Risk Management Policy
Introduction
Wisdom Tree s.r.o. faces various risks that could impact any facet of its administrative or commercial operations, recognizing that effective risk management is crucial for achieving the company's operational goals and strategic objectives.
The Risk Policy establishes a consistent approach to risk management throughout the organization, defines the roles of senior managers and the Governing Body, and outlines risk assurance and risk management processes.
The Risk Policy aims to enable Wisdom Tree s.r.o. to:
- minimize the likelihood and impact of threat risks,
- maximize the likelihood and benefit of pursuing opportunity risks through prioritized and targeted risk mitigation to ensure efficient resource utilization.
Objectives of the Policy
- To outline the company's fundamental approach to risk assurance;
- To document the responsibilities of the Board of Directors, the Chief Executive Officer, and other key committees and individuals;
- To outline key aspects of the risk management process;
- To identify the main reporting framework and procedures.
Definition of Risk Management
Definition of Risk
Wisdom Tree s.r.o. defines risk as the possibility of uncertain events, actions, or circumstances that, if realized, could have a significant adverse or beneficial impact on the company's objectives, business, professional services, or project outcomes.
The company's goal is not to eliminate risk but to empower managers to appropriately mitigate and manage it within the established risk tolerance of the company.
What is Risk Management?
Risk management is a deliberate and systematic approach to identifying, analyzing, evaluating, and addressing risks at all organizational levels.
Risk management involves determining the acceptable level of risk exposure, which allows the company to achieve its objectives while maintaining a balance between risk exposure and mitigation costs. Risk management is a process that provides assurance that:
- objectives at all levels are more likely to be achieved,
- damaging events are less likely to occur,
- beneficial events are more likely to occur.
The company's approach to risk management supports the Chief Executive Officer and Professional Services Departments in determining prioritization actions. This approach aligns with the development and execution of the company's strategy, strategic programs, and professional service planning.
Levels of Risk Identified at the Company
- Strategic risks - risks that impact the organization as a whole and the achievement of strategic objectives;
- Tactical risks - risks related to achieving functional objectives;
- Operational risks - risks related to departmental operations;
- Strategic programs and their project outcomes - risks associated with time-limited activities and medium-to-long-term benefits delivery.
- The company distinguishes between threat risks and opportunity risks.
Roles and Responsibilities
The Chief Executive Officer bears overall responsibility for risk management within Wisdom Tree s.r.o. with implementation responsibilities delegated to the Chief of Staff and Clerk to the Board of Directors / Head of Policy and Strategy.
It's important to note that risk management is the responsibility of everyone at Wisdom Tree s.r.o. not limited to a few named individuals. The company maintains a register of strategic and tactical risks that inform risk assessment, integrated into the planning and budgeting process.
Role of the Board of Directors
The Board of Directors is accountable for ensuring the presence of an effective and proactive risk management system that rigorously assesses, understands, and manages risks throughout the organization. This is achieved by approving the risk management framework and receiving advice from the Audit, Risk, and Assurance Committee regarding the framework's effectiveness and operation.
Through the approval of the Risk Policy, the Board of Directors sets the tone for and influences the risk management culture within the company. This includes determining:
- the company's risk attitude - understanding the current and foreseeable context to determine the company's risk tolerance;
- the 'risk appetite' for specific strategic risks - evaluation of strategic risks through the Audit, Risk, and Assurance Committee also provides regular risk tolerance reviews;
- acceptable and unacceptable types of risks;
- standards and expectations of staff regarding conduct and integrity in risk management.
The Board of Directors is also responsible for:
- determining the appropriate level of risk exposure for the company;
- making major decisions that affect the company's risk exposure;
- monitoring the management of strategic risks;
- reviewing the company's risk management framework periodically;
- approving any significant changes to the company's risk management framework and Risk Policy;
- reviewing the strategic risk register and receiving regular reporting.
Role of Senior Management
Senior management plays a critical role in the implementation of risk management throughout the company, ensuring that:
- risk management processes are integrated into business planning, decision-making, and operations;
- risk assessment and mitigation are embedded in departmental and professional service planning;
- responsible individuals are identified for risk management at all levels;
- risk registers are actively maintained and reported on;
- risk management performance is monitored and reported;
- adequate resources are allocated to risk management activities;
- departmental risk registers align with the company's strategic risk register;
- the Board of Directors and Chief Executive Officer are regularly informed about key risk issues.
Senior management is also responsible for reviewing and updating risk assessments as part of the company's quarterly and annual planning processes.
Role of the Audit, Risk, and Assurance Committee
The Audit, Risk, and Assurance Committee provides independent assurance and assistance to the Board of Directors in relation to risk management, internal control, and governance matters. Its primary role is to:
- review the company's risk management framework and risk management policies;
- evaluate the effectiveness of the risk management framework;
- consider the company's risk appetite and risk tolerance;
- review and approve the strategic risk register;
- monitor the implementation of risk management and internal control practices;
- oversee the internal audit function and receive reports on internal audit findings related to risk management;
- provide regular reports to the Board of Directors on risk management and internal control matters;
- recommend improvements to the risk management framework and practices;
- engage with external auditors on risk-related matters.
Risk Management Process
The company employs a structured risk management process, which involves the following key steps:
- Identification of risks: Identifying and documenting potential risks that may affect the achievement of objectives at all levels.
- Risk assessment: Assessing the significance and likelihood of each identified risk, considering potential consequences and impacts.
- Risk mitigation: Developing and implementing appropriate strategies and actions to mitigate and manage identified risks.
- Monitoring and reporting: Regularly monitoring the effectiveness of risk mitigation measures and reporting on risk management performance.
- Review and improvement: Periodically reviewing the risk management framework and practices to ensure their effectiveness and making improvements as necessary.
Reporting Framework
The company has established a reporting framework to ensure that risk-related information is communicated effectively throughout the organization. This framework includes the following components:
- Regular reporting to the Board of Directors on key risk issues and the status of risk management activities;
- Quarterly departmental and professional service risk reporting, which feeds into the strategic risk register;
- Annual reporting on the effectiveness of the risk management framework to the Audit, Risk, and Assurance Committee;
- Ad hoc reporting as necessary to address emerging risks or significant events.
The reporting framework is designed to promote transparency and accountability in risk management and ensure that key stakeholders are informed about the company's risk profile and performance in managing risks.
Conclusion
Effective risk management is an integral part of Wisdom Tree's approach to achieving its strategic objectives and delivering professional services to its clients. This Risk Management Policy outlines the company's commitment to identifying, assessing, and managing risks at all levels of the organization, with the ultimate goal of ensuring the continued success and sustainability of the company.
This policy will be regularly reviewed and updated to reflect changes in the company's risk profile and the evolving business environment.