Risk Management Policy

Purpose

The purpose of this Risk Management Policy is to establish a structured and systematic approach for identifying, assessing, managing, and monitoring risks that could impact VENBEST LLC’s operations, assets, personnel, and reputation. This policy aims to ensure that risks are managed proactively, consistently, and in alignment with the company’s strategic objectives and applicable regulatory requirements.

Scope

This policy applies to all VENBEST LLC employees, contractors, subcontractors, and business units across all locations and operations. It covers all types of risks including operational, financial, security, compliance, reputational, and strategic risks.

Principles

VENBEST’s grievance process is guided by the following principles:

  • Accessibility: The grievance mechanism is available to all stakeholders without discrimination.
  • Confidentiality: Complainants’ identities and information are protected to the fullest extent possible.

Definitions

  • Risk: The effect of uncertainty on objectives, which can be positive (opportunities) ornegative (threats).
  • Risk Assessment: The process of identifying, analyzing, and evaluating risks.
  • Risk Treatment: Actions taken to mitigate, transfer, accept, or avoid risks.
  • Risk Appetite: The amount and type of risk VENBEST is willing to accept in pursuit of its objectives.
  • Risk Owner: The individual responsible for managing a specific risk.

Policy Statements

  • VENBEST LLC commits to a proactive risk management culture, integrating risk considerations into all business processes and decision-making.
  • Formal, organization-wide risk assessments will be conducted at least annually and additionally when significant changes occur in the operational environment or business context.
  • Risk assessments will consider administrative, physical, technical, financial, legal, and reputational factors.
  • Risk evaluation criteria will be developed based on:
    · Strategic importance of business processes and assets
    · Legal, regulatory, and contractual obligations
    · Stakeholder expectations and potential impact on reputation
    · Operational criticality including availability, confidentiality, and integrity
  • All identified risks will be classified, prioritized, and documented in a Risk Register.
  • Risk treatment plans will be developed for risks exceeding the company’s risk appetite,detailing mitigation measures, responsible persons, timelines, and monitoring mechanisms.
  • VENBEST will maintain continuous risk monitoring and review processes to ensureeffectiveness of controls and to identify emerging risks.
  • Third-party risk will be managed through due diligence, contractual controls, and ongoingmonitoring of vendors, suppliers, and subcontractors.
  • Risk management roles and responsibilities will be clearly defined and communicated at alllevels of the organization.
  • VENBEST may engage independent external parties to conduct risk assessments or audits tovalidate the effectiveness of its risk management framework.

Roles and Responsibilities

  • Senior Management: Approve risk management policy, define risk appetite, and ensure adequate resources.
  • Risk Management: Oversee risk management activities, review Risk Register, and approve mitigation plans.
  • Risk Owners: Identify, assess, and manage risks within their areas of responsibility.
  • All Employees: Understand and comply with risk management policies and report potential risks or incidents promptly.

Risk Management Process

  • Risk Identification: Systematic identification of risks through audits, inspections, incident reports, and stakeholder feedback.
  • Risk Analysis: Assess likelihood and impact of identified risks using qualitative and quantitative methods.
  • Risk Evaluation: Compare risk levels against risk appetite to determine priority.
  • Risk Treatment: Select appropriate strategies such as mitigation, transfer (e.g., insurance),acceptance, or avoidance.
  • Monitoring and Review: Regularly monitor risk environment and effectiveness of controls; update Risk Register and treatment plans accordingly.
  • Communication and Reporting: Ensure timely communication of risk information to relevant stakeholders.

Risk Appetite and Tolerance

VENBEST defines its risk appetite to balance risk-taking with the achievement of businessobjectives. Risks exceeding the defined tolerance levels require immediate action and escalationto senior management.

Documentation and Records

All risk assessments, treatment plans, monitoring reports, and related documents will be maintained securely and retained according to company record retention policies and legal requirements.

Compliance and Continuous Improvement

This policy aligns with international standards including ISO 31000:2018 and ISO 18788. VENBEST commits to continuous improvement of its risk management framework through periodic reviews, audits, and incorporation of lessons learned.

Enforcement

Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract, as well as potential legal consequences.

Review Cycle

This policy will be reviewed at least annually or when significant changes occur in the business orregulatory environment.

Date of Implementation:  May 13, 2025

Vadym Olianishyn

General Director

VENBEST LLC

Risk Management Policy PDFDownload icon