Risk Management PolicyRisk Management Policy

Risk Management Policy

Identification:
Responsible: Directors/General Manager
Issue Date: 12/08/2024
Review Due: 12/01/2027

1. General Guidelines

Cramlington Precision Forge Ltd. (CPFL) is dedicated to the proactive and effective management of risks, with a firm commitment to safeguarding the well-being of its employees, business partners, and the communities in which it operates. This commitment also extends to environmental stewardship. The company’s risk management approach is integral to its core values, Code of Conduct, internal policies, and governance structures.

The principle that "Life matters most" is at the heart of CPFL's operations. The company strives to implement best practices in risk management to prevent any loss of life or adverse impacts on health and safety. CPFL’s risk management efforts focus on:

Promoting a culture of risk management that is transparent, aligned with corporate objectives, and adds value to the business by enhancing decision-making processes. This approach aims to prevent or mitigate negative impacts on people, communities, the environment, operational continuity, and the company’s reputation.
Supporting the strategic planning and long-term sustainability of CPFL’s business operations.
Optimizing capital allocation and strengthening asset management based on identified risks.
Reinforcing CPFL's governance practices through a structured approach, utilizing the concept of Lines of Defence.
Adopting and adhering to internationally recognized risk management standards, such as ISO 31000, ISO 55000, and COSO-ERM, alongside Risk-Based Process Safety (RBPS) for process safety.
Utilizing a risk appetite framework to guide decision-making, capital allocation, and the formulation of strategies in response to identified risks.
Assessing potential impacts related to new investments, acquisitions, and divestitures based on CPFL’s risk map and appetite.
Identifying emerging risks to develop timely solutions that mitigate potential negative impacts on CPFL’s business objectives.
2. Applicability

This Policy is specific to Cramlington Precision Forge Ltd. (CPFL) and applies exclusively to its operations. It does not extend to any subsidiaries or external entities.

3. References

Code of Conduct
Human Rights Policy
Climate Change Policy
Anti-Corruption Policy
Sustainability Policy
Diversity and Inclusion Policy
4. Concepts and Definitions

Risk: The effect of uncertainty on organizational objectives, which may impact various dimensions of the business.
Business Risks: Potential risks that could affect people, communities, the environment, operational continuity, the company’s reputation, and the achievement of CPFL's business objectives.
Risk Appetite: The level of risk that CPFL is willing to accept in pursuit of its strategic objectives.
Integrated Risk Map: A tool that consolidates CPFL’s risk themes, classified according to a specific taxonomy.
Severity Ruler: A tool to standardize the measurement of the potential negative impacts of risks.
Probability Ruler: A tool to estimate the frequency or likelihood of risk occurrence.
Risk Matrix: A document that classifies risks based on their probability and severity, establishing a priority scale.
Priority Risk Themes: Risks that require detailed monitoring and alignment with CPFL’s risk appetite.
Emerging Risks: Risks that may increase in impact over time and involve high uncertainty.
Risk Response Strategy: Defines the approach to treating risks according to their priority level in the Risk Matrix, considering CPFL's risk appetite.
5. Governance

CPFL employs an integrated risk management governance model based on the concept of Lines of Defense. This model optimizes decision-making communication and reinforces the alignment between strategy, performance, and risk management.

The Board of Directors sets the overall guidelines for risk management, with support from the Audit Committee, which oversees the adequacy and effectiveness of CPFL's risk management processes. The Board and Audit Committee fulfill their responsibilities through regular monitoring and assessments.

The Executive Committee is responsible for implementing the Board’s guidelines, supported by Risk Executive Committees that assist in managing and monitoring risks.

6. Disclosure and Dissemination

This Policy will be filed and published in CPFL's official documentation system, making it accessible to all relevant internal and external parties as applicable. To embed this Policy into CPFL's culture, the Enterprise Risk Management (ERM) function, acting as the 2nd Line of Defense, will design and implement a training plan for effective dissemination and understanding across the company.

7. Policy Review Deadline

This Policy must be reviewed at least once every five years or more frequently if necessary to ensure its relevance and accuracy.

8. Responsibilities

Board of Directors:

Establish overall guidelines for risk management and periodically assess the company’s risk exposure.
Approve this Policy and any amendments proposed by the Executive Committee.
Approve CPFL’s risk appetite levels and related statements.
Annually deliberate on the Pluriannual Investment Plan related to risk management.
Approve the review of the Integrated Risk Map and the Priority Risk Themes.
Approve the Risk Response Strategy.
Audit Committee:

Support the Board in executing its risk management oversight responsibilities.
Oversee the adequacy and effectiveness of CPFL’s risk management processes.
CPFL Executive Committee:

Implement the Policy's guidelines and establish the necessary administrative rules to achieve its objectives.
Monitor company risks and foster a risk-aware culture.
Provide necessary support for the 1st and 2nd Lines of Defense.
Propose risk appetite levels and review the Integrated Risk Map and Priority Risk Themes.
Establish and approve the internal regulations of Risk Executive Committees.
1st Line of Defence:

Actively manage risks by identifying, assessing, treating, preventing, and monitoring them.
Manage preventive and mitigating controls, ensuring compliance with applicable regulations and internal policies.
2nd Line of Defence – Enterprise Risk Management:

Develop and assist in the implementation of risk management policies, methodologies, and tools, and promote a culture of risk management within CPFL.
2nd Line of Defence – Specialists:

Define technical standards and ensure adherence to risk management guidelines.
3rd Line of Defence:

Comprises independent areas such as internal audit and whistleblowing channels, responsible for assessing the effectiveness of risk management and compliance practices.
9. Consequence Management

Non-compliance with this Policy will be subject to the disciplinary measures outlined in CPFL's Consequence Management Policy.

10. Final Provisions

In the event of any conflict between this Policy and CPFL's Bylaws, the Bylaws shall prevail, and this Policy will be amended as necessary. This Policy becomes effective upon its approval by CPFL's Board of Directors. The Board delegates authority to the Executive Committee to approve the related rules and responsibilities aimed at preventing Material Unwanted Events (MUEs) and mitigating potential risks.

11. Approvals

Preparation: Executive Management of Business and Financial Risks & Insurance
Review/Recommendation: Executive Management of Corporate Governance and Board Secretariat, Controllership and Accounting Division, Audit and Compliance Division
Final Approval: Board of Directors
This version of the Risk Management Policy is specifically designed for CPFL, ensuring it aligns with the company's values, operational needs, and governance framework while upholding rigorous risk management standards.

yto-large
scania-large
ricardo-large
aston
ford
proch
client
volvo
vwlogo
parker-large
daf-large
dana-large
eaton-large
hema-large
man-large
meritor-large
oerlikon-large
cnh-large
aam-large
terex-large