EDC's Risk Management Policy
Risk Management Policy Statement:
We at Energy Development Corporation commit to proactively and effectively manage risk to ensure that the company achieves its corporate objectives. In order to fulfill our commitment, we will:
- Establish an enterprise risk management process that is aligned to international standards and best practices;
- Allocate appropriate resources to effectively manage risk;
- Ensure that the organization has the capabilities to manage risk;
- Establish a framework for setting risk management objectives and measuring risk management performance;
- Foster a robust risk culture across the organization by communicating, consulting, and cascading matters related to risk management in order to provide and obtain risk management information and to engage in risk dialogue with stakeholders, from the board level to the lower levels of the organization;
- Continually improve the company’s enterprise risk management program; and
- Comply with all relevant legal and regulatory requirements and other requirements related to risk management.
EDC's Enterprise Risk Management System
In 1994, Energy Development Corporation’s (EDC’s) risk management focused on the physical and insurable risks. In 2005, the company established an Enterprise Risk Management (ERM) system that covers both its tangible and intangible assets.
In 2010, EDC’s ERM system was aligned with ISO 31000:2009 (Risk Management – Principles and Guidelines). Below is an illustration of the company’s ERM process, which is based on ISO 31000:2009.
The company ensures that it achieves its corporate objectives by proactively managing risks through the conduct of risk assessments or risk reviews at the following levels of the organization:
EDC’s risk management process is embedded in the organization’s strategy execution process, which integrates ERM into the strategic planning, budgeting cycle, and organizational performance reviews. Through this process, the appropriate management levels and risk owners are made accountable for their strategies, targets, budgets, risks, and performance.
The Risk Management Committee of the Board
The committee plays a vital oversight role and serves as an important liaison to the board of directors. The specific duties and responsibilities of the committee are as follows:
1. Conduct a yearly evaluation of the company’s risk assessment and enterprise risk management program and ensure that appropriate controls are in place.
2. Recommend to the board the company’s strategic risks, including the risk mitigation and control measures that require immediate or urgent implementation.
3. Meet periodically with the Audit and Governance Committee, key management, and internal and external auditors to understand and discuss the control environment.
4. Review the company’s risk tolerance, financial exposures, and investment guidelines, including the mitigating strategies, insurance, and other risk financing schemes being undertaken.
5. Review periodically the security, safety, and physical loss control measures and the specific Emergency Response Plan adopted by the company to ensure that all risks are adequately covered.
EDC's Continuity Management System
EDC has also established a Business Continuity Management (BCM) system that covers emergency response, crisis management, and business recovery. The activities under the BCM system are implemented to address risks that are identified during the risk assessment exercise.