RISK MANAGEMENT POLICY STATEMENT

The WRAITH Group and all of its subsidiaries (having the meaning as set out in section 1152 UK Companies Act 2006) (“Company”) rand all respective employees.

The Company’s Risk Management Policy sets out the framework, process and responsibilities relating to all aspects of risk management across Company and its subsidiaries.

The objective of risk management is to remove or reduce the likelihood and effect of risks before they occur and deal effectively with actual problems if they do.

The Company sets out clear requirements for the management and reporting of risk to support the delivery of the Company’s objectives and to meet the requirements of good corporate governance.

The Risk Management Policy is compulsory for every legal entity in the Company; no exceptions to the policy will be adopted by any subsequent joint venture or associate investment. 

Our Risk Management policy has particular focus on business risk (financial and non-financial risks), being all risks that normally sit outside of projects. Project risk and opportunity shall be managed in accordance with the Company’s Lifecycle Management Framework.

The Board of directors is ultimately accountable for effective risk management across The WRAITH Group. The Board, keeps under review the risks facing the Company, including the appropriateness of the level of risk the Company may accept to achieve its strategic objectives, and its risk appetite. Risk is the effect of uncertainty on the Company’s objectives.

We operate in a complex global environment, and we are exposed to a wide range of risks and opportunities that influence our ability to execute our strategy. Enterprise risk management is an integrated and joined-up approach to managing risk across the Company to improve performance, innovation, build resilience and support the achievement of objectives to maintain trust and confidence with our customers and stakeholders.

Our risk framework supports the integration of risk into all of the Company’s activities and aligns risk management with our objectives, strategy, and culture, keeping our risk profile within our agreed risk appetite. The risk management framework is to manage the risks that are fundamental to the delivery of our strategy so that we can monitor, manage, and mitigate risk to deliver a consistent, risk control approach, delivering predictability and optimising performance.

Our team leaders must ensure that their department have a comprehensive risk and opportunity management plan to cover the risks and opportunities to their department. They must also ensure that risks are managed at all appropriate levels in the business using the process of identification, analysis, evaluation, mitigation, reporting and monitoring as set out in this policy. Risks are recorded in controlled register(s) and are allocated an owner who has authority and responsibility for assessing and managing the risk.

Managing risk is a part of everyone’s everyday responsibilities. It enables us to make informed decisions, both strategically and in operations. We expect everyone to consider risk when planning and managing all activities, contract management and project planning.

All identified risks shall be analysed for impact and probability to determine the gross risk exposure to the business.

The financial implications of the gross risk exposure to the Integrated Business Plan (IBP) shall be comprehensively reviewed and the risks prioritised in relation to the achievement of business objectives.

Information on the unmanaged (worst case) risk shall be retained as this provides the potential exposure to the business if the risk mitigation fails.

The risk evaluation shall be documented in the controlled risk registers to enable risk to be prioritised and show:

• The risks that have been identified, particularly those of significance;
• Characteristics of the risk;
• The basis for determining mitigation strategy; and
• What reviews and monitoring are necessary for the identified risks.

For those risks that are identified as being unacceptable, steps shall be taken to produce a clear cost-effective strategy and implement action plans to manage the risks and to reduce them to a tolerable and acceptable level.

The mitigation strategy shall be robust and capable of adjustment to meet changes in the business and the business environment.

The primary role of Risk management Policy is to ensure we have a framework to manage risk and uncertainty effectively and consistently. The Company’s Enterprise Risk Management Framework is working to be aligned to the ISO:31000 International Risk Management Standard.