APPENDIX B: RISK MANAGEMENT POLICY
Risk management is considered critical to the company and as such it is viewed as a lifetime strategic project for JAA. JAA continuously monitors and reviews its risk management framework in view of the 11 principles of ISO 31000 and puts great effort into achieving outstanding results through the ongoing learning process.
JAA encourages transparent communications and making decisions with the best available information. It also motivates its employees to clearly understand the business and be proactive in detecting opportunities and threats.
All personnel are expected and encouraged to understand this culture and thus be instrumental in being part of JAA's decision making process. Utilization of uniform terminology is considered a crucial component for building and maintaining the desired culture throughout the company.
This document has been accepted and signed by the board of directors as an indication that there is a common understanding of how the company will manage its risks. The target audience of this policy is the entire organization comprising both the internal and external stakeholders. Each employee is required to understand, manage, monitor, and act according to the policies, principles, and methodology stated in this document. The Risk and Strategy Committee (RSC) approves and oversees the risk management policy and monitors the effect of risk management on the organization. The RSC is assisted by the Executive Risk Oversight Committee (EROC) with the oversight and monitoring of the risks impacting JAA.
This document supplies overarching principles and a framework for JAA for effective risk management. Each business unit is responsible for taking the necessary actions for treatment within the risk criteria. Each business unit is required to use the policies and the methodology that follow to design its processes and procedures.