RISK MANAGEMENT POLICY & PROCESS

RISK MANAGEMENT FRAMEWORK

Objectives

• Consolidation of all risks faced by Synokem Group so that the Management has full visibility on the risk events
• Enhancing capability to identify potential events that carry risks
• Providing platform to identify and select appropriate risk response – Risk Avoidance, Reduction / Mitigation, Sharing and Acceptance.
• Enabling management to consider entity’s risk appetite in evaluating Strategic business choices
• Effectively assessing resource needs to prioritise and manage potential risks
• Follow up and monitoring of the identified risks through the recommended action plans and timelines

Scope

• This policy covers all topics directly impacting Synokem and its affiliate entities
• Synokem overall Country level risks e.g. Safety, Crisis Management, Information security, are part of the Overall Risk management process at country level.

Governance Framework

• Risk Owners (Individual Function heads) – Identify emerging risks, create mitigation plans, keep Risk Coordinator abreast of updates, manage risk they are accountable for, review with the Risk committee.
• Risk Coordinator ensures governance is maintained, clarifies the process of identifying, assessing, responding & monitoring the risks and consolidates the Risk Register and discusses with the Risk Management committee.
• Risk Management Committee – Review Risk Register regularly. Review risks ratings, prioritise action plans, point of escalation for any support / intervention needed.

RISK MANAGEMENT PROCESS

Risk Management is a continuous process to identify, assess and respond to risks facing the organization, according to the following steps:

Identify & Analyze

• Business & Functional Heads are responsible for identifying risks, as well as threats & opportunities. Risk must be well described with clear Risk Statement, contributing factors, root causes & consequences
• Risk Coordinator will also identify risk areas independently or based on inputs from group
• In case of risk being shared between functions, ownership must be agreed with departments impacted

Evaluate

• The evaluation of the risk determines the severity (level of risk) and the likelihood of the risk by understanding the causes and consequences.
• Severity is evaluated based upon criteria appropriate to the context of the risk and specific to Synokem e.g., Impact on Business/ Financials, Compliance status, reputation & normal operations

Prioritize

• Risk Register to have a prioritization of the risk by the Risk owners based on criticality taking into account the Severity and likelihood of occurrence.
• Prioritization allows the management to determine the actions for risk mitigation, to allocate relevant budgets and resources in line with the level of risk exposure.

Treat & Reduce Exposure

Risk treatment is a decision step with a clear strategy of definition and execution of mitigation plans:

• Avoid – the preferred strategy when the risks are unacceptable and activities linked to the risk must be stopped or comprehensive controls/ change in activities should be implemented.
• Mitigate – To reduce the frequency and impact of risk, Risk owners must make sure that the mitigation plans for each risk is prepared and tracked.
• Transfer – Risk is also mitigated by having another party accept the risk contractually, partly or totally, through insurance, hedging, sub contracting arrangements (to be discussed along with Legal for each instance)
• Monitor & Report – Risk management group will oversee the status of the aforesaid risks identified.