Risk Management | Sinyi Realty Inc. | Investor Relations

Sinyi Realty
Risk Management

Risk Management

Risk Management Framework

To counter the challenges of a fast-changing global economy and the sustainability risk, Sinyi Realty (hereinafter referred to as "the Company") developed a robust risk management framework and an effective policy. It was approved by the board of directors in 2019, including management objectives, organizational structure, ownership of rights and responsibilities, procedures, and other mechanisms. There is also a Risk Management Manual for the Company to monitor the risks arising from business activities within the acceptable range.

Given the increasing attention to risk management issues since 2019, the Risk Management Team follows the existing risk management framework and internal control system and manages the risks associated with its operations in the most cost-effective manner. The Company puts all heads of functional units(or departments) in charge of overseeing risk management and analyzing and monitoring risks in their own units in order to ensure effective execution of risk controls and procedures. Meanwhile, Auditor Office is responsible for assessing risks and presenting annual audit plans accordingly. Auditor Office is also responsible for delivering reports on risk management performance to the Audit Committee. The Company has obtained the ISO 27001 certification, which is valid from December 19, 2022 to October 31, 2025.

sinyi risk management structure
 

Board of Directors

The Board of Directors is the highest supervisory unit of risk management and is responsible for reviewing the annual risk management report, risk execution report and audit report to ensure the effective implementation of the risk management system.

Audit Committee

The Audit Committee is responsible for supervising the risk management group and deliberating the proposals proposed by the board of directors for resolution.

Total Ethical Management Committee

Supervise the effectiveness of the risk management system and mechanism operation. After deliberating the annual risk-related report, the Committee shall submit it to the Audit Committee to ensure that risks are properly identified, evaluated and handled.

Risk Owner

Identify risk issues and discuss with the risk management executive unit to undertake management objectives.

Risk Execution Unit

Put forward risk management objectives and measures. Report the results to the risk management unit on a regular basis.

Risk Audit Unit (Auditor Office)

Evaluates the effectiveness of the operation of the risk management system and mechanism. Implement the internal audit operations and regularly submit risk management results to the Audit Committee and the Board of Directors.

 

Risk Management Process

In order to strengthen corporate governance and risk control capabilities, and continue to optimize risk management policies and procedures, the company has formulated the “Sinyi Realty Risk Management Policy" and approved by the Board of Directors to determine the group's material risk items from top-down.

The Material Risk will coordinate and control by the Risk Owner, set up key risk indicators (KRI) to provide early warning functions so that the Company can respond to and resolve the possible impacts of risks early. The risk execution unit conducts self-risk identification, analyzes the level of risk impact, and proposes a risk treatment improvement plan.

 
 

Information security policy and management programs

Information security-related risk and management framework

In Sinyi Realty Inc. (hereinafter referred to as the “Company”), the information security issues are undercharged by the Information Service & Information Security Management Department which assumes the responsibility for internal information security policies to map out and implement information security operations, execute and implement thoroughly the information security policies.

Here inside the Company, the Auditor Office implements information security management audit and reports the outcome to the Board of Directors on a regular basis. Whenever a defect or problem is noticed, the Auditor Office would request the submittal of relevant improvement plans and conduct the follow-up tracing of the improvement performance so as to ensure that the internal information security management mechanism would work continually and effectively. On December 27, 2023, the IT Service and Information Security Management Department reported to the Board of Directors the current status of information security risk in 2023, the current control measures, improvement measures and results, as well as the information security risk target and information security improvement plan in 2024.

In terms of organizational operation, the Company adopts Plan-Do-Check-Act (PDCA) circulatory management, set up integral information security management systems to effectively prevent information security related problem from an occurrence. In turn, through such efforts, the Company could satisfactorily accomplish the goals of information security and continually optimize the improvement. The Company has obtained the ISO27001 certification.

 
Information Security Policy Sinyi Risk Management


 

Information security related goals and policies

1. Information security-related goals

The Company duly works out the information security policies well oriented to the Sinyi Group and invests appropriate resources to completely ensure confidentiality, integrity, and availability.

  • With adequate efforts to ensure confidentiality, implement thoroughly the information access control. Only such personnel having been adequately authorized with the required power are entitled to access to information.
  • The Company puts forth maximum possible efforts to ensure accurate and integral contents of the information and shall prevent a potential unauthorized amendment to the information.
  • The Company assures the availability of the information system and provides such a system to meet the need of the business operation.
  • The Company assures that all information operation would satisfy the requirements by laws and regulations.
2. The information security policies
  • The Company enhances the security of the Sinyi Group’s information system and network environment to prevent the potential disclosure of electronic confidential information.
  • The Company duly sets up the sound countermeasure procedures to deal with an information security incident to prevent the impairment from worsening.
  • The Company carries out information security-related educational & training programs, strengthens the consensus and awareness of the entire Sinyi Group staff about information security.
  • The Company promotes the information security management system, implements thoroughly the Sinyi Group’s information security management operation, and further reassesses the performance of the implementation to accomplish the goals of panoramic information security.
 
3. Concrete management programs-Information security-related management measures
 
Categories Descriptions Relevant operations
Privilege management The management systems over User ID, privilege management, and behaviors of system operations
  • Privilege management and review over User ID
  • Periodical inventory check over the privilege of User ID
Access control The control measures for the entire personnel in access to internal and external systems and information transmission channels.
  • The control measures over the access to internal and external systems
  • Control over sensitive information from being divulged.
  • Operation behavior track record
External threats Potential internal vulnerability, virus channels and protective measures thereof
  • Host/computer vulnerability protection and update measures
  • Protection against virus and malware detection
  • Source code inspection/penetration testing
  • Cyber threat monitoring
System availability System availability status and countermeasures against an event of service interruption
  • System/network availability monitoring and reporting mechanism
  • Contingency countermeasures against interruption of services
  • Information backup measures, principal site/offsite backup mechanism
  • Disaster restoration drills or exercises on a regular basis



 

Key Risks Items and Countermeasures

Sinyi Inc. identifies workplace personal safety, reputation (media coverage), financial, project schedule, information security, and climate risk as to its key risks and formulates countermeasures, including environment, social, corporate governance, and emerging global risks related to the company's operations. For detailed response measures, please refer to「CSR Report 1-4 Sustainable strategy management 」。

 

Implementation

  • In 2009, the Board of Directors approved the first version of the Company's "Risk Management Policies and Procedures". Starting from 2019, the auditor office reported the implementation of the risk management plan related to the six kinds of risk to the Audit Committee and the Board of directors once a quarter.
  • Since 2015, the Company has established a Risk Management Roadmap.
  • In 2019, the Company continued to revise "Risk Management Policies and Procedures" and "Risk Management Roadmap". Additionally, the Company conducted a Risk Management Manual and Key Risk Indicators related to the six kinds of risk to facilitate its monitoring mechanisms.
  • In 2019, The Company’s Risk Management Team reported that the Company conducted its risk assessment in response to the fast-changing environment, and came up with 2020 risk management plans in the Audit Committee meeting.
  • In 2020, the Auditor Office reported on the implementation of the risk management plan to the Audit Committee and the Board of Directors on the risk environment, the risk control measures that the Company has adopted, and the operation of risk management mechanisms for the year 2020.
  • Since 2020, in order to continuously strengthen risk management awareness and response capabilities, the Company has included risk management courses in the compulsory course for supervisors, with 78 trainees in total.
  • In 2021, the Company's risk management organization reported to the Audit Committee and the Board of Directors on a quarterly basis on the achievement of the Company's risk management objectives and improvement practices, and reported on the management plan for major risks in 2022 as well.
  • In 2022, the Company's risk management organization reported to the Audit Committee and the Board of Directors on a quarterly basis on the achievement of the Company's risk management objectives and improvement practices, and reported on the management plan for major risks in 2023 as well.
  • In 2023, the Company's risk management organization reported to the Audit Committee and the Board of Directors on a quarterly basis on the achievement of the Company's risk management objectives and improvement practices, and reported on the management plan for major risks in 2024 as well.


Measures taken to address risks/opportunities in the community and implementation

The Company's business is mainly to provide real estate brokerage services, rather than the production of physical goods, so the harm to communities is relatively insignificant; on the contrary, the business model allows its employees to find the need of communities, ranging from repairing window screens, serving as school traffic guides, assisting in community celebrations and holding national painting competitions, to know more people, getting to be trusted, and becoming good neighbors and indispensable members of local residents. The Company also assists 479 communities to host unit owner assemblies, and provides manpower support. As a result, when people from different communities would like to buy and sell houses, they will come up with the Company’s real estate brokerage services, and then realize their dreams. Furthermore, the Company's branches independently organize various charitable activities, including blood donation campaigns. In 2023, a total of 1,076 individuals from branches across Taiwan (including Taipei, New Taipei, Taoyuan, Hsinchu, Taichung, Tainan, and Kaohsiung) participated, collectively donating 1,502 bags of blood. Additionally, our sustainable branch, the Da Zhi Reclamation Store in Taipei, collaborated with neighboring branches and communities to organize a "Treasure Hunt for Charity" second-hand market at the front plaza of the Civic Activity Center. All proceeds from the charity sale, amounting to NT$24,711, were donated to the Sunshine Social Welfare Foundation to assist burn victims and individuals with facial disfigurements.
The Company has been deeply involved in the community and assisting neighbors, with neartly 3,500 colleagues in our direct operation stores across Taiwan. During the Ghost Festival in 2023, the Company assisted the communities surrounding its branches in organizing ancestor worship ceremonies. The support included guiding the process, leading prayers, arranging venues ,and providng supplies such as fans, cold water, and over 8,000 tents. In total, we helpd over 3,000 communities successfully complete the ceremonies. Aslo, our sustainable branchs host eco-observation camps, natural science activites, soccer games, and other family-friendly events, which attaracted over 20 nearby residents to partifipate. In 2023, the Company orgaznied a nationalwide panting competition across the six municipality cities in Taiwan, Hsinchu County and Changhua City. A total of 12,991 participants took part, and there were 130 physical painting events for families to enjoy together.