リスク管理
SMIC believes:
● Effectively managing risk is necessary for creating value for all our stakeholders
● All members of management and all employees share the responsibility for mitigating the risks the organization faces in its pursuit of business success
To this end, the company has instituted:
Processes for risk identification, assessment, mitigation, monitoring, and improvement
The Risk Management Committee (RMC) consisting of members of top management and the Risk Management Communication Committee (RMCC) consisting of representatives from all functional departments
A framework for risks to be communicated with management and employees
Business Continuity Management System (BCMS)
-
Risk Management Committee
The second line of defense for SMIC’s risk management is implemented through the Risk Management Committee (RMC) and the Risk Management Communication Committee (RMCC), with support from the Risk Management Office (RMO). The chairman of the RMC regularly reports to the head of the Audit Committee of the Board of Directors. The duties of the RMC and RMCC are as follows:
RMC:
● Keeps a close eye on the uncertainties in the company’s internal and external environment and assesses their potential impact on stakeholders ● Takes a dynamic approach to identify major risks, develops targeted response strategies, and guides the RMCC to carry out risk management activities to achieve effective control of risksRMCC:
● Conducts annual risk assessments, updates potentially significant risks, improves the corporate risk database ● Makes timely adjustments in response strategies
-
Scope of Risks
SMIC created a risk library that included risks from five categories: strategic, financial, market, operation, and compliance. The diagram below provides some samples for further clarification on the types of issues evaluated.
-
Business Continuity Management System
SMIC firmly believes that business resilience is crucial for attracting and retaining customers in a fiercely competitive business environment. SMIC's business continuity management consists of the following key components:
01Business Impact AnalysisWe inventoried the company’s key resources for key activities, analyzing the usual and minimum quantities required for these resources, and the consequences of the lack thereof, and then developed procedures for recovering these resources and the time required.
02Risk AssessmentFocusing on natural and human-induced risks, we prioritize potential threats that could trigger production interruptions—particularly those of customer concern or with historical precedents in the industry. By assessing the exposure level (impact severity and probability) of critical resources under existing controls, we implement enhanced measures for high-risk items.
03Annual ExerciseHeadquarters sets annual drill themes (recent scenarios have included material shortages, power outages, and pandemic), while local teams at each facility carry out the exercises, considering customer requirements, product characteristics, and production capacity. These drills validate contingency plans, strengthen response capabilities, and optimize procedures through simulations.
04Management SystemAdopting the PDCA (Plan-Do-Check-Act) closed-loop management model, we maintain a documented system covering inventories of key resources, recovery plans, risk analyses, and control measures. All departments conduct regular reviews and update as needed, while management reviews annually and provides the necessary resources. Training and internal audits are conducted to ensure effective implementation.
Through these measures, we achieve dual safeguards: minimizing production disruptions and recovery timelines during emergencies, while ensuring timely and effective communication with internal and external stakeholders.
Currently, SMIC’s first two wafer fabs (Fab1 and Fab2-P1) have obtained ISO 22301 certification
. Our other planar fabs are progressing towards certification.
