Risk Management

Acer Gadget follows Acer Group’s risk management framework and references international standards (GRI 102-30, GRI 102-31, ISO 31000 and 37301, and the COSO ERM framework) to establish a risk management system tailored to its operations. To strengthen corporate governance, ensure business stability, and enhance resilience, management has designed and implemented a comprehensive process covering four key steps: risk identification, assessment, response, and control. Cross-departmental collaboration reinforces execution and continuous improvement. While the framework has not yet been submitted to the Board for review, Acer Gadget will consider presenting it for formal review and approval in the future to align with governance transparency and stakeholder expectations.

Risk Management Policies and Procedures

Acer Gadget’s risk management policies and procedures cover the following core aspects to ensure that risk management is effectively integrated into daily operations and supports the achievement of corporate objectives:

Risk Management Objectives

● Strengthen corporate governance by closely integrating risk management mechanisms with decision- making.

● Enhance operational stability to ensure business continuity and organizational flexibility.

● Provide a framework for tracking and adjustments to reduce uncertainties.

● Ensure effective tiered arrangements for consistent implementation across departments.

Risk Governance and Culture

● Establish a clear risk governance framework, defining management-level responsibilities for risk management.

● Promote a strong risk culture to raise employee awareness and ability to prevent potential risks.

● Continuously review risk issues to ensure that management actions are concrete and effective.

● Maintain flexibility in systems to adapt to rapid changes in the operating environment.

Risk Management Organization and Responsibilities

● Risk management is embedded in daily operations, with management responsible for policy direction and system implementation.

● Each department identifies and manages risks based on its operations and conducts regular reviews and consolidation.

● Departments are responsible for monitoring execution progress and dynamically adjusting risk response strategies.

Risk Management Procedures

Following international risk management standards (ISO 31000 and COSO ERM), Acer Gadget has established a comprehensive risk management process to ensure operational soundness and sustainable development. Through four key steps—risk identification, risk assessment, risk response, and risk control—the Company integrates risk management into decision-making and daily operations, effectively reducing uncertainties and enhancing organizational resilience.

Risk Reporting and Disclosure

● The management team compiles risk assessment results and corresponding measures into regular reports to serve as a basis for internal risk communication.

● In line with compliance requirements, material risk matters are disclosed to ensure stakeholders have access to complete information.

● The Company continuously benchmarks against international best practices in risk management to ensure its framework aligns with global standards.

Risk Management Procedures

Risk Categories and Management Strategies

Based on operational characteristics, Acer Gadget classifies risks into five categories and develops concrete strategies through cross-departmental collaboration to strengthen organizational resilience. Regular reviews of internal and external risk response strategies are conducted to optimize risk control processes.

Risk Response and Oversight

Acer Gadget tracks past and potential risks to ensure effective management, with mechanisms refined by management and adjusted to environmental changes. The Company continues to align risk oversight with global standards to enhance resilience and competitiveness.