Objectives of Risk Management

The only purpose of risk management is to accomplish our business objectives, as that is what we are accountable for to the stakeholders of the company. Each employee has a vested interest to ensure that this happens to the best of his or her abilities and in a way that is consistent with his or her job descriptions. All risks must be understood and all key decisions must factor into such understanding before an action is taken. JAA acknowledges that increasing personal capabilities will also increase organization capabilities. Therefore, maximum prudent effort is expected from each employee in the decision making process to prioritize organization resources so that JAA's objectives are attained at all levels.

Terminology

Risk: Effect of uncertainty on objectives.

Risk criteria: Terms of reference against which the significance of a risk is evaluated.

Risk management: A discipline for managing uncertainty.

Risk monitoring: Continuous checking, supervising, critically observing, or determining the status in order to identify change from the performance level required or expected.

Risk register: A dynamic record that is maintained to monitor and review risks continuously. It is not intended to be used as a static document, and it represents one of the critical outputs of the risk management process.

Risk treatment: Process to modify risk.

Stakeholder: Entity that affects, is affected by, or perceives that it can be affected by a decision of the organization. Each stakeholder's needs and expectations have to be addressed explicitly in the risk management process. In addition, a robust communication process needs to be established with all stakeholders.

Risk Oversight Principles

The board acknowledges that it will not always be able to manage all of the risks the company faces within the set risk criteria. Consequently, a set of high-level principles that set the overarching boundaries for how the company will manage its risks effectively is in place, so that the strategic objectives can be achieved:

• The board will adopt measures to ensure a low level of volatility in revenues and earnings.

• The board will promote orderly business operations to guard against a loss of confidence in the company by all stakeholders, including shareholders, customers, suppliers, and regulatory agencies.

• The board will adopt measures to minimize regulation-related risks.

• The board will review any changes to the existing risk profile caused by the introduction of any new significant projects.

• The board will monitor business and strategic performance via reporting of key performance indicators. The risk criteria statements will provide a basis for strategic evaluation and assessment of new strategic directions.

A discussion of JAA's business strategy must include an analysis of the uncertainties impacting objectives of that strategy. This will provide JAA with an opportunity to improve the likelihood of strategic success by thinking about risks proactively.