Risk Management

FEDS has set up an appropriate risk management system to ensure the Company can actively engage in various business developments under the risk management system and reduce the impact on consumers and the society. Through regular analysis and assessments of the risks of business activities and work execution, FEDS actively takes measures to prevent the occurrence of risks, develop measures to minimize the impact of risk, and prevent their recurrence. The scope of the risk management is not limited to the internal management system, but also the impact of external changes on the business. Systemic risks are categorized to research the commonality. Non-systematic risks that may occur under specific conditions require comprehensive risk management and response measures.

FEDS has long recognized operational risks through a robust risk management mechanism, with risk management and response conducted by responsible departments, and management norms established for control. In the digital technology trend, the Audit Department utilized three digital audit information systems to assess potential risks identified by self-assessment teams in various units. In 2024, 87 planned cases were implemented, providing audit findings and recommendations to assist FEDS in risk prevention and stable operations.

The Board of Directors is the highest decision-making body for risk management, overseen by the Audit Committee to ensure the effectiveness of risk management policies and mechanisms. Management units are responsible for risk management, developing the Risk Management Policy, framework, and mechanisms, and establishing qualitative and quantitative management standards. Risk control must be reviewed annually, and a risk management report must be submitted to the Board of Directors at least once a year.

Systemic and Non-systemic Risk Management and Response

FEDS has established a “Risk Management Policy” to comprehensively manage and respond to various types of risks based on the causes of “systemic risk” and “non-systemic risk,” carried out by responsible units or cross-departmental functional organizations. To ensure the implementation of various operations under a sound risk management system, we regularly evaluate business activities and execution risks, take preventive measures to prevent risks and minimize the impact of risk occurrence.


Risk Management Procedure
  1. Establishment of awareness
    Conduct training to enhance the understanding of risk management policies and risk identification among supervisors and employees.
  2. Goal setting
    When conducting strategic planning activities, each department should ensure that the associated risks are within acceptable limits.
  3. Risk identification
    Each department must identify the potential risks in its management operations.
  4. Risk assessment
    Each department evaluates and analyzes identified risk events based on practical circumstances, assessing the likelihood of their occurrence.
  5. Risk response
    Develop contingency plans and action strategies to address risk events that have occurred.
  6. Risk monitoring
    Each department should complete its own self-assessment form and submit to the President on a regular basis annually.
  7. Risk disclosure
    Information related to risk management is disclosed in the annual report, sustainability report, or company website.

Professional auditing and risk management enhancement


Risk Management Procedure
  1. Establishment of awareness
    Conduct training to enhance the understanding of risk management policies and risk identification among supervisors and employees.
  2. Goal setting
    When conducting strategic planning activities, each department should ensure that the associated risks are within acceptable limits.
  3. Risk identification
    Each department must identify the potential risks in its management operations.
  4. Risk assessment
    Each department evaluates and analyzes identified risk events based on practical circumstances, assessing the likelihood of their occurrence.
  5. Risk response
    Develop contingency plans and action strategies to address risk events that have occurred.
  6. Risk monitoring
    Each department should complete its own self-assessment form and submit to the President on a regular basis annually.
  7. Risk disclosure
    Information related to risk management is disclosed in the annual report, sustainability report, or company website.
Audit Office

Professional Audit Organization Operations

Enhancing Risk Management

Product and Food Safety Risk

  • Timely inspect product labeling and expiration dates in accordance with laws, verify insurance coverage for food vendors, and ensure the quality and safety of food products.

Store Operations Risk

  • Audit the operation of the control room, warehouse, fire extinguisher equipment, inventory of cosmetics, and outsourced management to ensure the safety of the store and reduce the risk of operational asset loss.
  • Inspect online shopping shelf information, counter sales, gift voucher sales operations, etc., to comply with business integrity and ensure sales for FEDS.
  • Analyze abnormal data through the audit system to verify abnormal accumulation and supplementary posting of Happy Go card points.

Human Resource Management Risk

  • Verify the accuracy of attendance, number of employees, types of leave requests, and management of outings to comply with legal regulations.

Procurement Acceptance payment Management Risk

  • Supervise and review the procurement price negotiation and the reasonableness of the unit price of amended work items.
  • Conduct capital expenditure acceptance inspections to ensure asset safety and meet payment requirements.
  • In 2024, there were 6,510 cases related to supervision of procurement price negotiation, and review of acceptance inspection and payment.

Financial Management Risk

  • Remind the financial management unit to comply with the requirements and conduct financial operations audits, including loans, guarantees, related-party transactions, etc.
  • Coordinate with the finance department to monitor random checks on stamp management, manage financial turnover, and control treasury security.

Legal Compliance Risk

  • Execute the annual audit plan and the internal audit reporting operations in accordance with the regulations.
  • Rivise the internal control system and audit implementation guidelines in response to the amendments to the regulations.
  • Timely stay abreast of the latest information, and conduct inspections in accordance with the latest regulations.

Information Security Management Risk

  • Supervise the procurement, acceptance inspection and assist in reviewing information device disposal operations.
  • Verify the company’s mobile application procurement process and the security of the computer room to safeguard system security and data intrgrity.

Subsidiary Supervision Risk

  • Supervise and manage the financial and business information of subsidiaries in accordance with laws and regulations, and compile the quarterly analysis report on supervision of subsidiaries on a quarterly basis.
  • Oversee the annual audit plan of the subsidiaries, City’Super and The Mall, and check their operation, inventory taking, logistics management, contract charges, catering and food safety, system account control, computer room environment management, voucher management, accounting management and other operations.
  • Keep pace with the times and cooperate with the audit and supervision of parent company, and revise the internal control system of subsidiaries according to the plan.

Financial Risk Management

Monitors the Changes in Capital and Money Markets
Financial management faces systematic risks, including political, economic, and social factors such as economic fluctuations, currency inflation, and government policy directions, leading to financial market volatility. FEDS closely monitors financial market trends, convening weekly risk management team meetings to review changes in asset and liability values, adjusting operational cash flow adequacy ratios in a timely manner to reduce the impact of systematic financial risks.

Formulating Compliance Direction

FEDS has long been attentive to revisions in various legal regulations, aiming to reduce the impact of systemic legal risks. Through the three aspects of establishing systems, implementing management, and educating employees, FEDS has formulated a direction to promote corporate compliance with regulations, in order to prevent systemic legal risks. FEDS has established strict measures for operations, processes, products, and services in the operation of department stores, ensuring compliance with various government regulations. This approach aims to minimise the company's risk of legal violations, thereby avoiding unnecessary financial and reputational losses.

Regulatory Risk Management

Information Security Risk

Identifies the Sources of Trade Secret Risks

In accordance with the "Internal Control System Processing Guidelines for Publicly Traded Companies," FEDS has a Chief Information Security Officer, an Information Security Team, a Security Supervisor, and two dedicated security personnel to coordinate information security-related affairs. The team consists of members from diverse backgrounds such as legal, information, and operations. Their responsibilities include coordinating, planning, monitoring, and executing all information security management operations to prudently safeguard corporate information security and ensure the security of critical information. Additionally, as information security incidents have occurred frequently among industry peers in recent years, FEDS has continued to review its internal core systems, making adjustments to system architecture and upgrading security measures to defend against external intrusions and reduce the risks of operational disruption and data leakage.

Maintaining Personal Data Management

FEDS' "Information Security and Personal Data Protection Management Committee" assisted in reviewing the use and storage of personal data within various internal units to ensure proper protection and management of all personal data. In early 2024, FEDS established the "FEDS Personal Data File Security Maintenance Plan" in accordance with relevant laws such as the "Personal Data Protection Act" and the "Comprehensive Retail Industry Personal Data File Security Maintenance Management Measures," and formally implemented the ISO 27001 and BS 10012 management systems crucial for information security and personal data protection. This initiative aimed to establish a management system for FEDS' information security and personal data, conducting personal data inventory and risk identification accordingly.

Information Security Risk