Risk and Information Security
Procedures for Policies of Risk Management
In a rapidly changing global environment, risk management is key to Fusheng Precision operational resilience. We implement tiered decision-making and response processes across all risk levels—from identification and assessment to mitigation and tracking—forming a complete risk management system.
By integrating internal and external resources, we respond swiftly to challenges, minimize impacts, and ensure stable operations while maintaining trust with customers and stakeholders.
| Annual Strategic Meeting | Annual mid-and-long term strategic planning for each business/function unit |
| Board of Directors/Audit Committee Remuneration Committee | Decision-making for material business operation matters |
| Quarterly Review on Business Unit Performance | Tracking of business unit’s short-and-medium term strategies and market dynamics |
| Monthly Business Meeting | Review monthly performance results |
| Weekly Meeting | Real-time response to customer demand and production scheduling |
| Daily Meeting | Handling and feedback of daily operation’s exception |
Internal Control
Fusheng Precision follows the Financial Supervisory Commission’s “Regulations Governing the Establishment of Internal Control Systems by Public Companies” (hereinafter referred to as the “Regulations”) to ensure rigorous and transparent corporate governance.
The Board and management align shareholder interests with corporate social responsibility, establishing mechanisms to identify, measure, control, and supervise risks across departments.
Five Components of Internal Control System
Our internal control system covers five core areas, regularly updated to ensure forward-looking and reliable decision-making.
| Item | Content |
|---|---|
| Control Environment | It is the basis for the company's internal control system to be designed. The control environment includes the company's integrity and moral values, the governance and supervision responsibilities of the board of directors and supervisors, the organizational structure, the allocation of powers and responsibilities, human resources policies, performance measurement, rewards and punishments, etc. |
| Risk Assessment | The prerequisite for risk assessment is the establishment of various objectives and linkages to different levels within the Company while taking into account the suitability of the Company’s objectives. The management shall consider the impact of changes in its external environment and business model, as well as potential fraud. The assessment results could assist the Company to design, correct, and execute necessary control activities in a timely manner. |
| Control Activities | The actions taken by the Company to adopt appropriate policies and procedures based on the results of risk assessment to control risks within an acceptable scope. The execution of control activities shall include all levels of the Company, all stages within the business process, all technological environments, etc., as well as the supervision and management of subsidiaries. |
| Information and Communication | It refers to the collection, generation and use of relevant and high-quality information from both internal and external sources by the company to support the continuous operation of other components of internal control and to ensure effective communication of information within the company and between the company and externally. The internal control system must have a mechanism for generating information required for planning, execution, supervision, etc., and for those who provide information to obtain it in a timely manner. |
| Monitoring | The Company conducts ongoing and/or separate evaluation to determine whether each component of the internal control system already exists and continues to function. Ongoing evaluation refers to routine evaluation at different levels of operations, separate evaluation is conducted by internal auditors, supervisors or other personnel such as the Board of Directors. The discovered deficiencies in the internal control system shall be communicated to the appropriate level of management, the Board of Directors, and supervisors, and shall be corrected in a timely manner. |
Information Security Management
In the digital era, with rising cybersecurity threats, Fusheng Precision prioritizes trustworthy, secure operations for shareholders and customers. We continuously strengthen information security governance to ensure a safe and reliable smart manufacturing environment.
Information Security Organization Structure and policy
An Information Security Management Department oversees policy planning, execution, and monitoring, reporting regularly to management. Through standardized procedures, we reduce risks and raise employee awareness, embedding security into daily operations.
Information Security Management Mechanism
Our cybersecurity strategy is built on three pillars—people, systems, and policies:
Personnel governance
Enhance employees’ awareness of information security threats, and implement information security education and promotion.
Equipment resources
Construct appropriate information security equipment, strengthen the protection level, and improve the defense capability.
Policy management
Continuously review and revise to maintain the perfection of information security policies, while complying with international information security standards and overseas laws and regulations.
These three pillars form a global-standard cybersecurity system, protecting core assets and providing a secure foundation for future smart manufacturing.