We adopt a systematic approach to ensure that we comply with all applicable laws and regulations through the joint efforts of our Group and local management teams. Our Group Legal Department regularly monitors any changes in domestic and foreign laws and regulations, and conveys the updated statutes to the respective departments for regulatory identification of our local operations' compliance with applicable laws and regulations. To ensure the effectiveness of the regulatory identification, we invite third-party professionals to perform external audits on areas where compliance risks have increased to ensure that we fully comply with applicable laws and regulations.
All ASE employees, managers, supervisors and directors are responsible for complying with applicable laws. We continued to adjust our mechanisms and measures according to the changes in laws in all major areas, and inform all our members about company operation-related laws through education, training and announcements.
We consider legal compliance the main foundation of our sustainable development. In the future, we will strive to establish legal compliance risk reporting systems at all locations where we operate, to prevent any possible violations and respond to the increasingly stringent legal environment in a responsible and proactive manner. We strongly believe that a thorough understanding of the law and strict compliance are necessary to achieve sustainable development.
We manage risks through designated departments and functions ("risk functions") across all of our organizations. In addition, we implement Enterprise Risk Management ("ERM") at all group-level functional departments. We held a series of workshops which help participants to understand and to develop risk management skills, and to apply what they have learned to real-life ERM projects. Risks or events that might have an influence on our business objectives are identified and evaluated, in order to decide on appropriate responses. In addition, the identification and management of long-term emerging risks* are embedded into our ERM program. We have established the mechanism of prevention, early warning, emergency response, crisis management and business continuity plans that mitigate, transfer or avoid risks. We are confident that these mechanisms effectively kept the respective risk scenarios under control.
Our risk review process is described below. Corporate level and operational level risks are identified, prioritised and reported on risk registers*. Major risks are assessed in terms of risk level* and control effectiveness, and then mapped onto a Risk Map. In addition, a correlation analysis is conducted to analyze possible interdependence of the major risks. Furthermore, risk mitigation plans are defined to reduce the residual risk if judged necessary. The major risks, together with suitable risk response plans, are reported to top management, and the progress will be monitored quarterly. We introduced a top-down ERM approach to connect the top management with the rest of the organization on risk matters and ensure sound management of corporate-wide risks. Specifically, our top management are invited to identify key risks that are "top of mind" for the company. These top-down identified risks are then reviewed through our current ERM process, enhancing the efficiency and effectiveness of the decision-making process across the organization.
We view internal controls as an important part of ERM. ERM is more effective with internal controls that cover risk responses and other ERM processes in place. We identify and document all of our major risks together with related controls. The effectiveness of controls are reviewed in the annual Control Self Assessment. In addition, we redesigned our risk assessment system and linked our current internal control activities to corresponding risk scenarios such that a complete list of internal control measures can be pre-defined in the system to help our risk functions to more accurately assess the effectiveness of risk control. Finally, our internal audit system carries out independent appraisals of the implementation of key risk mitigation plans by our risk functions thereby ensuring that risks are properly managed.