Risk Management Policy

Purpose of the Policy

• Define our commitment to risk management as an integral part of our operations.
• Establish a structured framework for identifying and assessing risks.
• Outline our strategies for mitigating and managing identified risks.
• Ensure transparency and accountability in our risk management practices.
• Minimise negative impacts on our business goals, enhance stakeholder value and maintain our long-term competitive advantage.

How Risk Management Policy Works?

iSmartRecruit is dedicated to proactively managing risks associated with its operations, products, services, and the broader business environment.

Here are the steps that reflect our commitment towards risk management.

• Risk Identification

• Continuously identify and document potential risks across all areas of our business.
• Encourage employees, clients, and stakeholders to report any perceived risks promptly.

• Risk Assessment

• Evaluate and prioritise identified risks based on their potential impact and likelihood.
• Develop a comprehensive understanding of the potential consequences associated with each risk.

• Risk Mitigation

• Develop and implement mitigation strategies to reduce the impact and likelihood of identified risks.
• Assign responsibilities and establish clear accountability for risk mitigation efforts.
• Monitor the effectiveness of mitigation measures and adjust them as necessary.

• Communication

• Communicate risk-related information transparently with employees, clients, and stakeholders.
• Foster a culture of risk awareness and responsibility across the organisation.

• Compliance

• Ensure compliance with all relevant laws, regulations, and industry standards related to risk management.
• Regularly review and update risk management practices to align with changing requirements.

• Continuity Planning

• Develop and maintain business continuity and disaster recovery plans to address potential disruptions.
• Regularly test and update these plans to ensure their effectiveness.

Roles and Responsibilities for Risk Management Practices

• Board

The Board assumes responsibility for formulating, executing, and overseeing the Company's risk management plan. In specific cases, the audit committee or management may refer specific risk management issues to the Board for final guidance and direction.

• Executive Leadership

The Company's senior management is tasked with designing and implementing risk management and internal control systems geared towards identifying material risks that may affect the Company.

These systems aim to provide early warnings of potential risks before they escalate. Senior management must also ensure the implementation of action plans designed to address significant business risks across the Company.

Senior management is responsible for:

• Regularly monitoring and evaluating the effectiveness of action plans and the performance of employees in executing these plans, as applicable.
• Fostering and monitoring a culture of risk management within the Company.
• Ensuring compliance with internal risk control systems and processes by employees.
• Providing regular reports to the Board on the status and effectiveness of the risk management program.

• Audit Committee

The audit committee plays a pivotal role in ensuring the Company maintains effective risk management and internal control systems and processes. It provides regular reports to the Board regarding the risk management program's effectiveness in identifying and addressing significant business risks.

To fulfil this mandate, the audit committee is responsible for:

• Managing and overseeing the implementation of action plans designed to address significant business risks within the Company and its business units while periodically reviewing the progress of these plans.
• Establishing internal processes and systems to monitor the execution of action plans.
• Regularly assessing and evaluating management's performance in risk management.
• Equipping management and employees with the necessary resources and tools to identify and manage risks effectively.
• Continuously reviewing and updating the list of significant business risks.
• Providing periodic reports to the Board regarding the status of significant business risks.
• Ensuring compliance with regulatory requirements and industry best practices in the realm of risk management.

• Employees

All employees bear the responsibility of implementing, managing, and monitoring action plans concerning significant business risks, as appropriate. Their roles include actively participating in the identification, assessment, and mitigation of these risks while complying with the Company's internal risk control systems and processes.

Reporting and Monitoring

• Regular risk assessments will be conducted to update the risk register.
• An annual review of this policy will be conducted to ensure its effectiveness and relevance.
• Incidents and breaches will be reported promptly to the appropriate parties and thoroughly investigated.

Conclusion

At iSmartRecruit, risk management is a collective responsibility, and we are dedicated to fostering a risk-aware culture. By adhering to this policy, we aim to protect our business, clients, and stakeholders while maintaining our commitment to innovation and excellence.