Risk Management Policy and Procedure
The "Risk Management Measures" was duly approved at the Board meeting of PharmaEngine dated August 13, 2014. We also published the "New Drug Research and Development Risk Management Strategy" on our official website as the highest guiding principle of our risk management. We shall conduct risk factor identification periodically to identify relevant risks that potentially affect sustainable business development, identify the scope of risk management, and monitor potential risks and implement precaution measures in accordance with the development and guidance requirement of the latest internal audit, to strengthen risk management.

Each department shall conduct risk assessment and implement relevant risk management based on all kinds of actual and potential risk situations. The management team shall report on the implementation of our business strategy and risk control at least once a year in board meetings. The Board of Directors will examine, discuss and supervise the implementation of business strategy and the implementation of risk control of the managing department during the quarterly meetings.

The Board of Directors shall periodically review the overall external economic environment at least once a year, identify the risks to assess their impact on medium and long-term operations and strategies, implement risk management procedures and other mechanisms, and control each risk arising from business activities within an acceptable range.
Risk Management Scope
We promise to integrate and manage all strategies, operations, finances, hazards and other potential risks that may affect operations and profits in a proactive and cost-effective way through risk management and to take corresponding risk management strategy based on risk levels. Our risk management includes management of "new drug research and development risk", "climate change, accident, disaster, political and social risk", "regulation compliance risk", "operation risk", "cyber security risk", "corporate governance risk", "financial/taxation risk", "human resources risk", "business management risk", and "other risk".
Risk Management Framework
PharmanEngine's risk management framework and risk management responsibilities by department as follow:
Department Risk Management Responsibility
Audit Committee Review risk management policies and their implementation.
President & CEO Office Risk management of business decision-making, intellectual property rights, and product quality.
Audit Office Risk management of internal control and internal audit related.
Clinical & Regulatory Affairs Risk management of research and development of clinical trials, pharmaceutical compliance, and product registration.
Corporate Development Risk evaluation of new drugs research from competitors and new project introduction, and risk management of sales market after product launch
Finance & Administration Risk evaluation management of financial matters, response strategy implementation, operations, and information security evaluation
Research & Development Risk management of pre-clinical animal pharmacology, toxicology, pharmacokinetics and clinical trials related research, external research and development management and project planning, implementing, controlling related matters, new drugs research and development, manufacturing, and analysis.
Marketing & Sales Risk evaluation management of products related supply, marketing or sales and account related matters.
Risk Evaluation
Major Themes Risk Evaluation Items Risk Management Policy and Strategy
  1. Environment Protection and Ecological Conservation
  1. We are committed to protect the environment, respond to green environmental protection policies, formulate key implementation plans each year, and regularly track and review the progress of various targets to ensure that they are achieved.
  2. We formulate our internal audit plan on a yearly basis in order to review PharmaEngine's compliance with the related regulations and audits the operating procedures to confirm if they comply with the relevant rules and regulations.
  1. Occupational Safety
  2. Product Safety
  1. We regularly hold fire drills and office safety training each year to nurture employees' abilities in emergency response and self-safety management.
  2. Our products comply with various product and service regulations set forth by the government and meet various practices, including Good Manufacturing Practice (GMP), Good Distribution Practice (GDP), and Good Laboratory Practice (GLP). In addition, we provide stable product quality through stringent quality management system. At the same time, in order to ensure product quality, we have set up a product section on its website and strengthens communication with customer, so the co-prosperous relationships with customers can become the cornerstone of sustainable development for the Company.
  3. We take out related clinical trial insurance for clinical trials to ensure the compensation of the subject if there is any physical damage due to participation in the clinical trial.
  4. We have joined the Drug Injury Relief System in accordance with the law; hence, it contributes 0.05% of its sales in the previous year to the drug injury relief fund. In addition, we take out product liability insurance, US$10 million, to protect patients against damages arising from drug defects or unknown adverse reactions.
  1. Socioeconomic and Regulation Compliance
  2. Enhance Board Resonsibilities
  3. Stakeholder Communication
  1. We ensures that all the employees and operations at our company truly comply with the relevant laws and regulations by establishing a governance organization and implementing the internal control mechanism.
  2. In order to enhance the functions of directors and ensure that they understand their legal liabilities, we make arrangements every year for directors to attend courses on related topics and provides directors with the latest regulations, institutional developments, and policies.
  3. PharmaEngine insured the directors and managers and the insurance coverage is US$7 million to assist the directors and managers to reduce the risk of litigation and claims when conducting business with the duty of care.
  4. We attach great importance to investor relations, we have established various communication channels to actively communicate with investors. Furthermore, we have also set up an investor mailbox, where the investor relations is responsible for handling the mailbox and responding to investors' mails.


1. Implementation of risk management policy and risk assessment standard
(1) New drug research and development risk management
The management for research and development risks in PharmaEngine includes the evaluation and introduction for new projects, project management execution, quality management, process development control, pharmacology and toxicology research management, clinical research management, regulatory inspection and registration management, project outcome management, promotion of new product outcomes, and document maintenance and preservation operation.
(2) Climate change, accident, disaster, political and social risk management
Systemic risks normally significantly affect company operations and require a special taskforce. For example, in response to the global spread of the new coronavirus (COVID-19), the President & CEO of the Company called each department head to set up an epidemic prevention group to discuss the risk environment, risk management priorities, risk assessment, response measures and operational conditions we faced, and to formulate guidance on emergency response operations and related control measures for the COVID-19 Pandemic.
(3) Regulation compliance risk management
1. Protect subjects in clinical trials to ensure their rights, safety, and wellbeing
The Company conducts clinical trials in accordance with the "Guidelines for Good Clinical Practice (GCP)" of ICH and upholds the ethical principles of medical research in the Declaration of Helsinki to ensure the rights, safety and well-being of subjects. Each participant in the human clinical trials will be fully informed and protected. In addition, the Company provides relevant insurance for the clinical trials. If there is any physical harm due to participation in the trial, there will be clinical trial insurance to compensate the subject for damage.
2. Quality policy
The Company upholds the spirit of innovation, manages new drug research and development projects, adheres to quality and focuses on total quality management. The Company also complies with GMP, GDP, GLP, GCP and international regulations, and achieves new drug development research that meets the goals of safety, effectiveness, and consistent quality to enhance the development level of new drugs, promote the development of medicine and continuously improve the quality of medicines.
3. Notification for adverse drug reaction in clinical trials
For the Company's clinical trials, if there is any serious adverse reactions caused to the subjects due to the drugs, regardless of the location in Taiwan or other regions, the Company will notify Ministry of Health and Welfare or Taiwan National Adverse Drug Reaction Reporting System of Taiwan Drug Relief Foundation in accordance with the regulations.
4. Drug safety monitoring management
The Company's post-market risk management of drugs is targeted at drug safety, and a drug safety reporting system is established to ensure the monitoring and tracking of adverse reactions after new drugs are launched to avoid serious adverse drug reactions. The risk management methods are conducted to reduce or avoid medication risks. The Company pays attention to and monitors possible adverse reactions caused by drugs, provides relevant drug information, and informs possible risks and possible adverse reactions in great detail during the medication process.
(4) Operation (Drug Inventory Risk Management)
Our product is a pancreatic cancer drug. The focus of inventory risk management is to control the inventory cost, expiration date and avoid short supply. To control related inventory risks, we formulate a reasonable mechanism for safety stock, early warning, and inventory information circulation among different departments, and to ensure drug supply, inventory stability, and notification, the management methods for notification of drug supply shortages. By implementing drug inventory risk management and control to ensure the effective operation and management of drug procurement, drug safety stock and drug supply shortage notification. In addition, in response to the impact of COVID-19, we coordinated with suppliers to increase the flexibility of the supply schedule. We also appropriately increased the safety stock level, and uses the inventory buffer, adjust and balance the inventory to ensure supply of medicines to domestic medical institutions normally during the product supply fluctuation.
(5) Cyber Security
To implement the Company’s cyber security policy and build a continuously improving secure cyber environment to ensure the cyber security management system is effective, the Company adopted the ISO27001 Information Security measures in 2022 and obtained the certificate in January 2023.
(6) Corporate Governance
The Company established important internal policies and mechanisms such as “Corporate Governance Best Practice Principles”, “Codes of Ethical Conduct”, and “Insider Trading Prevention and Management Measures” with methodical implementation.
(7) Finance and Taxation
1. Finance: The finance personnel communicates closely with the bank to regularly monitor the Company's capital, interest rates, and foreign exchange rate trends.
2. Taxation: The accounting personnel communicates closely with the accountant to regularly monitor the international taxation trends to reduce tax-related risks.
(8) Human Resources
The Company deeply values humanized method of management and provides full respect and care to employees including group insurance, regular health check up , on-the-job training and other benefits. The Company implements these benefits and strengthens dynamic employee care to provide a quality work environment.
(9) Business Management
The Company entrusts professional stock affairs agencies for all stock-related matters and established the spokesperson system, investor relations personnel, and company website to build and strengthen communication channels with external stakeholders and the Company public image.
(10) Others
Each department evaluates their specific risk management duties and measures.
4. Implementation Results
(1) The result of risk management policy and procedure, scope, organization structure, and implementation for 2023 (including cyber security risk management) were reported to the board of directors on October 31, 2023.
(2) In 2023, in addition to the regular risk management implementations, we have continued to conduct flu prevention vaccination, cyber security, regulation compliance, and other risk management projects. We completed the annual audit for our ISO/IEC ISO27001:2013 Information Security certificate in December 2023.
Risk Management Documents