Risk management policy
Workforce Cloud Tech, Inc. recognizes that enterprise risk management is an integral part of good management practice. Risk management is an essential element in achieving business goals and deriving benefits from market opportunities.
1. Policy overview:
The Company's risk management policy relates to the identification, assessment, monitoring, and mitigation of various risks to our business. The policy seeks to minimize adverse impact on our business objectives and enhance stakeholder value. Further, our risk management practices seek to sustain and enhance long-term competitive advantage of the Company.
2. Risk management framework:
2.1 Risk management structure:
The Audit Committee of Directors shall periodically review the risk management policy of the Company and evaluate the risk management systems so that management controls the risk through a properly defined network. Head of Departments shall be responsible for the implementation of the risk management system as may be applicable to their respective areas of functioning.
2.2 Risk management program:
The Company's risk management program comprises a series of processes, structures, and guidelines that assist the Company to identify, assessing, monitoring, and managing its business risk including any material changes to its risk profile. To achieve this, the Company has clearly defined the responsibility and authority of its Board of Directors to oversee and manage the risk management program, while conferring responsibility and authority on the Company's senior management to develop and maintain the risk management program in the light of the day-to-day needs of the Company. Regular communication and review of the risk management practice provide the Company with important checks and balances to ensure the efficacy of its risk management program.
2.3 Risk categories :
As a SaaS company following security risk categories have been considered in our risk management framework.
- Misconfigurations
- Access management
- Regulatory compliance
- Data storage
- Data retention
- Privacy and data breaches
- Disaster recovery
2.4 Mitigation measures:
Workforce Cloud Tech, Inc. is prepared for disasters and has a way to lessen negative impacts faced by a business. Comparable to risk reduction, risk mitigation takes steps to reduce the negative effects of threats and disasters on business continuity (BC).
The following steps in the design process of a risk mitigation plan:
- Identify all possible events in which risk is presented
- Perform a risk assessment
- Prioritize risks
- Track risks
- Implement and monitor progress
3. Oversight and key risk management practices:
3.1 Board
The Board is responsible for framing, implementing, and monitoring the risk management plan for the Company. The audit committee or management may also refer particular risk management issues to the Board for final consideration and direction.
3.2 Audit committee
The audit committee is responsible for ensuring that the Company maintains effective risk management and internal control systems and processes, and provides regular reports to the Board on the effectiveness of the risk management program in identifying and addressing material business risks. To achieve this, the audit committee is responsible for :
- Managing and monitoring the implementation of action plans developed to address material business risks within the Company and its business units, and regularly reviewing the progress of action plans
- Setting up internal processes and systems to control the implementation of action plans
- Regularly monitoring and evaluating the performance of management in managing risk
- Providing management and employees with the necessary tools and resources to identify and manage risks
- Regularly reviewing and updating the current list of material business risks
- Regularly reporting to the Board on the status of material business risks
- Ensuring compliance with regulatory requirements and best practices with respect to risk management
3.3 Senior management
The Company's senior management is responsible for designing and implementing risk management and internal control systems that identify material risks for the Company and aim to provide the Company with warnings of risks before they escalate. Senior management must implement the action plans developed to address material business risks across the Company.
Senior management should regularly monitor and evaluate the effectiveness of the action plans and the performance of employees in implementing the action plans, as appropriate. In addition, senior management should promote and monitor the culture of risk management within the Company and compliance with the internal risk control systems and processes by employees. Senior management should report regularly to the Board regarding the status and effectiveness of the risk management program.
3.4 Employees
All employees are responsible for implementing, managing, and monitoring action plans with respect to material business risks, as appropriate.
4. Review of risk management program
The Company regularly evaluates the effectiveness of its risk management program to ensure that its internal control systems and processes are monitored and updated on an ongoing basis. The division of responsibility between the Board, audit committee, and senior management aims to ensure that specific responsibilities for risk management are clearly communicated and understood. The reporting obligations of senior management and audit committee ensure that the Board is regularly informed of material risk management issues and actions. This is supplemented by the evaluation of the performance of the risk management program and audit committee, senior management, and employees responsible for its implementation.