Primax Group has established a comprehensive enterprise risk management framework based on a four-tier organizational structure and aligned with the Three Lines of Defense model. The framework is executed through structured processes including risk identification, assessment, control, monitoring, and communication, with the goal of enhancing corporate resilience and strategic agility.

Under the authorization of the Board of Directors, the Group has formed the Sustainable Development and Risk Management Committee, with the President serving as the senior executive responsible for risk management. The President oversees the Management Team and Risk Assessment Teams from a strategic perspective. The ESG Office acts as the coordinating and facilitating unit, convening cross-functional Risk Assessment Teams composed of representatives from various departments.

To further strengthen risk management mechanisms, in August 2024, Primax revised the "Risk Management Policy and Procedures" and added the "Enterprise Risk Management Implementation Guidelines." These were approved by the Board of Directors and implemented accordingly. The scope of application covers sustainability-related operational risk management at the enterprise level within all Primax Group entities over which the Company has substantive control. 

Risk Identification Process

The Risk Assessment Teams convene at least once annually to conduct risk and opportunity identification meetings, focusing on ESG-related operational risks, climate change risks, and other emerging risks. Sustainable operational risks include business, financial, strategic, and regulatory risks. Climate risks are categorized into transition and physical risks based on TCFD ^Note guidance, while emerging risks are referenced from the World Economic Forum’s annual Top 10 Global Risks, excluding climate-related items.

The risk identification process also considers stakeholder concerns, corporate strategic direction, regulatory trends, and relevant sustainability initiatives. Team members compile and utilize the “Primax Electronics Risk Integration Questionnaire” to assess each risk item during the meetings. Risk management outcomes, including mitigation progress and policy effectiveness, are reported to the Board at least once per year. The Audit Department operates independently to conduct internal audits and operational risk reviews, reporting directly to the Board of Directors and Audit Committee, ensuring the effectiveness and independence of the risk management system.

Note: For the climate change opportunities, the TCFD opportunity sources are also considered, in orderto set up opportunity identification questionnaire for climate change related topics.

To align with International Financial Reporting Standards, the identification of climate-related risks and opportunities for this year has been conducted with reference to IFRS S2 Climate-related Disclosures. This framework addresses the four core elements of governance, strategy, risk management, and metrics and targets, as well as disclosures regarding environmental risk dependencies. For further details, please refer to the【2024 TCFD Report】.

The assessment team conducts risk evaluations in accordance with the Corporate Risk Management Policies and Procedures. The assessment criteria include "likelihood" and "impact," which are measured using the Company's impact scale and likelihood scale scores. Likelihood is measured by the probability or frequency of risk occurrence, while impact is primarily assessed through financial quantification. Likelihood and impact scores are evaluated separately across different time horizons: short term (1–3 years), medium term (3–5 years), and long term (5–10 years). In addition, during risk assessments, Primax also considers the Company's resilience to risks (tolerance) and the degree of reliance on external or internal resources (dependence), which serves as a reference for developing response strategies.

The risk (including climate change opportunity assessment) classification is determined based on the factors of "likelihood" and "impact." The risk grade is determined by multiplying the scores of these two factors and locating the position on the riskand opportunity matrix. This helps identify the risks that need to be addressed. The management team develops risk mitigation plans for high-risk items and ensures ongoing monitoring and improvement. In addition, the internal audit unit also includes the execution of key programs in the audit plan for periodic inspection.

Risk levels are determined based on the two assessment criteria, namely "likelihood" and "impact", and are classified according to their position within the risk and opportunity matrix using the product of their scores, thereby identifying risks that require action. For major risk items, the management team formulates mitigation plans, implements ongoing monitoring and improvement measures, and ensures that the Audit Department incorporates the execution of key plans into the audit program for periodic review and adjustment.

In the section on climate change opportunities, the Company has also established an opportunity identification questionnaire for climate change-related issues with reference to TCFD opportunity sources, and has used two evaluation criteria, namely "likelihood" and "impact", to identify climate change opportunities. The results of the climate change-related risks and opportunities assessment will be discussed and selected by the Corporate Sustainability Office, and relevant countermeasures will be developed.

Risk Organizational Structure and Management Process

Primax Group has established a comprehensive risk management framework based on a four-tier organizational structure and aligned with the Three Lines of Defense model. The framework is executed through structured processes including risk identification, assessment, control, monitoring, and communication, with the goal of enhancing corporate resilience and strategic agility.

• The President serves as the primary leader of risk management, guiding the Management Team and the Risk Assessment Teams to oversee enterprise-wide risks from a strategic perspective.
• The ESG Office acts as the convener and executor of the Risk Assessment Teams, coordinating cross-functional efforts to identify and assess risks, develop mitigation strategies, and track implementation.
• The Audit Department functions independently to conduct internal audits and operational risk reviews, reporting directly to the Board of Directors and the Audit Committee.
• Risk management outcomes, including high-risk mitigation progress and policy effectiveness, are reported to the Board at least annually.
• Each business unit integrates risk awareness into its daily operations through the PDCA (Plan-Do-Check-Act) cycle, ensuring that risk management is embedded in operational planning and execution.

The relevant responsibilities and management processes are shown in the following chart.

The risk assessment team reviewed the evaluation results of 28 enterprise risks assessed in the previous year and conducted risk scoring for three newly identified emerging risks this year. Based on the consolidated assessment results, it was determined that Primax's primary operational risks in 2024 include: industry development changes, competitive pressures, product innovation, investment and M&A strategies, capacity planning and expansion, organizational capability development, customer concentration, and new customer acquisition. These risks are continuously managed according to corresponding mitigation measures to reduce the likelihood of occurrence.

Matrix of Corporate Risks of Primax Electronics 

Summary of the key points of the countermeasures against the sustainable operational risk

Risk culture

In addition to maintaining a rigorous organizational structure and implementing robust execution processes, fostering a company-wide culture in which all employees have a strong awareness of risk management has become an increasingly important topic in recent years. Primax promotes this culture through training programs that incorporate sustainability-related courses for all employees. The concept of risk management is integrated into topics such as ethical business practices, labor rights, and IT security. In 2024, new employees participated in a sustainability board game workshop after completing three months of employment. The workshop content included themes such as enterprise risk, climate change, and the SDGs. In 2024, two workshop sessions were held, and in 2025, this program is planned to become a mandatory course for all new employees. By engaging with interactive board games, employees deepen their knowledge of sustainability and strengthen their sense of identification with these principles.

In addition, the Company regularly recommends training courses related to enterprise risk and sustainable development for the Board of Directors, providing prioritized references for directors when selecting continuing education opportunities. This approach supports the gradual establishment of a strong culture of risk management and sustainability throughout Primax. Please refer to page 33 of the 2024 Shareholders' Meeting Annual Report.