STRUCTURE AND MECHANISM OF CORPORATE GOVERNANCE

1. Involve various levels of management
   The Company implements an effective risk assessment mechanism and involves various levels of management.
2. Covering the levels of entities, subsidiaries, divisions, operational units, and functional:
   The Company identifies and assesses risks at the entity, subsidiary, division, operational and functional levels that are relevant to the achievement of the Company's objectives.
3. Analyze internal and external factors
   Risk identification takes into account internal and external factors and how they impact the achievement of the Company's objectives.
4. Estimating the level of likelihood and significance of the identified risks
   Identified risks are analyzed through a process, including estimation of likelihood and potential significance.
5. Determine how to respond to risk
   The risk assessment includes considering how significant risks should be managed, and whether they are accepted, avoided, mitigated, or shared.

Principle 8: Fraud and Bribery Risk Assessment

The organization considers the potential for fraud and bribery in assessing risks for the achievement of the Company's objectives.

1. Consider various modes of fraud
   The fraud risk assessment considers the possibility of asset loss, manipulative reporting, and corruption caused by various ways to commit fraud and improper actions.
2. Considering risk factors
   The risk assessment considers significant factors that affect the loss of assets and significant impacts related to operational, reporting and compliance activities.
3. Assess incentives and pressures
   The fraud risk assessment considers incentives and pressures.
4. Assess opportunities
   The fraud risk assessment considers opportunities to unlawfully acquire, use, or dispose of assets, alter the entity's reporting records, or commit other fraudulent acts.
5. Assess behavior and rationalization
   A fraud risk assessment considers how management and other employees can justify inappropriate behavior.
6. Assess bribery risk
   The risk assessment considers the act of giving/accepting bribes to external/internal parties that can affect the work process and decision choices of external/internal party officials so as to issue the desired decisions and result in losses for the Company.