風險因應 Risk Response
風險管理 Risk Management
法規遵循 Regulation Compliance
「事先預防、事中處理、事後改善。」是我們面對內外部風險的應對方式,面對詭譎多變的環境,風險的發生與樣態愈顯多元,我們於2018年國內外風險類型盤點後,擇定四大風險類別為近10年應關注與提出因應措施之風險,未來將針對風險類別進行檢視並適度修正。目前四大風險與考量因素臚列如下。 “Prevent in advance, deal with the event as it happens, and make improvements afterward.” It is our way of coping with internal and external risks. The risk types have become increasingly diverse in light of the volatile environment. After our domestic and foreign risk inventory in 2018, we selected four risk categories that we must pay special attention to for the next decade, as well as proposed countermeasures. We will review the risk categories and make appropriate corrections in the future. Considerations for the current four risk categories are as follows:
因應國內外日益嚴謹的相關法令規範,身為國際性的慈善組織,密切關注相關法規法令,研擬風險辨識,擬定可能應對的方針與方法,佐以教育訓練,強化行政單位與志工團隊的認知,避免觸法,以促進組織的永續性發展。 In response to increasingly stringent domestic and international laws and regulations, the Foundation’s status as an international charity organization requires it to closely monitor relevant laws and regulations, identify risks, and formulate possible countermeasures and coping measures. To avoid violating the law and ensure sustainable development, the Foundation must also provide education and training and raise the awareness of administrative departments and volunteer teams.
我們依據風險類別,鑑別出其可能影響之面向,及短期(1-2年)、中期(3-5年)與長期(6-10年)發生可能性,對各項風險於2020-2021期間提出相對應之策略與措施。相對應之成果與績效將於報告書相關章節揭露,如下表。 Based on the category of risk, we can identify the aspects of its possible short-term (1-2 years), medium-term (3-5 years), and long-term (6-10 years) impacts, as well as propose corresponding strategies and measures. The corresponding results and performances are disclosed in the relevant chapters of this report, as shown in the table below.
人道救援必須堅守「純粹的人道精神」,人道援助是不分宗教、性別、種族、膚色,更不會區分政治立場。因此在全球訊息快速傳播的資訊時代中,如何讓各國各地的慈濟分支機構、行政同仁以及志工團隊,均能堅守此項原則,避免因為政治因素造成慈善推動的衝擊,就需要不斷進行內部與外部的溝通和交流,促進理解,減少誤會,才能讓人道援助行動順利開展。 Humanitarian aid must be given out for humanitarian purposes, and relief and assistance should transcend religion, gender, race, complexion, and political views. Therefore, it is important to encourage Tzu Chi branches, organization administrators, and volunteers to abide by these principles and prevent politics from adversely affecting charity promotion in an age of rapid global information dissemination. This requires continuous internal and external communication and exchange, and an effort to foster understanding and minimize misunderstanding, thereby ensuring the smooth undertaking of humanitarian relief and assistance.
我們依據風險類別,鑑別出其可能影響之面向,及短期(1-2年)、中期(3-5年)與長期(6-10年)發生可能性,對各項風險於2020-2021期間提出相對應之策略與措施。相對應之成果與績效將於報告書相關章節揭露,如下表。 Based on the category of risk, we can identify the aspects of its possible short-term (1-2 years), medium-term (3-5 years), and long-term (6-10 years) impacts, as well as propose corresponding strategies and measures. The corresponding results and performances are disclosed in the relevant chapters of this report, as shown in the table below.
隨著志工平均年齡逐漸升高,在承擔慈善推動、募心募款等各方面的能量必會受到影響。爰此,我們積極與年輕世代以「投入社會服務」的角度溝通,接引國際青年志工加入,以多元化、彈性化、創新化等方式,達到「青銀共善」的目標。 The average age of the Foundation’s volunteers has gradually increased, which affects charity promotion and fundraising performance. In this regard, we actively urge young people to join us in providing social services. We aim to attract young international volunteers by adopting diversified, flexible, and innovative strategies to benefit both younger and older generations.
我們依據風險類別,鑑別出其可能影響之面向,及短期(1-2年)、中期(3-5年)與長期(6-10年)發生可能性,對各項風險於2020-2021期間提出相對應之策略與措施。相對應之成果與績效將於報告書相關章節揭露,如下表。 Based on the category of risk, we can identify the aspects of its possible short-term (1-2 years), medium-term (3-5 years), and long-term (6-10 years) impacts, as well as propose corresponding strategies and measures. The corresponding results and performances are disclosed in the relevant chapters of this report, as shown in the table below.
氣候急難,對於環境風險的敏銳度和防災與救災能量的提升,我們以「在地化」發揮當地能量,以「全球化」期望散發全球影響力。透過國際會議的倡議,將環保理念轉化為具體行動,發揮在地的行動力,進而持續推廣與改善。在此同時,組織內亦以軟硬體系統化的考量,在軟體上建立防災士、宗教師、社工師、關懷士等專業課程,以利未來投入實際災防現場,硬體上則持續研發防災設備與物資,推動防災科普教育等,為「預防慈善」、「減災調適」與「韌性社區」而努力。 In response to the rapidly changing climate, the Foundation is honing its sensitivity toward environmental risk and its ability to prevent disasters and provide relief and assistance. We aim to transform the concept of environmental protection into concrete actions through international conference initiatives, and execute local actions for continuous promotion and improvement. Meanwhile, the organization will construct software and hardware systems. We plan to create professional course software related to disaster prevention, religious teaching, social work, and care giving. To facilitate on-site disaster prevention in the future, we will continue to develop disaster prevention equipment and materials, promote disaster-prevention science education, and strive to promote our principles of “prevention charity,” “disaster mitigation and adaptation,” and “resilient community.”
我們依據風險類別,鑑別出其可能影響之面向,及短期(1-2年)、中期(3-5年)與長期(6-10年)發生可能性,對各項風險於2020-2021期間提出相對應之策略與措施。相對應之成果與績效將於報告書相關章節揭露,如下表。 Based on the category of risk, we can identify the aspects of its possible short-term (1-2 years), medium-term (3-5 years), and long-term (6-10 years) impacts, as well as propose corresponding strategies and measures. The corresponding results and performances are disclosed in the relevant chapters of this report, as shown in the table below.
在組織管理首重內控制度建立,近三年法務處陸續完成本會慈善、人事、財務、總務及營建等12項內控循環風險及100項三階辦法作業,不定時於內控作業文件系統進行公告,並隨時更新及管理,以為內部單位會務推動遵循方針。 We have established the first internal control system for organizational management. In the past three years, the Legal Affairs Department has successively completed 12 internal control cycle risk assessments for the Foundation on charity, personnel, finance, general affairs, and construction issues, as well as 100 third-level operation methods. We have also issued, updated, and managed internal control operation file system announcements as required to assist the internal unit in ensuring regulation compliance during operations.
鑒於機構治理法遵之重要及管制法律風險事件為重中之重,且我們致力於法規遵循文化的建立,2021年7月建立以副執行長劉效成為法遵事件最高負責主管,法務處為法遵事務單位,職責協助法遵主管進行本會法律風險事件通報風險分析及管考,並不定期辦理法遵事件聯繫會報,檢討事件風險成因、即時處理結果及確立未來改善措施,透過法律風險事件通報暨處理流程,完善本會法遵處理內控作業機制,除弊興利,實踐本會社會責任,自2021年7月至2022年3月已辦理8次法遵事務聯繫會報。 We realized that corporate governance compliance and legal risk control are top priorities, and we are committed to building a compliance culture. Therefore, we have appointed Deputy CEO Scott Liu as the highest-ranked supervisor responsible for regulation compliance events. The Legal Affairs Department is the regulation compliance affairs unit responsible for assisting the regulation compliance supervisors in risk analysis and managing the Foundation’s legal risk events. It also handles regulation compliance event contact reports as they occur, reviews the cause of risk incidents, deals with the results immediately, establishes future improvement measures, and improves the internal control operation mechanism through legal risk event notification and handling procedures for the Foundation to ensure regulatory compliance. Besides losses and benefits, regulation compliance reflects our commitment to social responsibilities. Therefore, the Foundation has issued 8 regulation compliance affairs liaison reports between July 2021 and March 2022.
2019年至2021年本會會務管理違反法令受行政機關函請限期改善案件26件,受罰鍰案件14件及補稅案件5件,合計共45件皆已依法改善,並建立預防措施。 From 2019 to 2021, the Foundation’s management had 26 regulation violations, and the administrative agency required improvement within a certain time frame. Among them, 14 cases received penalty fines and 5 involved overdue tax payments. We have resolved 45 cases according to the law and established preventive measures going forward.
2019年至2021年期間,辦理各項法令遵循教育研習,累計總參加人次達2105人次,其中通識類法規課程《法律風險預防》《資訊安全》及《性別工作平等法》進行課後測驗,合計平均及格率達92.1%,有效提升本會同仁法遵意識。 Between 2019 and 2021, we held various regulation compliance education and training sessions, and the total number of participants reached 2,105. During these sessions, tests were given after general law and regulations courses (such as Legal Risk Prevention, Information Security, and Gender Work Equality Law), and the average pass rate was 92.1%. These courses have effectively enhanced the regulation compliance awareness of our employees.
| 上課年度 Course Year | 課名 Course Title | 上課人數 Number of Participants | 測驗人數 Number of Participants Who Took the Test | 及格人數 Number of Participants Who Passed the Test |
|---|---|---|---|---|
| 2019 | 契約攻略-法務教你用例稿 Contract Strategy - Legal Advice on Cases | 254 | ||
| 2020 | 車禍事件處理法令及實務 Law and Practice of Dealing with Automobile Accidents | 148 | ||
| 2021 | 法律風險預防 Legal Risk Prevention | 619 | 619 | 590 |
| 2021 | 通識課(資安) General Studies (Information Security) | 510 | 474 | 411 |
| 2021 | 通識課(性平) General Studies (Gender Equity) | 510 | 367 | 344 |
| 2021 | 營建零災害 BHazard-free Construction | 64 |
我們的慈善服務遍佈全球,商標儼然成為責任與承擔、建立慈善服務的信賴,因此,我們在全球志業發展國家登「蓮花法船圖」、「慈濟」、「TzuChi」、「大愛」、「DAAI」等核心商標之商標登記,截至2021年,總計橫誇全球五大洲43個國家,登記800個志業推動品項,建構慈善慈濟服務國際化識別標誌。 Our charitable services are spread across the globe, and trademarks have become key to building trust in philanthropic services. Therefore, we have registered our core trademarks such as “Lotus Dharma Boat,” “Tzu Chi,” “TzuChi,” “Great Love,” and “DAAI” in countries where we run our missions. We have registered 800 charitable promotion items in a total of 43 countries on five continents as of 2021 and established the international logo for Tzu Chi’s philanthropic services.
另為防止他人不法襲名或惡意搶註情事,本會委任專利商標事務所協助商標市場監測,發現侵害個案,即向官方依法提出行政救濟,以正社會視聽,至2021年,已成功異議不法註冊37件,及一件傍名之醫療機構完成更名。 To prevent others from illegally copying our trademarks or conducting malicious trademark registration competitions, the Foundation has appointed a patent and trademark firm to help us monitor the trademark market. When an infringement case is discovered, we will file an administrative remedy with the authorities according to the law to correct the legal infringement. As of 2021, we have successfully challenged 37 illegal registration cases and remedied one medical institution’s name registration infringement.
為控制契約風險,我們就對外經常性簽訂之契約,陸續制訂契約例稿,並設置契約資料庫進行管理,截至2021年止,完成11大類共74項例稿,並透過內部教育訓練講座及工作坊推動例稿使用。 We have successfully formulated contract drafts for contracts regularly signed externally and established a contract database for management to control contract risks. As of 2021, a total of 74 sample drafts in 11 categories were created, and the use of sample drafts has been promoted using internal education and training seminars and workshops.
例稿內容的制訂除考量本會行政需求外,並納入本會方針政策,例如工地文化限用蔬食並禁酒,推動慈濟人文;參考遵循國際性法令增設反貪腐條款,提升合作廠商清廉意識,從而擴大組織影響力。制訂後亦有定期覆核更新機制,以因應法令規章變更持續優化。除了契約例稿外,另外制訂契約管理辦法,規範應簽訂書面之各項契約類型,以及契約審閱、用印及歸檔流程,提升契約管理品質。自2019年至2021年止,法務處的契約審閱案件數量從一年約580件次增加至870件次,契約例稿使用比例由37%提升至62%,類別包括各類不動產及動產之租賃、借用、捐贈、買賣、慈善合作、慈善委任、工程承攬、著作權授權或讓與等等。除了以契約例稿提升行政效率及控制基本風險外,對於非例稿契約,則由法務處進行風險審查及指導,維護本會權益及社會公信。 In addition to fulfilling the administrative needs of the Foundation, our policies were also incorporated into the drafts, such as offering vegetarian meals and banning alcohol at construction sites to promote Tzu Chi’s humanity culture. We have also referenced anti-corruption clauses provided by international laws to improve the cooperation manufacturers’ integrity awareness and expand the Foundation’s influence. After formulation, there is also a regular review and update mechanism to optimize the drafts according to laws and regulations.In addition to contract drafts, we have formulated contract management measures, standardized the types of contracts that must be signed in person, and established contract review, printing, and filing procedures to improve the quality of contract management. From 2019 to 2021, the number of contract review cases handled by the Legal Affairs Department increased from about 580 to 870 per year, and the contract draft utilization ratio has increased from 37% to 62%. The categories include leasing, loaning, donation, sale, charitable cooperation, charitable appointment, engineering, copyright authorization, or assignment of various real estate or movable properties. In addition to improving administrative efficiency and controlling basic risks using contract drafts, the Legal Affairs Department must also conduct risk reviews and guidance for non-regular draft contracts to safeguard the rights and interests of the Foundation and ensure social credibility.
為配合國家洗錢防制及反資恐法令,本會於2018年即邀請行政院洗錢防制辦公室何凱婷諮議,進行國內外防制洗錢及打擊資恐之運作現況及趨勢講座,並陸續於主管機關的指導下,訂定多項洗錢防制暨反資恐措施,包括洗錢及資恐風險進行辨識、評估、管理之相關內控制度等法令遵循及執行之標準作業程序,每年亦自我檢視完成社會福利法人洗錢防制風險評估報告交付衛福部備查,尤其本會是國際NGO,特別重視在國際慈善合作風險辨識,避免違反洗錢防制及反資恐法令,維護本會信譽。 To comply with the nation’s AML/CFT regulations, in 2018 the Foundation invited Kai-Ting Ho of the Anti-Money Laundering Office of the Executive Yuan to conduct lectures on the current AML/CFT status and trends for domestic and foreign operations. We have also established numerous money-laundering prevention and anti-financial terrorism measures under the competent authority’s guidance. They include the relevant internal control systems for money laundering and terrorism risk identification, assessment, management, and other legal compliance or standard operating procedures. We have also completed the Money Laundering Prevention Risk Assessment for Social Welfare Foundations reports each year and submitted them to the Ministry of Health and Welfare for reference. Since we are an international NGO, the Foundation attaches great importance to international charitable cooperation risk identification to prevent AML/CFT violations and maintain the Foundation’s credibility.
慈濟志業遍布全球,為促進全球志業組織設立法制化及台灣總會之法脈連結,法務處推動全方位標準化評估及法制程序,以建立法脈宗門與責任治理並行的組織網絡,除已於各大洲國家建立據點外,自2018~2021年,又陸續於土耳其、約旦、史瓦帝尼、莫三比克、墨西哥、智利、柬埔寨、宏都拉斯、緬甸、宏都拉斯、南非、巴拉圭、瓜地馬拉、多明尼加、厄瓜多、印度及海地等開發中國家踐行標準化組織設立登記。目標以聯合國組織永續發展「友善希望、友善生命、友善社區、友善環境、友善地球及友善國際」六大指標建立各國組織治理,促進全球社會認識慈濟對永續發展目標的具體貢獻,建立世界非政府組織典範。 Tzu Chi’s missions spread across the globe. To promote the legalization of global voluntary organizations and link the Jing Si Dharma Lineage of Taiwan headquarters, the Legal Affairs Department has established comprehensive standardized assessment and legal procedures to construct a Jing Si Dharma Lineage and responsibility governance organizational network. In addition to setting up bases in various continents and countries, we have completed standardized organization registrations from 2018 to 2021 in developing countries such as Turkey, Jordan, Eswatini, Mozambique, Mexico, Chile, Cambodia, Honduras, Myanmar, Honduras, South Africa, Paraguay, Guatemala, Dominican Republic, Ecuador, India, and Haiti. We correspond service projects to six visionary goals with "Goodness of the hope, Goodness of the life, Goodness of the community, Goodness of the environment, Goodness of the earth and Goodness of the international". And these six visionary goals are in accordance with the Sustainable Development Goals of the United Nations organization to establish national organizations Governance. The goal is to strengthen the global community’s awareness of Tzu Chi’s specific SDGs contribution and establish a model for the world’s NGOs.
資訊安全是全球關注之重大議題,因應慈濟慈善服務多元,且捐款者亦來自世界各地,我們尤為重視會員及志工個人資料之管理與維護,2021年七月在執行長顏博文指示下,邀集資安顧問、資安廠商,經過六次會議完成《資通安全白皮書》中英文版,透過建構安全可信賴的資通環境,有效防範資訊安全事件發生,確保達到資訊系統網路安全的目標,快速補足不足之處,是我們第一本有系統性的資通安全工具書。 Information security is a major global concern. Due to the diversity of Tzu Chi’s charitable services and our donors coming from all corners of the world, we attach great importance to managing and maintaining personal data regarding our members and volunteers. Under the instruction of CEO Po-Wen Yen, we invited information security consultants and vendors in July 2021 to complete the Chinese and English versions of the Information Security White Paper after conducting six meetings. By building a safe and reliable information communication environment, we can effectively prevent information security incidents, ensure information system network security, and quickly repair defects. It has become our first systematic information communication security tool.
以九大項目作為持續管理之目標,並持續依循ISO27001程序流程控管,作為資安管理架構、因應組職資安需求建立或調整相關管理規範及辦法,避免未授權者存取資訊,同時規範依其職務區隔、資訊機密分級管理、存取控制管理、實體及環境安全管理、通訊安全作業管理、開發及維護管理分層管控,以達最佳保護管理、持續優化與改善。於2021年亦派遣三名同仁取得ISMS主導稽核員認證資格。 We have used nine major projects as our continuous management objective model and continued to follow the ISO27001 process control as the basis for our information security management structure. The goal is to establish or adjust the relevant management norms and methods in response to the organization’s information security needs and prevent unauthorized information access. We have also standardized access permission, hierarchical information confidentiality management, access control management, physical and environmental security management, communication security operation management, development and maintenance management, and hierarchical control according to the division of labor to achieve the best protection management and continue to optimize and improve. In addition, three employees were deployed to obtain the ISMS Lead Auditor Certification in 2021.
在強化資訊安全上,我們除了確保資料備份及異地存放作業正常運作、採用防火牆、入侵偵測系統、建置資料外洩防護(DLP)、防毒軟體等資安措施,更導入網路攻擊防禦系統進一步偵監測網路異常之威脅,將來源不明的軟體隱藏惡意攻擊的風險降至最低;另,規劃每年固定一次『網路攻擊、非法入侵與勒索軟體感染、天災資通安全事件』其中一項之緊急應變措施演練,以提升資安等級。 To strengthen information security, we have taken measures to ensure the normal data backup and off-site storage operations, adopted information security measures such as firewalls, intrusion detection systems, data leakage prevention (DLP), and anti-virus software, and introduced network attack defense systems to detect and monitor network abnormalities and threats to minimize the risk of malicious attacks hidden in software from unknown sources. In addition to these measures, we will organize a “cyber-attack, illegal intrusion, and ransomware infection, natural disasters, or information security incident” emergency response drill once a year to improve information security.
為強化職、志工資訊安全認知,於全臺主要分支會所舉辦資訊安全宣導課程,2020-2021年總計辦理7場次資安教育訓練,受益人次職工2,307人次,志工5,969人次。 We also organize information security publicity courses in major branches in Taiwan to strengthen information security awareness for employees and volunteers. From 2020 to 2021, seven information security education and training sessions were held, and 2,307 employees and 5,969 volunteers participated in these sessions.
同時為持續訓練同仁電子郵件安全使用習慣,於2020-2021年,委請資安專業單位對內進行2場次網路釣魚社交工程演練,透過社交工程演練,強化同仁對惡意電子郵件詐騙認識,降低APT攻擊風險;藉由演練成果,驗證年度資安教育成效。 To train employees in safe email use, we commissioned the information security professional unit to conduct two social network engineering walkthrough drills in 2020 and 2021. The goal is to help employees strengthen their awareness of malicious email fraud and reduce the risk of APT attacks. The results of the drills were used to verify the annual information security education performance.
為提升慈濟慈善服務與數位原生世代的溝通互動,且提供易取得被「公開驗證」之捐款數位徵信紀錄,目前初步以新芽獎助學金進行測試開發,將捐款人指定用途之捐款,逐步建置捐款與物資發放雲端徵信資料庫,透過區塊鏈做技術應用與評估,使用區塊鏈技術其具有高度安全及不可竄改性,未來期以視覺化呈現捐款與發放流線,查看捐款來源,物資發放明細以及憑證、獎狀等資料,展現本會責信與資訊透明,提升金流透明度,增加捐款人之信任度,共同為公益募款注入新能量。 To enhance the communication and interaction between Tzu Chi’s charitable services and the digital native generation while providing easy access to publicly verified donation digital credit records, we are conducting initial tests using the New Shoots Scholarship to build a donation and material distribution Cloud credit database by organizing the donations based on the purpose designated by the donors. The goal is to use blockchain technology for technical applications and evaluations because blockchain technology is highly secure and cannot be tampered with. In the future, we hope to be able to visualize the donation and distribution flow and check the donation sources and distribution details for vouchers, certificates, and other materials to demonstrate our responsibility and ensure information transparency. The efforts can improve cash flow transparency, increase donors’ trust, and inject new energy into fundraising for public welfare.
電子報訂閱News Subscription
