Products
LAGIS Port Trocar System
LAGIS Path Single Port Access
LAGIS Path Cap for Wound Retractor
LAGIS Shield Wound Retractor
LAGIS Energy Bipolar Forceps
LAGIS Flow Suction Irrigation
LAGIS Flow Irrigation Pump
LAGIS Flow Multi-Functional Electrosurgery System
LAGIS Endo Endoscopic Instruments
LAGIS Retrieval Specimen Bag

Risk Management

Chapter 1 General Provisions

Article 1 Purpose of Establishment
This Risk Management Code of Practice is established to develop a comprehensive risk management system, ensure the sound operation of the business, and move toward the goal of sustainable corporate development. It aims to strengthen the company’s risk management framework.

Article 2 Objectives of Risk Management
The objective of risk management is to utilize a well-structured framework to manage various risks that may affect the company’s goals. By integrating risk management into operational activities and daily management processes, the following goals can be achieved:

  1. Achieve company objectives;

  2. Improve management effectiveness;

  3. Provide reliable information;

  4. Allocate resources efficiently.

Article 3 Principles of Risk Management
The company's risk management system shall be established in accordance with the following principles:

  1. Integration: Risk management is considered a part of all activities.

  2. Structured and Comprehensive: Promote risk management in a systematic and holistic manner to obtain consistent and comparable results.

  3. Customization: Establish an appropriate risk management framework and processes based on the company’s environment, scale, business nature, risk characteristics, and operational activities.

  4. Inclusiveness: Take into account the needs and expectations of stakeholders to enhance their understanding and expectations of the company’s risk management.

  5. Dynamic: Timely and appropriately anticipate, monitor, capture, and respond to internal and external environmental changes.

  6. Effective Use of Information: Build the foundation of risk management on historical, current, and future trend information, and provide this information clearly and timely to stakeholders.

  7. People and Culture: Elevate the importance of risk management among governance and management units. Through training at all levels, enhance overall risk awareness and cultivate a risk-aware culture, making risk management part of governance and daily operations.

  8. Continuous Improvement: Improve risk management and related processes through learning and experience.

Article 4 Establishing Risk Management Policies and Procedures
Risk management policies and procedures applicable to the company and its subsidiaries shall be established based on their overall scale, business nature, risk characteristics, and operational activities. These shall cover at least the following:

  1. Risk management objectives;

  2. Risk governance and culture;

  3. Risk management organizational structure and responsibilities;

  4. Risk management procedures;

  5. Risk reporting and disclosure.

These policies and procedures should be reviewed regularly based on internal and external environmental changes to ensure effective design and implementation.

Article 5 Review and Implementation of Risk Management Policies and Procedures
The company’s designated risk governance unit shall review the established risk management policies and procedures, which shall be implemented upon approval by the Board of Directors.
Relevant policies and procedures should be disclosed on the company’s website or through the Market Observation Post System (MOPS).

Chapter 2 Risk Governance and Culture

Article 6 Establish a Comprehensive Risk Governance and Management Framework
Taking into account company scale, business characteristics, risk nature, and operations, the company shall establish a comprehensive risk governance and management framework. Through participation from the Board of Directors, functional committees, and senior management, risk management shall be aligned with the company’s strategies and objectives. This enables the identification of key risk items and facilitates risk control and response measures to reasonably ensure the achievement of strategic goals.

Article 7 Deepening Risk Culture
The company promotes a top-down risk culture. Through clear risk management statements and commitments from the governance unit and senior management, establishment and support of a risk management unit, and risk-related training for all employees, risk awareness is embedded in daily decision-making and operations, shaping an all-encompassing risk management culture.

Article 8 Providing Sufficient Resources and Support
Risk governance and management units shall value and support risk management, provide appropriate resources for effective operations, and be held accountable for their functioning.

Article 9 Integration and Coordination
Risk management shall be integrated across the responsibilities of all internal units. Communication and coordination between departments will ensure company-wide implementation of risk management.

Chapter 3 Risk Management Organization Structure and Responsibilities

Article 10 Risk Management Organization Structure
The Board of Directors shall serve as the highest governance body for risk management. Based on the company’s scale, business nature, and operations, a Risk Management Committee may be established under the Board, and appropriate units may be assigned to promote and execute risk management.

Article 11 Establishment of the Risk Management Committee
To enhance and strengthen risk management functions, a Risk Management Committee under the Board may be established. The majority of its members should be independent directors, and an independent director should serve as the chairperson.
The committee shall report to the Board and submit proposals for approval.
It must formulate and receive Board approval for its organizational charter, which includes composition, term, duties, rules of procedure, and resources required.
Depending on the company size, other functional committees or task forces may substitute for the Risk Management Committee.

Article 12 Risk Management Promotion and Execution Units
The company shall designate appropriate units to promote and execute risk management tasks, including planning, implementation, and oversight. Depending on the company's size and operations, a dedicated department or task force may be assigned.

Article 13 Responsibilities of the Board of Directors

  1. Approve risk management policies, procedures, and frameworks;

  2. Ensure alignment between operational strategies and risk management policies;

  3. Establish a suitable risk management mechanism and culture;

  4. Supervise and ensure the effective operation of the overall risk management mechanism;

  5. Allocate adequate and appropriate resources for effective risk management.

Article 14 Responsibilities of the Risk Management Committee

  1. Review and periodically evaluate the applicability and effectiveness of risk management policies, procedures, and frameworks;

  2. Approve risk appetite (tolerance) and guide resource allocation;

  3. Ensure the risk management mechanism addresses company risks and is integrated into daily operations;

  4. Approve risk control priorities and risk levels;

  5. Review implementation status, propose improvements, and report to the Board at least annually;

  6. Execute Board decisions related to risk management.

Article 15 Responsibilities of the Risk Management Promotion and Execution Units

  1. Formulate policies, procedures, and frameworks for risk management;

  2. Develop risk appetite and establish qualitative and quantitative assessment standards;

  3. Analyze and identify company risk sources and categories, reviewing them periodically;

  4. Compile and report implementation status at least annually;

  5. Assist and oversee departmental risk management activities;

  6. Coordinate interdepartmental risk management communication;

  7. Implement decisions made by the Risk Management Committee;

  8. Organize training to enhance risk awareness and culture.

Article 16 Responsibilities of Operational Units

  1. Identify, analyze, assess, and respond to risks in their respective areas and establish crisis management mechanisms when necessary;

  2. Report risk information regularly to the risk management unit;

  3. Ensure effective implementation of risk control procedures in accordance with policies.

Chapter 4 Risk Management Procedures

Article 17 Risk Management Procedures
Risk management policies should include procedures covering the five core elements: risk identification, risk analysis, risk evaluation, risk response, and monitoring/review. Methods and implementation details should be specified for each.

Article 18 Analysis and Identification of Risk Sources and Categories
Risks generally fall into the following categories: strategic, operational, financial, information, compliance, integrity, and emerging risks (e.g., climate change, pandemics).
The risk management unit should perform comprehensive analysis considering company scale, industry, operations, and sustainability aspects (including climate change).

Article 19 Risk Identification
Operational units should identify risks based on the company’s strategic goals and risk policies using tools such as process analysis, scenario analysis, surveys, or PESTLE analysis. Both top-down and bottom-up approaches should be used to identify potential events that may hinder the achievement of goals or cause losses.

Article 20 Risk Analysis
Operational units should analyze identified risks for their nature and characteristics, considering past experience and control measures to assess likelihood and impact, and calculate risk values.

Article 21 Risk Measurement Standards
The risk unit should develop appropriate quantitative or qualitative standards for measuring risks.
Qualitative standards use descriptive language, while quantitative standards use numerical indicators (e.g., days, percentages, amounts).

Article 22 Risk Appetite
The risk unit should propose a risk appetite for approval by the Risk Committee, define acceptable limits, classify risk levels, and determine response actions accordingly.

Article 23 Risk Evaluation
The goal is to compare analysis results with the approved risk appetite to prioritize risks and guide response planning.
Results should be documented and reported to the Risk Committee for approval.

Article 24 Risk Response
Plans should be created for each risk response, ensuring understanding and implementation.
Response methods should balance strategic goals, stakeholder expectations, appetite, and resource availability.

Article 25 Monitoring and Review
Risk monitoring mechanisms must be defined in the procedures to evaluate ongoing effectiveness.
Monitoring results should be incorporated into performance metrics and reporting.

Chapter 5 Risk Reporting and Disclosure

Article 26 Risk Records
The execution and results of risk management should be documented, reviewed, and reported. Records should include identification, analysis, evaluation, responses, sources, and results.

Article 27 Risk Reporting
Risk reporting is essential for corporate governance. It must consider stakeholders’ needs, frequency, timeliness, methods, and relevance to decisions.
The risk unit shall consolidate information and report periodically to the Risk Committee and Board, maintaining a dynamic reporting mechanism.

Article 28 Information Disclosure
The company should disclose the following on its website or MOPS and keep it updated:

  1. Risk management policies and procedures;

  2. Risk governance and management organizational structure;

  3. Risk management operations and implementation (including reporting frequency and dates to the Board/Committees).

Chapter 6 Supplementary Provisions

Article 29 Attention to Domestic and International Developments
The company shall remain informed about domestic and international developments in risk management systems and use this information to review and improve its own framework.

Article 30 Effectiveness
This Code shall be implemented upon approval by the Audit Committee and the Board of Directors and reported at the shareholders' meeting. Any amendments shall follow the same procedure.