FIVE’s Risk Management Policy is designed to provide the framework to identify, assess, monitor and manage the risks associated with the Company’s business. The Board adopts practices designed to identify as well as effectively manage business risks in accordance with the Company’s risk profile thus providing a competitive edge in the ever-evolving business environment.
The potential risk exposures associated with running the Company are recognized and managed by the management.
ERM Framework at FIVE
ERM Policy stipulates the general risk management principles and guidelines for actions which influence key business decisions. It gives a clear communication of the management’s expectations in relation to risk management practices across FIVE.
This policy is applicable to all the employees of the Company and wholly owned subsidiaries. Each employee is expected to adhere to the ERM principles defined in the policy for an effective implementation of the ERM framework.
Enterprise Risk Management is a structured ongoing process to identify, assess, prioritize, respond, monitor and report the risks that an organization faces in the pursuit of achieving its business objectives. Effectively implemented ERM framework should facilitate the process of managing key risks, to provide reasonable assurance regarding the achievement of FIVE’s short-term and longterm strategic business objectives.
To establish and implement an effective enterprise-wide risk management framework, the Company shall:
- Adopt a structured approach to manage the downside of the risks and harness the upside of the opportunities through implementation of robust risk management processes.
- Ensure ongoing benchmarking and refresh of Company’s risk universe, for completeness and relevance, through identification of strategic, preventable and external risks that matter.
- Define the acceptable nature and amount of risk that the Company is willing to take in pursuit of value while maintaining the optimal balance between risk and reward.
- Identify and proactively treat any risk that breaches the defined risk appetite as a matter of priority to bring it within acceptable levels through adequate Risk Strategy.
- Ensure risks are managed in a comprehensive, methodical, and transparent way, using a common set of definitions, enablers and risk assessment matrices.
- Establish and leverage adequate and efficient channels for continuous communication and reporting of risk information and escalation of critical risks.
- Encourage risk-enabled performance management by implementing the strategic business planning, performance review and critical investment approval process in an integrated manner with the ERM framework across the Company.
- Continually strengthen the coordination between the risk and other assurance providing functions to manage risks in a collaborative and holistic manner.
- Foster risk aware culture and develop desired skills and competencies in the area of Enterprise Risk Management through continuous trainings, initiatives and communications.
- Encourage technology-enabled effective and efficient, monitoring and reporting of risk profile information across the Company to assist informed business decision making by the stakeholders.
- Strengthen Risk Management systems through continuous improvement and benchmarking with applicable regulatory requirements, leading risk management standards (such as COSO and ISO 31000) and leading industry practices.
Managing enterprise-wide risks is a collective responsibility of all the employees of the Company. Under effective guidance and oversight of Board, the Audit and Risk Committee shall ensure the development and implementation of an effective risk management mechanism across the Company through active support and participation of all the employees, including identified ERM stakeholders