Risk Management Policy

Purpose

This policy forms part of Cast and Craft ltd internal control and governance arrangements. It sets out the approach, governance and processes across the Group in relation to risk management.

Key Principles

Cast and Craft ltd directors is ultimately responsible for determining the strategic risks the company is willing to take to achieve its strategic objectives and enhance the sustainability of value creation including risks which threaten its business model, future performance, creditworthiness or liquidity. The directors takes a balanced view on risk to ensure an appropriate position between risk aversion, opportunity and gains. The Board’s responsibility for setting the Group’s culture is central to an effective risk management process. 

The Directors maintains a robust risk management and internal control system which it monitors and reviews across all of operations & functions. 

There is an open and transparent approach to risk assessment, management and mitigation. Responsibility for the management of each risk is allocated to an individual. 

The risk management and control procedures set out in this policy form part of the Group’s normal management and governance processes. 

In the absence of an established Internal Audit function within Cast and Craft ltd, the Audit and Risk committee may elect to appoint external support by an appropriately experienced provider of Internal Audit assurance services for review of selected topics regarding the internal control environment and/ or Risk Management Framework.

Procedure

a) Identification – risks are identified through both a top down approach (Strategic risks) as well as a bottom up (functional risks) approach. Principal risks are identified by the directors. Functional risks are identified by directors or assigned team. The focus is on risks the directors are willing to take to achieve its strategic business objectives. New and emerging risks are assessed and determined. The procedure seeks to identify top down strategic risks and well as bottom up operational risks. 

b) Assessment – strategic risks are assessed on a at least 6 monthly basis during director meetings. The principal risks are revisited and if necessary, updated on a semi-annual basis, in line with the financial reporting timetable. Functional risks are assessed by the director members or delegates, through maintenance of the risk and control register. The risk and control register is reviewed for completeness and adequacy on a regular basis and included in the meeting agendas. The Board will complete an annual Horizon Scanning exercise. c) Management – risks are recorded in the Risk Register by director members or delegates (risk owners). Every risk on the register is allocated to an individual and appropriate controls are identified. Risk management is embedded in the operations and Group functions. The process for the management of risks.

d) Reporting – the risk registers and management of each risk is monitored and reviewed as part of the director meeting. Reports over strategic risks and functional risks are generated periodically on no less than a semi-annual basis with support from the Finance team/ Internal Audit to the directors and from the director to the Audit & Risk Committee or any other designated team

e) Review – each Audit & Risk Committee meeting receives an update on risk management across the company and no less that once a year the directors carry out a review of the risk management process and assesses whether any improvements are necessary. The Board will re-evaluate risks measures and determine if controls are appropriate, taking into account business planning. The Board will complete an annual review of risk appetite.

f) Communication and Training – the Directors and any assigned member receive training and support from Internal Audit, utilizing external resources as appropriate.

 Roles and responsibilities

Directors

  • Ultimately responsible for the Companies risk management system and reviewing its effectiveness 
  • Establishing and communicating the risk management policy 
  • Setting the “tone” and culture for managing risk 
  • Agree the risk appetite of the Company 
  • Review overall Companies strategic and principal risks at least 06 months/annually 
  • Complete Annual Horizon scanning exercise 

Audit & Risk Committee

  • Examine and review the internal control environment and risk management systems within the Company and review the Companies statement on internal control systems prior to endorsement by the directors. 
  • Report to directors on status of the risk management process. 
  • Provide guidance on risk and control improvements. 
  • Highlight where minimum standards are not being complied with. 
  • Ensure the management of key risk exposures 
  • Responsibility for risk prioritization in operations and Group function level ensuring that the mandated minimum requirements are met 
  • Review of bottom-up risk assessments and escalate material or key risks 
  • Keep abreast of identified risks in their area and potential exposures 

Risk register owners 

  • Drive and coordinate local risk assessment and risk management reporting process. 
  • Actively share knowledge and best practice through contact with other functional leads.

Risk Process Owners

  • Accept responsibility for the risk, its evaluation, monitoring it and reporting its status 
  • Coordinate and contribute to the development and maintenance of an appropriate control environment, and reporting the ongoing effectiveness of controls 
  • In combination with the Risk Register Owner, update the risk report to show the current status

Approved by: The Board of Directors