SG2X EMPLOYEE HANDBOOK POLICES
|
1
RISK MANAGEMENT PROCEDURE [COMPANY NAME] integrated risk management policy is a continuous, proactive and systematic process to understand, manage, and communicate risk across the organization. [COMPANY NAME] process requires making strategic decisions that contribute to the achievement of our company's objectives. Risk management is the process of identification, analysis and acceptance or mitigation of uncertainty in decisions. Overall, [COMPANY NAME] risk management policy highlights the importance of scanning for new risks, assessing risks on the likelihood and impact, developing risk response strategies, and identifying accountabilities for managing, reporting and monitoring risks. [COMPANY NAME] follows a five-step risk management cycle for development projects and investments based on the Government of Canada’s Integrated Risk Management Policy, Treasury Board Secretariat guidance and international risk management standards (ISO 31000)i: Step 1: Identify and define risks ●
In this step, [COMPANY NAME] will scan the internal and external environment and identify the key risks that could affect the achievement of the expected outcomes. [COMPANY NAME] will take into consideration the integration of environment, gender equality, and governance themes where relevant.
Step 2: Determine effect of risk on outcomes ●
[COMPANY NAME] will determine how the identified internal and external risks will affect the immediate, intermediate and ultimate objectives of the company.
Step 3: Identify risk responses ●
[COMPANY NAME] will provide a brief summary of the risk response approaches to be used to manage or prevent the identified risk event, ensuring that the risk responses are financially and technically feasible, and well-designed to reduce the impact and/or likelihood of the identified risks. The response will also be realistic in terms of timely implementation in reaction to needs and will be action-oriented and comprehensive.
Step 4: Assess level of risks ●
For each risk, [COMPANY NAME] will establish the residual risk level. Residual risk is the level of risk after risk responses have been taken into account. [COMPANY NAME] will state the level of likelihood that the risk will occur and its potential impact using the three-point scale.
Step 5: Monitor, update and report ●
As time passes, the project or investment’s context will likely change as will the risks to the achievement of expected results. Risks may disappear or shift, and new risks may