EFTA01074081.pdf

IPI INTERNATIONAL PEACE INSTITUTE RISK MANAGEMENT POLICY 1. Introduction Risk management is the process of assessing exposures to loss within organizational and program activities and determining how best to eliminate, manage or otherwise reduce the risk of an adverse event from having a negative impact on the business operations. Risk reduction is achieved through policies and procedures, or through contractual transfer of the risk to a third party, typically an insurance company. Risk elimination is achieved through avoidance. International Peace Institute (IPI) recognizes risk management as an integral component of good governance and fundamental in achieving its strategic and operational objectives. It improves decision-making, defines opportunities, and mitigates material events that may impact its mission. The IPI Management Team is responsible for ensuring that IPI programs, activities, and policies are conducted in a manner that considers the risk of loss or injury to IPI staff members (which include directors, officers, full-time and part-time employees, consultants, interns, and volunteers) and to vulnerable persons they may come into contact with during the course of their work, in particular women and children. In maintaining IPI's risk management policy, the IPI Management Team shall consult with the head of programs, as appropriate. The IPI Management Team will work with staff members to carry out this policy. 2. Methodology IPI has adopted an organizational wide framework that incorporates a system of risk oversight, risk management, and internal control designed to identify, assess, monitor, and manage risks consistent with the Employment Laws and safety and security of its assets, staff members, and vulnerable persons in research environments, in particular women and children. IPI applies risk management in a well-defined, integrated framework that promotes awareness of risks and an understanding of the company's risk tolerances. This enables a systematic approach to risk identification, leverage of any opportunities and provides treatment strategies to manage, transfer and avoid risks. 3. Scope This policy applies to all staff members at any level of seniority within the business. The policy also applies to contractors and consultants working on behalf of IPI. IPI's Risk Management Policy has been developed to protect the following: • IPI Staff Members • Vulnerable persons in research environments (in particular women and children) • Organizational Reputation EFTA01074081  • Financial Assets • Business policy and processes 4. Responsibilities The Board is ultimately responsible for identifying and assessing organizational and program activity risks, in particular activities that involve contact with vulnerable persons such as women and children, which may impact IPI in achieving its strategic objectives while protecting the rights and wellbeing of women and children. The Board is responsible for determining the company's risk appetite, overseeing the development and implementation of the risk management framework and maintaining an adequate monitoring and reporting mechanism. The IPI Management Team is responsible for ensuring that organizational and program activity risks are identified, analyzed, evaluated, and mitigated. The IPI Management Team must develop a sustainable control environment to manage significant risks and champion the implementation of risk management processes within their organizational and program activities. 5. Reporting The IPI Management Team is responsible to report to the IPI President and the Board risks that may impact the organization's operation, programs, and strategic objectives. 6. Policy Review This policy will be reviewed at least annually to ensure effectiveness and its continued application and relevance to IPI. EFTA01074082