Risk Management Policy
Identification:
Responsible: Directors/General Manager
Issue Date: 12/08/2024
Review Due: 12/01/2027
1. General Guidelines
Cramlington Precision Forge Ltd. (CPFL) is dedicated to the proactive and effective management of risks, with a firm commitment to safeguarding the well-being of its employees, business partners, and the communities in which it operates. This commitment also extends to environmental stewardship. The company’s risk management approach is integral to its core values, Code of Conduct, internal policies, and governance structures.
The principle that "Life matters most" is at the heart of CPFL's operations. The company strives to implement best practices in risk management to prevent any loss of life or adverse impacts on health and safety. CPFL’s risk management efforts focus on:
Promoting a culture of risk management that is transparent, aligned with corporate objectives, and adds value to the business by enhancing decision-making processes. This approach aims to prevent or mitigate negative impacts on people, communities, the environment, operational continuity, and the company’s reputation.
Supporting the strategic planning and long-term sustainability of CPFL’s business operations.
Optimizing capital allocation and strengthening asset management based on identified risks.
Reinforcing CPFL's governance practices through a structured approach, utilizing the concept of Lines of Defence.
Adopting and adhering to internationally recognized risk management standards, such as ISO 31000, ISO 55000, and COSO-ERM, alongside Risk-Based Process Safety (RBPS) for process safety.
Utilizing a risk appetite framework to guide decision-making, capital allocation, and the formulation of strategies in response to identified risks.
Assessing potential impacts related to new investments, acquisitions, and divestitures based on CPFL’s risk map and appetite.
Identifying emerging risks to develop timely solutions that mitigate potential negative impacts on CPFL’s business objectives.
2. Applicability
This Policy is specific to Cramlington Precision Forge Ltd. (CPFL) and applies exclusively to its operations. It does not extend to any subsidiaries or external entities.
3. References
Code of Conduct
Human Rights Policy
Climate Change Policy
Anti-Corruption Policy
Sustainability Policy
Diversity and Inclusion Policy
4. Concepts and Definitions
Risk: The effect of uncertainty on organizational objectives, which may impact various dimensions of the business.
Business Risks: Potential risks that could affect people, communities, the environment, operational continuity, the company’s reputation, and the achievement of CPFL's business objectives.
Risk Appetite: The level of risk that CPFL is willing to accept in pursuit of its strategic objectives.
Integrated Risk Map: A tool that consolidates CPFL’s risk themes, classified according to a specific taxonomy.
Severity Ruler: A tool to standardize the measurement of the potential negative impacts of risks.
Probability Ruler: A tool to estimate the frequency or likelihood of risk occurrence.
Risk Matrix: A document that classifies risks based on their probability and severity, establishing a priority scale.
Priority Risk Themes: Risks that require detailed monitoring and alignment with CPFL’s risk appetite.
Emerging Risks: Risks that may increase in impact over time and involve high uncertainty.
Risk Response Strategy: Defines the approach to treating risks according to their priority level in the Risk Matrix, considering CPFL's risk appetite.
5. Governance
CPFL employs an integrated risk management governance model based on the concept of Lines of Defense. This model optimizes decision-making communication and reinforces the alignment between strategy, performance, and risk management.
The Board of Directors sets the overall guidelines for risk management, with support from the Audit Committee, which oversees the adequacy and effectiveness of CPFL's risk management processes. The Board and Audit Committee fulfill their responsibilities through regular monitoring and assessments.
The Executive Committee is responsible for implementing the Board’s guidelines, supported by Risk Executive Committees that assist in managing and monitoring risks.
6. Disclosure and Dissemination
This Policy will be filed and published in CPFL's official documentation system, making it accessible to all relevant internal and external parties as applicable. To embed this Policy into CPFL's culture, the Enterprise Risk Management (ERM) function, acting as the 2nd Line of Defense, will design and implement a training plan for effective dissemination and understanding across the company.
7. Policy Review Deadline
This Policy must be reviewed at least once every five years or more frequently if necessary to ensure its relevance and accuracy.
8. Responsibilities