The Company has the Board of Directors as the highest governance unit for risk management. The Board of Directors has overall responsibility for the Company's risk governance. The Audit Committee assists the Board of Directors in supervising the risk management system, including reviewing the Company's enterprise risk management structure and processes to facilitate the identification and management of risks, and report to the Board of Directors major issues, findings and recommendations related to risk management.

Currently the company's governance director is responsible for coordinating various departments to implement risk identification, assessment, management, response and supervision, and regularly reporting risk management results to the board of directors. The company expects to establish the Sustainability Development Promotion Group before the end of 2024. The Sustainability Development Promotion Group will then serve as the responsible unit for the company to implement risk management.

PTC's corporate governance director works closely with various functional organizations and departments to assist management in implementing the enterprise risk management structure to ensure that the company's risks are effectively assessed and managed.

The company's risk management scope includes strategic risks, operational risks, financial risks, information risks, legal compliance risks, integrity risks, other emerging risks (such as risks related to climate change or infectious diseases), and risks not listed above, but this risk will cause the company to incur significant losses, such as major external hazard events, risks caused by extreme event losses, etc.

Each functional unit and department of the Company conducts risk management in accordance with a five-step cyclical process consisting of risk identification, assessment, response, monitoring, and review. Based on this framework, enterprise-level risk matrices and corresponding control measures are established. Continuous education and training programs are implemented to strengthen risk awareness and foster a risk-conscious mindset and culture.

The Company also organizes risk management education and training sessions or briefings on a periodic basis to communicate its risk management policies, procedures, and requirements, thereby enhancing employees’ risk management awareness and execution capabilities. By integrating risk management into operational activities and daily management processes, the Company aims to achieve the following objectives:

1. To accomplish corporate objectives;
2. To enhance management effectiveness;
3. To provide reliable information;
4. To ensure effective allocation of resources.