures for Ethical Management and Guidelines for Conduct", and the "Procedures for Handling Material Inside Information". Besides, it has stipulated the prevention of improper disclosure of information in the "Procedures for Handling Material Internal Information".

II.The Company has stipulated the prohibition of insider trading in Article 16-1 of the ''Procedures for Handling Material Inside Information'' :

The directors ,managers and employees not to trade their shares before the news was made public or during the closed periods
1.Upon actually knowing any company financial report that will have a material impact on the price of the securities of persons specified, after the information is made definite, and prior to the public disclosure of such information, or within 18 hours after its public disclosure, such persons shall not purchase or sell, in the person's own name or in the name of another, non-equity corporate bonds that are listed on an exchange or an over-the-counter market.
2.Not to trade their shares before the news was made public or during the closed periods of 30 days before the annual financial report announcement and 15 days before the quarterly financial report announcement

III. The Company electronically informed the directors of the date of the meeting of the Board of Directors and the date of the financial report announcement . Additionally, it reminded the directors and insiders not to trade their shares before the news was made public or during the closed periods of 30 days before the annual financial report announcement and 15 days before the quarterly financial report announcement to comply with the laws and regulations.

IV. The details of the Company's insider trading education and training for 2023 are as follows:

Trainee

Date

Topics

Hours

Attendance

Directors and managerial officers

112/03/1605/1108/1011/11

Internal training:

Promotion of Non-compliance Patterns in Declaration of Insider Equity Changes

0.5hours

64.

Director 

112/02/24、10/13、10/20

External Training:

2023 Annual Prevention of Insider Trading Promotion Conference

3hours

Managerial officers

112/11/19

External Training:

112(2023) Awareness Education for Compliance in Insider Share Trading

3hours

2.

Employees

112/08/19

Internal training:

Implementation of Integrity in Business (including "Prevention of Insider Trading" and "Insider Trading Case Study")

2hours

25

Employees

112/10/20

External Training:

2023 Awareness Education for Compliance in Insider Share Trading

3hours

1.

V.Related specifications as follows :

Directors and Managers Morality
code of conduct

Integrity management procedures and Code
Conduct

Internal procedures for handling major
information

Human Rights Policy andHuman Rights Concerns and Operations

I. The Company complies with the laws and regulations of its location and follows the spirit and basic principles of human rights protection enshrined in the Universal Declaration of Human Rights, the Global Covenant, the International Labor Organization Convention and various international human rights conventions, and actively implements various policies to protect human rights in the formulation of various regulations, treats and values all employees, and fully realizes its responsibility to respect and protect human rights.

II. The details of the Company's ''Huaman Rights Policy'' and ''Human Rights Concerns and Operations'' as follows :

Human Rights Policy Statement

Human Rights Concerns and Operations

●Employee Benefits

I.The Company’s employee benefits include the following: Labor insurance, employer's compensation contract liability insurance, retirement benefits, annual health checkups, gifts for weddings, funerals, or births, working uniforms, bonuses or gifts for the three major holidays, employee remuneration, discounts for employees to purchase the Company’s construction projects, specific hotel accommodation discounts, year-end evening parties, and employee travels.

II.The Company has formulated the "Measures for Employee Travals''domestic and international tourism was organized,and holds regular or irregular seminars on education and training for employees.

III.Employee benefits and implementation,Work environment and employee safety protection measures as follows :

Employee benefits and
implementation

●Risk Management Policies and Procedures

I. On November 11, 2020, the Board of Directors resolved to formulate the "Risk Management Policies" to strengthen the Company's governance and establish sound risk management to control the risks that may arise from various businesses within a tolerable range, so as to reasonably ensure the achievement of the Company's objectives.

II. The Company's risk management policies cover organization authority and responsibility, risk analysis, risk types, risk management process, information and communication.

III. The Company has established a risk management organization to distinguish risk management authorities and responsibilities. Each department must analyze and identify risks in order to effectively identify, measure, and control each of the Company's risks and keep them within acceptable range.

●Risk management scope and organizational structure

I. The risk management of the Company includes the management of "market risk", "investment risk", "credit risk", "hazard risk", "operational risk", "legal risk" and "other risks", as described below :

1. Market risk: Including the impact on the Company's finance and business due to domestic and foreign economic as well as technological and industrial changes, and the risk of financial loss resulting from changes in the value of financial assets and liabilities (including assets and liabilities on- and off-the statement of financial position) due to fluctuations in market risk factors (interest rates, exchange rates, stock prices and commodity prices).

2. Investment risk: Including fluctuations in the market price of short-term investments such as derivative transactions and financial wealth management; the operation and management of long-term investee companies.

3.Credit risk: refers to risks that customers, suppliers and counter-parties may fail to fulfill their contracts or obligations, resulting in losses.

4.Hazard risk: Safety protection and emergency response, referring to the risk of occurrence of major hazard events and losses.

5.Operational risk: refers to losses to the Company due to internal control negligence, human management and information system improprieties or failures.

Legal risk: refers to potential risks of financial or goodwill losses due to failure to comply with relevant regulations or the contract itself has no legal effect, ultra vires behavior, inadequate regulations, omissions in terms, or other factors, resulting in failure to bind the counterparty to perform its obligations in accordance with the contract.

7.Other risks: refer to risks that are not one of the above, but that would cause the Company to incur a material loss.

II. The Company's risk management organization structure, descriptions and appendices are as follows :

1. Board of Directors

The Board of Directors is the highest governance unit of the Company to establish effective risk management. It determines the overall risk management policy, supervises the operation mechanism related to risk management, and assumes the responsibility of risk management in accordance with the overall operation strategy and business environment.

2. Risk management promotion and implementation unit

The Company assigns the Senior Management to be the promotion and implementation unit for risk management, in charge of planning, executing and supervising risk management related matters.

3. Senior Management (President, Vice Presidents)

Coordinate cross-departmental risk management and communication.

4. Executives of all the Company's divisions

(1) Perform daily risk management activities.

(2) Responsible for analyzing and monitoring the risks associated with their units.

(3) After the risk is resolved, what shall be done to avoid or reduce the risk in the future?

5. Auditing Office

Supervise the risk management of each department of the Company.

Risk Management Policies

●Risk management operations

The Company's risk management operations were reported to the meetings of the Board of Directors on March 16, 2023, May 11, 2023, August 10, 2023, and November 11, 2023, and the reports are as follows:

1. Operational risks: The Company reviews the operational risks arising from the internal and external environment from time to time, and responds to them early to reduce risks and losses.

2.Interest Rate Risk:Central Bank of the R.O.C. continuous interest rate hikes since 2022,that increase the cost of capital , hence,issued guaranteed ordinary corporate bonds in 2023 September to reduce capital pressure and risks .

3.Human capital risk : Resently younger generations are less interested in the construction industry has led to labor shortages,the company are evaluating others manpower deployment.

●Cyber Security Management:

(I) Cyber security risk management framework

In order to enhance the cyber security management, the executive of Information Department and colleagues are currently performing the duties related to "cyber security management unit" to regularly evaluate cyber security risks, review cyber security policies and implement the promotion. Besides, the results of cyber security implementation are regularly reported to the Board of Directors every year.

(II) Cyber security policy

1. The Company follows the laws and regulations to establish relevant information security management regulations and provides appropriate protection for our information assets to ensure their confidentiality, integrity, availability and legal compliance.
2. Regularly evaluate the impact of various man-made and natural disasters on our information assets, and formulate disaster prevention and recovery plans for important information assets and critical businesses to ensure the continuity of our business operations.
3. Supervise our colleagues to implement cyber security protection, to establish the concept of "information security, everyone's responsibility", and to raise the awareness of cyber security among all divisions and employees

(III) Specific Cyber Security Management schemes

Category

Management scheme

1.Legal compliance

In addition to conforming to international cyber security standards, cyber related operations must also comply with relevant domestic cyber security laws and regulations.

2.Software and hardware protection

If the software system requires external connection for maintenance, it must pass the firewall rule and dynamically establish connection information for connection. For hardware equipment, access to the information room must be controlled by the access control system to reduce theft or vandalism.

3.Backup and restoration

The system backups are automatically executed in batches, and are included in the daily inspection checklist, and are verified by information personnel one by one, so that the system can be restored within a short period of time in response to various unexpected situations that cause system damage, and so that colleagues can resume normal operations as soon as possible.

4.Prevention and drills

The Company regularly reviews the information security mechanism and performs routine security tests. In addition, it irregularly educates our employees about cyber security in order to prevent in advance, effectively detect incidents, and prevent the spread.

5.New knowledge of cyber security

In recent years, the prevalent attack methods include DDoS, ransomware viruses, social engineering, and even fake websites (password modification, lottery notification, etc.). The Company keeps in touch and communicates with domestic cyber securityrelated vendors to understand the new cyber security threats and contingency measures of the current Internet generation through existing network resources.

Continuous response to the Covid-19

Establish a secure and reliable cloud office operating environment, including: VPN connection, cloud switchboard and import cloud enterprise resources tools (including online meeting), to meet the needs of employees to continue to work from home in response to the epidemic and to ensure that the Company's business can maintain normal operations.

(IV) Invest resources in the cyber security management

In recent years, the Company has gradually invested in following equipment, services and policies to strengthen the internal cyber security:

Invested resources

Relevant description

 1.Build a secure communication network

In order to enhance the security of the Company's network, the Information Department has gradually upgraded related network security equipment in recent years, such as FireWall, Thin AP, and other hardware to divide the wired and wireless network applications into public and private parts, and the VPN connection mechanism is used to provide external locations or employees who need to work in different locations to ensure that employees can complete their work remotely and synchronously in a secure way.

 2.Provide complete data storage mechanism

By using NAS devices to build local and off-site synchronous backup mechanism, information personnel can assist in restoring the operation in a short time when the relevant system equipment or computers are damaged; or in case of any natural, technical or human-generated hazardous events, the risk of data loss and irreversibility can be greatly reduced.

 3.Import cloudbased enterprise resource management tools

In terms of hardware equipment, a large amount of system construction, management and maintenance costs can be eliminated, allowing information teams to focus on providing more secure system services and applications; and in terms of software services, the combination of complete, professional and reliable tool services from system service providers not only allows employees to greatly reduce the risk of exposure to advertising mail, spam and mail viruses when sending and receiving emails, but also enables employees to use online collaboration tools more quickly and securely to complete tasks in this fast-changing information generation through occasional education and promotion by information personnel. In addition, through regular education and promotion by information personnel, employees can make good use of online collaborative operation tools to complete tasks more quickly and safely in this fast-changing information generation, thus enhancing team work efficiency

 4. Employee operation certification mechanism

Based on human resources management, the Company has gradually established a complete and consistent operation certification method, which can integrate access control and related business equipment usage to ensure the safety of equipment, personnel, and data, and to maintain the confidentiality of each employee's work within their responsibilities

 5. Legal asset use management

The Company uses asset management tools to take inventory of related information equipment and software resources within the enterprise. It ensures the legality and security of resource usage authorization through daily inspections and regular auditing operations to avoid the use of resources from unknown sources that may create unintended cyber security loopholes and cause unnecessary losses to the Company.

 6. Enhance employees’ cyber security awareness

In response to the ever-changing cyber security attack techniques and risks, the information team conducts cyber security promotion and audits irregularly, such as information bulletins, case sharing, education and training, and system audits, to enhance employees' information literacy and cyber security awareness.

(V) Risk management operations of cyber security

The Company reported the risk management operations to the Board of Directors in 2023 as follows:

1.Avoid the use of resources from unauthorized sources that may create unintended cyber security loopholes.

2.Reminding colleagues to change passwords from time to time to reduce the risk of hacker attacks.

3. The Company reviews the operational risks arising from the internal and external environment from time to time, and responds to them early to reduce risks and losses.

(VI) The losses, possible impacts and countermeasures of major cyber security incidents in the most recent year and up to the date of publication of the annual report: None