Risk Management
Basic Policy
Consistent with the management principles "Our Vision", NSG Group aims to enhance corporate value by sustainable growth in line with the Medium-term Plan "2030 Vision: Shift the Phase". That said, the business environment enveloping the Group has become increasingly complex and is continuing to dynamically transform. We see risks in the uncertainties that stem from internal and external factors, which threaten to affect the Group's ability to achieve its business targets. We therefore position risk management, which is tasked with identifying, assessing, and properly managing major risks, as an important part of our management foundation in order to minimize the negative effects and maximize positive results. By systematically and methodically implementing appropriate risk management across the entire Group, we can not only achieve our short-term business targets, but also reliably execute business strategies.
NSG Group's risk management is carried out in accordance with our Fundamental Policy on Internal Control Systems, which was resolved by the Board of Directors in accordance with the Companies Act and Corporate Governance Code. Specific measures for addressing risks that arise in connection with our corporate activities are prescribed in our NSG Group Risk Management Policy and are consistent with ISO 31000 (principles and guidelines on risk management) as well as the COSO Enterprise Risk Management model.
We are looking to continuously improve our systems in line with developing standards and the evolving risk landscape.
Framework
NSG's risk management systems are effectively utilized so that they are fully embedded within the Group's day-to-day operations and operate as "three lines of defense". The first line of defense is established within the business SBU's and Group Functions who operate controls and mitigations to identify, assess and manage risks across all the activities of the Group as part of its the day-to-day operations. The second line of defense is made up of the Group Functions and management forums who not only set the operating and risk management policies and standards for the operations, but also monitor the effective operation of the controls. The third line of defense is provided by the Group Internal Audit (GIA) Function who make an independent evaluation of the effectiveness of the controls and the risk management processes.
At the heart of its enterprise risk management system - mainly the second line of defense - NSG Group employs a two-tiered "hybrid" risk management framework comprising the Strategic Risk Committee (SRC) as a top-down approach and the Enterprise Risk Management Team (ERMT) as a bottom-up approach, both of which are under the supervision of the Management Committee, and report onwards to the Board of Directors.
SRC Structure and Purpose - Top-down Risk Review
SRC is chaired by the Chief Risk Officer (CRO) and its members are mostly Executive Officers including CEO. SRC determines the companywide risk management policy and framework, based upon which it identifies and classifies: (a) high level risks thought to have a serious impact on the Group; and (b) operational risks that ought to be managed by SBUs or Group functions. It then monitors how those risks are being addressed and requests that additional measures be taken if required. For high level risks, SRC appoints "risk owners" to manage the collection of risk information and the progress of countermeasures.
CRO presides over all SRC meetings and as representative of the committee, periodically reports to and receives feedback from the Management Committee and the Audit Committee regarding the effectiveness of the Group's basic internal control system and risk management structure.
On an annual basis the SRC members formally review the current risk universe and the results of the ERMT Bottom-Up Risk Review as explained below, to identify if the risks being monitored by SRC need to be amended.
In FY2025/3, SRC convened three meetings and reported once each to the Management Committee and the Audit Committee.
ERMT Structure and Purpose - Bottom-up Risk Review
ERMT is chaired by CFO and its members comprise heads / Risk Champions of SBUs with relevant senior managers. Every year this team identifies, assesses, and prioritizes the key risks pertaining to business execution and endeavors to improve the effectiveness of risk management by formulating necessary measures to mitigate risks. Those risks and mitigation measures are reviewed as necessary according to the circumstances from time to time, among others, material risks are escalated to, and monitored by SRC. ERMT periodically, or whenever requested, reports on its activities to SRC.
Independent Assurance
The internal audit department's role is to provide assurance from an independent standpoint, regarding the companywide efficiency of risk management, and the effectiveness of specific risk mitigations.
Global Insurance Program
To transfer or share risks, we have established an NSG Group Insurance Program. The program identifies the key insurable risks, including property losses caused by natural disasters, and endeavors to transfer them by placing cost effective insurance. Every year, under the supervision of SRC, we review the Group's comprehensive insurance coverage under the global insurance program.
Major Risks for NSG Group
In FY2025/3 SRC identified, assessed and monitored the high level risks as High Velocity Risks and Enduring Risks as shown in the following charts. For each risk, an owner has been appointed from among the executive officers or senior managers, to take responsibility for appropriately managing it.
For each of the key risks being monitored, SRC has determined that sufficient mitigations are in place, or are being progressed, to manage the risk within the Group's appetite.
(Please refer to pp120~121 of NSG Group Integrated Report 2025 for the specific risk focuses.)
High Velocity Risks
| Risk Category |
Risk |
Owner |
| Lack of Funding |
Balance Sheet & Liquidity risk |
CFO |
| Foreign Excahnge |
Translational risk |
CFO |
| Economy & Market |
Cyclical & Volatile Market Risk (inc Pandemic) Resilence & Competitiveness of Business Portfolio |
CSO |
| Cyber Incident |
Cyber incident impacting confidentially, integrity, & availability of systems & Info |
CDIO |
| Business Interruption & Asset Loss |
Natural Disaster/Fire/Machinery Breakdown/Pandemic |
The Head of SBU |
| Breakdown in Supply Chain |
CPO |
| Climate Change & ESG |
Failure to manage and report the risks & opportunities associated with Climate Change |
Sastainability Director |
| Technology & Systems |
Failure to Adopt / Exploit Current Technology |
CDIO |
| Product Quality Failures |
Defective Products & Product Recall |
Head of ME |
| Political / Fiscal Regime
| Unstable geopolitical situation globally (US tariffs + wider global tensions) |
- |
Enduring Strategic Risks
| Risk Category |
Risk |
Owner |
| Failure to Deliver Key Contracts |
Breaching key customer contract specification |
The Head of SBU |
| Lack of Adequate Talent |
Management talent shortage - Ageing workforce, recruitment & retention difficulties
Top manatement talent shortage |
CHRO |
| Loss of Market |
Loss of traditional markets through emergence of disruptive technology
Aggressive competition or emerging market maker |
The Head of SBU / CSO |
| Compliance Risk |
Failure to maintain product competitiveness - R&D and Regulations such as competition law |
The Head of SBU / E&C director |
| Failure to Adequately Resource Product & Process Development |
Failuer to maintain product competitiveness - R&D |
CTO |
| Intellectual property |
IP Constraints - Failuer to Patent / Patent infringement |
CTO |
| Fraud |
Financial statement fraud and ESG fraud |
The Head of SBU / CFO |
| Efficiency & Cost base |
High SG&A costs and poor recognition of costs in our pricing strategies |
The Head of SBU / CFO |