Risk Management Policy

1. POLICY OVERVIEW

Adeliance OÜ operates in an environment where a variety of internal and external risks may affect its administrative activities, commercial operations, and long-term objectives. Managing these risks effectively is essential to the achievement of strategic priorities and operational stability.

This Risk Management Policy establishes a unified framework for identifying, assessing, and managing risks across the organization. It defines governance responsibilities, clarifies accountability at different levels, and describes how risk oversight and assurance are embedded in business processes.

The policy is designed to support Adeliance OÜ in:

  • reducing the probability and potential impact of adverse risk events; and
  • recognizing and responsibly pursuing opportunities that may contribute positively to business outcomes.

2. POLICY OBJECTIVES

  • Define the organization’s approach to risk oversight and assurance;
  • Clarify roles and responsibilities of governing bodies, executive leadership, and key functions;
  • Describe the core components of the risk management process;
  • Establish reporting and escalation mechanisms for risk-related matters.

3. RISK AND RISK MANAGEMENT CONCEPTS

3.1 Definition of Risk

Within Adeliance OÜ, risk is understood as the possibility that uncertain events or circumstances may arise which could influence the achievement of organizational objectives, either negatively or positively.

The company does not seek to eliminate all risk. Instead, it aims to ensure that risks are understood, evaluated, and managed within an acceptable tolerance aligned with strategic intent.

3.2 Risk Management Approach

Risk management is a structured and continuous process applied across all levels of the organization. It involves identifying potential risks, assessing their significance, determining appropriate responses, and monitoring outcomes over time.

This approach supports informed decision-making by balancing acceptable levels of risk against the cost and effectiveness of mitigation measures. Effective risk management increases confidence that:

  • organizational objectives are achievable;
  • undesirable outcomes are less likely to materialize; and
  • favorable opportunities can be identified and leveraged.

The framework supports executive leadership and operational teams in prioritizing actions and aligning risk considerations with strategic planning, program delivery, and professional services.

3.3 Categories of Risk

  • Strategic risks – risks affecting the organization’s long-term direction and strategic objectives;
  • Tactical risks – risks associated with achieving functional or business-unit goals;
  • Operational risks – risks arising from day-to-day activities and internal processes;
  • Program and project risks – risks linked to time-bound initiatives and delivery of anticipated benefits.
  • Risks may be classified as either threat-related or opportunity-related.

4. GOVERNANCE AND ACCOUNTABILITY

Overall accountability for risk management rests with the Chief Executive Officer. Operational responsibility for implementation is delegated to senior leadership, including the Chief of Staff and the Clerk to the Board of Directors / Head of Policy and Strategy.

Risk management is a shared responsibility across Adeliance OÜ. All employees are expected to identify, report, and manage risks relevant to their roles. Strategic and tactical risks are documented in formal risk registers and integrated into planning and budgeting cycles.

4.1 Board of Directors

The Board of Directors oversees the effectiveness of the company’s risk management framework and ensures that appropriate systems are in place to identify and manage material risks.

By approving this policy, the Board establishes expectations for the organization’s risk culture and determines:

  • the overall risk tolerance in light of current and anticipated conditions;
  • risk appetite in relation to key strategic risks;
  • categories of acceptable and unacceptable risk; and
  • standards of conduct and integrity in managing risk.

The Board is also responsible for approving significant changes to the risk framework, reviewing strategic risk reporting, and monitoring exposure to material risks.

4.2 Senior Management

Senior management ensures that risk management practices are embedded within operational planning and decision-making. Their responsibilities include:

  • integrating risk assessment into business and service planning;
  • assigning clear ownership for identified risks;
  • maintaining and updating risk registers;
  • monitoring mitigation actions and outcomes;
  • allocating appropriate resources to risk management activities;
  • ensuring alignment between departmental and strategic risk registers; and
  • reporting significant risk matters to the Chief Executive Officer and the Board.

4.3 Audit, Risk, and Assurance Committee

The Audit, Risk, and Assurance Committee supports the Board by providing independent oversight of risk management, governance, and internal control systems.

  • reviewing the risk management framework and related policies;
  • assessing the effectiveness of risk management practices;
  • considering risk appetite and tolerance levels;
  • reviewing the strategic risk register;
  • overseeing internal audit activities related to risk;
  • reporting findings and recommendations to the Board; and
  • liaising with external auditors on risk-related issues.

5. RISK MANAGEMENT PROCESS

Adeliance OÜ applies a consistent risk management cycle comprising the following stages:

  1. Risk identification – recognizing and documenting potential risks across activities and objectives;
  2. Risk evaluation – assessing likelihood, impact, and overall significance;
  3. Risk response – defining and implementing mitigation or exploitation strategies;
  4. Monitoring – tracking risk indicators and the effectiveness of controls; and
  5. Review – refining the framework and controls as conditions evolve.

6. RISK REPORTING

A structured reporting framework ensures that relevant risk information is communicated effectively throughout the organization.

  • Regular reporting to the Board on strategic risks;
  • Quarterly risk reporting from departments and professional services;
  • Annual review of the risk framework by the Audit, Risk, and Assurance Committee;
  • Escalation of emerging or critical risks as required.

This framework supports transparency, accountability, and informed oversight of the company’s risk profile.

7. POLICY REVIEW

Risk management is a core element of Adeliance OÜ’s approach to sustainable growth and professional service delivery. This policy will be reviewed regularly to ensure it remains appropriate to the organization’s size, structure, and operating environment.

Updates will be made as necessary to reflect changes in strategy, risk exposure, or regulatory expectations.