Corporate Risk Management Policy
CORPORATE RİSK MANAGEMENT POLİCY
1. PURPOSE AND SCOPE
As İzdemir Enerji Elektrik Üretim A.Ş. (the “Company”), we aim to achieve sustainable growth and create value by implementing effective risk management at every stage of our business processes. The purpose of this policy is to effectively manage the strategic, operational, financial, and compliance risks faced by the Company. The Corporate Risk Management Policy covers the processes of identifying, assessing, monitoring, and managing potential risks. The policy aims to standardize the processes of identifying, assessing, controlling, and reporting risks, and to raise risk management awareness throughout the Company. This policy must be adopted and implemented by all our employees, management levels, and relevant stakeholders.
2. BASIC PRINCIPLES
2.1 Proactive Approach to Risk Management
A proactive approach is adopted to identify and assess potential risks at an early stage in order to prevent or minimize possible losses.
2.2 Integrated Risk Management
Risk management is implemented in an integrated manner consistent with business strategies and objectives. Risk management is integrated into all business units and processes.
2.3 Transparency and Accountability
Risk management processes are conducted transparently and reported to the relevant parties. Accountability is ensured regarding risk management activities and their outcomes.
2.4 Continuous Improvement
Risk management processes and controls are regularly reviewed and improved. The continuous development of a risk management culture is encouraged.
3. RISK MANAGEMENT PROCESS
3.1 Risk Identification
Business processes and projects are reviewed regularly to identify potential risks. Internal and external environmental factors are included in the risk assessment process.
3.2 Risk Assessment
The identified risks are assessed in terms of their likelihood and impact. The potential financial, operational, strategic, and compliance impacts of the risks are analyzed.
3.3 Risk Control
Appropriate control measures are developed and implemented to address the identified risks. Strategies for risk mitigation, risk sharing, risk avoidance, or risk acceptance are adopted.
3.4 Risk Monitoring and Reporting
The Board of Directors and Senior Management continuously monitor risks to ensure the effective implementation of risk management processes and the coordination and integration of risk management activities. The Company’s Internal Audit unit audits the effectiveness and appropriateness of risk management processes and reports to senior management. Additionally, the Early Risk Detection Committee identifies and assesses potential risks at an early stage and reports regularly to the Board of Directors and senior management to minimize the impact of risks.
4. REVIEW AND UPDATE OF THE POLICY
The Enterprise Risk Management Policy is reviewed at regular intervals and updated as necessary. The policy is revised in line with changing internal and external conditions and communicated to all stakeholders.
This was approved by our company’s Board of Directors at its meeting No. 24 held on August 28, 2024.