Risk Management
Risk management is the process of identifying and assessing risks, as well as developing and implementing measures aimed at mitigating them to an acceptable level determined by the company’s risk appetite.
An integrated risk management system (IRMS) is a set of interrelated elements combined into a single process, within which the Group’s governing bodies, management, and employees participate in identifying risks that could impact the achievement of objectives and business results, and in managing these risks to a level acceptable to shareholders.
Business practice shows that preventing negative events typically requires significantly less effort than mitigating their consequences. Therefore, a systematic approach to risk management requires the implementation of an integrated risk management system within the organization.
Roles and Responsibilities in the Risk Management System
Board of Directors
The Board of Directors:
Approves the annual Risk Management Program;
Sets the risk materiality level;
Determines the company’s risk appetite;
Approves changes and updates to the Program during the reporting period;
Approves material risk cards;
Monitors key risks;
Reviews reports on the effectiveness of the risk management system.
Board of Directors Committees
The Board of Directors Committees, within their purview, shall:
Approve material and moderate risk cards;
Agree on their updates and amendments;
Monitor relevant risks;
Review reports on the effectiveness of the IRMS.
Management Board
The Management Board:
Prepares the Risk Management Program for the Board of Directors and its committees;
Approves moderate (within its purview) and immaterial risk cards;
Approves amendments and updates to these cards;
Based on quarterly reports, exercises overall control and oversight over the effectiveness of the risk management system, including the management of moderate and immaterial risks.
CEO
CEO:
Ensures the functioning of the company’s risk management system and is responsible for its overall effectiveness and results;
Makes and approves management decisions on IRMS matters within the scope of their authority;
Chairs the Risk Committee;
Approves risk owners upon recommendation by the Risk Committee (Commission).
Risk Committee
Risk Committee:
Forms proposals for the Board of Directors on the level of risk materiality;
Develops and maintains the Company’s Risk Register;
Develops the Risk Management Program;
Conducts risk assessments and preliminarily approves their results;
Coordinates risk response strategies and risk management action plans;
Oversightens the implementation of action plans;
Participates in monitoring the IRMS’s performance;
Develops key risk indicators (KRIs);
Submits proposals for the appointment of risk owners, including cross-functional risks, for subsequent approval by the CEO.
Risk Manager
Risk Manager:
Organizes and coordinates the risk management process;
Provides methodological support to the Risk Committee and risk owners;
Collects and analyzes information on the implementation of risk management plans;
Ensures information exchange and reporting between all IRMS participants;
Participates in Risk Committee meetings, prepares its decisions, and communicates them to relevant managers and employees;
Monitors the performance of functional responsibilities by all process participants.
Risk Owners
Risk owners are responsible for the full risk management cycle for specific risks, including:
Identifying and assessing them;
Preparing reports;
Determining key risk indicators (KRIs);
Developing and updating response strategies and action plans;
Achieving approved KRI targets.
Activity Owners
Activity owners are personally responsible for the implementation of specific actions outlined in the risk management plans.
Internal Auditor
The Internal Auditor:
Independently monitors the risk management system and provides recommendations for its improvement;
Assesses the effectiveness of individual risk management;
Provides information on risks identified during audits to the risk manager;
Conducts an annual assessment of the effectiveness of the risk management process;
Develops proposals for the development and improvement of the RISM.