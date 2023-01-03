Upon conclusion of the risk analysis the risk level (high/medium/low) shall be determined and entered into the CSA system. In addition, necessary information shall be provided as a reference basis for risk assessments and risk responses.

All departments of this Corporation shall analyze identified risk events (KRI) in accordance with actual conditions and provide a clear description of the analysis results based on CSA statistical analysis reports

Article 11 (Risk assessment)

Risk assessment shall refer to a comparison of the risk level which was determined based on the results of the risk analysis with the risk appetite or risk acceptance threshold set by this Corporation as well as risk prioritizing.

Risk appetite is directly related to strategy formulation and affects resource allocation. Risk appetite for individual risk events is referred to as risk acceptance threshold. Risk appetites and risk acceptance thresholds shall be determined by individual departments of this Corporation based on actual circumstances and shall be approved by the General Manager upon countersignature by each department. They shall also be reported to the self-inspection committee for deliberation and approval.

The results of risk assessments shall serve as a reference for the follow-up adoption of risk responses (see Table 1)

If the determined risk level is lower than the risk appetite or risk acceptance threshold, continued monitoring and review shall suffice. If the determined risk level is higher than the risk appetite or risk acceptance threshold, the risk response plans specified in Article 12 shall be adopted.

Article 12 (Risk responses)

Risks response shall refer to the search for and assessment of risk response plans and the formulation of action plans for risk response programs and implementation hereof (this process is shown in Fig.4).

Risks response plans shall include risk avoidance, reduction of the incidence and incurred losses, risk transfer, and residual risk. Assessments of risk response plans shall take into consideration the cost effectiveness of each plan. Multiple risk response plans may be adopted simultaneously.

When formulating risk response programs and action plans, the selected risk response plans and implementation contents shall be specified. This shall include departments and personnel in charge of the implementation of risk response plans, resource demands, execution schedules, and monitoring and review mechanisms for risk response plans to facilitate the development of risk management measures at different operational levels.