top of page

RISK POLICY

PREAMBLE

Haoxin Quarry Limited (“Haoxin Quarry”) views the management of risk central to its operational strategy of delivering sustained growth to stakeholders.

 

While the Chief Executive Officer (“CEO”) and Quarry Manager are the key drivers of risk management, the different management teams in the group, Executive Committee, Management Committee, Audit & Risk Committee and Board, as well as all employees, further assist with identifying, evaluating and managing key risk areas.

The risk management policy must be widely distributed throughout the company and be integrated into the daily activities.

 

 

Risk training and awareness

 

The Board and all employees should be exposed to risk induction and ongoing risk training programmes.

 

Top-down communication to employees and external stakeholders relating to risk minimization and the zero tolerance approach relating to non-adherence should be ongoing.

 

 

Risk management processes

 

Risk management processes are as follows:

 

  1. Risk register >

 

Risk identification is a continuous process applied frequently to update and accommodate changes in a volatile environment.

 

A formal risk register is maintained and should be updated quarterly to inform the directors and senior management. The register incorporates the probability of occurrence and potential impact of a specific risk. The register must be reviewed by the Management Committee, the Audit & Risk Committee and Board. Unpredictable risks must also be included. The risks on the risk register should be prioritized and ranked and responses documented.

 

Risks should be classified as follows (if significant):

 

 

 

 

  • Business strategy;

 

  • Economic;

 

  • Legislative, political and corporate governance;

 

  • Social;

 

  • Operational;

 

  • Sustainability (incl. safety/health, environment, responsible corporate citizen, ethics/values, transformation, compliance);

 

  • Financial;

 

  • Human Resources;

 

  • Market and competition behavior;

 

  • IT risks.

 

  1. Key control drivers >

 

Key control drivers originate from the following:

 

  • Policies and procedures;

 

  • Internal control system;

 

  • Management control system;

 

  • Authorization levels;

 

  • Risk analysis when major decisions are made;

 

  • Financial risk targets (capital, liquidity, credit, market);

 

  • Financial and management reporting.

Uncontrollable risks must be insured where applicable and affordable.

  1. Adherence to key controls >

To ensure that key controls are adhered to the following compliance activities are in place:

  • Management supervision and reviews;

  • “Hazard identification risk assessment” in respect of safety and health;

  • Internal audit;

  • Self-audits;

  • Loss control officer (operational auditor) inspections;

  • Government departments inspectors;

  • Industry body audits;

  • Audits by external consultants and specialists;

  • Compulsory reporting and returns to government departments;

  • Whistle blowing hotline.

  1. Risk incidents reporting >

 

Risk incidents must be reported as follows:

 

  • All instances of theft, fraud, injuries and damage to the company’s assets must be recorded and reported to the Chief Audit Executive each month. Each instance of fraud must be investigated to determine if internal and management controls functioned properly i.e. fraud was detected on time. Each injury must be investigated and corrective actions implemented;

  • All cases of theft and fraud committed by employees and external persons must be reported.

  1. Risk management monitoring >

The Board should ensure that risk management is effective and that risk monitoring occurs continually.

 

General

 

This policy must be reviewed annually by management and changes approved by the Board.

Management, Haoxin Quarry Limited

bottom of page