Thank You for sharing our information!
In order to improve and streamline the risk management processes implemented at the Airport, SJSC Riga International Airport has developed and approved its Risk Management Policy. 1. SJSC “Riga International Airport” Risk Management Policy (approved at the meetin...
In order to improve and streamline the risk management processes implemented at the Airport, SJSC Riga International Airport has developed and approved its Risk Management Policy.
1. SJSC “Riga International Airport” Risk Management Policy (approved at the meeting of the Supervisory Board on July 8, 2020, minutes No.11) sets out the following risk management principles:
1.1. Integration in management – Airport risk management is integrated into the Airport's corporate governance, including strategic management (strategy development and implementation, including the achievement of strategic goals), as well as all organizational processes and projects, including day-to-day operations and decision-making at all levels of the Airport structure;
1.2. Dynamism – as a result of changes in the external and internal environment, certain risks may arise and change. Airport risk management responds to change and facilitates timely identification, analysis, assessment and adequate response to related risks;
1.3. Practicality and efficiency – Airport risk management contributes to the implementation of the Airport's strategy, achievement of objectives and corresponding indicators, as well as it is adapted to the Airport's needs, functionality and organizational culture. The Airport takes into account the level of residual risk and ensures systematic and timely reporting of the Airport's risks, as well as responding to them, defines and implements risk control measures that do not duplicate, are cost-effective (cost-benefit proportionality is observed). The level of residual risk at the Airport is not unduly low or high;
1.4. Traceability and validity of information – Airport's risk management process uses historical and current data and/or information stored in risk registers, staff experience, observations, forecasts and expert judgement to more objectively determine the level of residual risk, taking into account information classification requirements. Data and/or information on risks shall be stored at the Airport so that decisions can be traced and their validity justified;
1.5. Continuous improvement – by identifying Airport's risks and responding to them, the Airport ensures continuous improvement and optimization of its processes, taking into account the identified changes in the internal and external environment, as well as the knowledge and experience acquired by the Airport staff. Airport risk management is continuously improved in accordance with the requirements of external regulations governing the management of the relevant types of risks, as well as good practice, including international standards;
1.6. Involvement and cooperation – by consulting and educating the participants involved in the Airport risk management process, a common understanding of the Airport risk management process and its benefits is formed, including the division of responsibilities and duties specified in external regulations, Policy and internal Airport regulatory documents and other documents governing the management of the relevant types of Airport risks. Airport risk management uses a team approach and thus involves Airport staff with the necessary knowledge and experience to ensure the relevant Airport process or risk identification system and supports and facilitates their cooperation to ensure the effective implementation of the Airport’s risk management framework at the Airport. Work in groups creates a supportive risk culture and motivates employees to get involved in the Airport risk management process;
1.7. "Three lines of defence" concept – in order to ensure the effectiveness of the Airport's risk management, the Airport follows the structure of three lines of defence:
1.7.1. “First line of defence” means continuous management of Airport risks, including the control environment and measures that reduce the level of risk on a day-to-day basis through the implementation of processes/projects, the operation of systems, including operational decisions. Airport risk management, including the implementation of Airport risk control measures on a daily basis (in the course of performing duties) is ensured by department heads, process/sub-process managers, employees, as well as the relevant Airport risk management working groups, assessing and reporting Airport risks within their competence, observing the external regulations in the field of Airport risk management, the Policy and the internal regulations of the Airport and other documents regulating the management of the respective types of risks;
1.7.2. “Second line of defence” – support and advice in defining the risk management framework, implementing and maintaining the risk management process, as well as monitoring the first line of defence Airport risk management process. The operation of the second line of defence is ensured by the Quality Assurance Department through quality audits (ensuring the compliance function), the Information Technology Security Commission, the Airport Risk Management Committee, as well as those responsible for coordinating the relevant Airport risk management, promoting the implementation, maintenance, improvement and methodological support, thus improving the effectiveness of the first line of defence Airport risk management;
1.7.3. "Third line of defence" – independent and objective internal audit. The Head of the Internal Audit Unit shall ensure the internal audit function, including an independent and objective assessment of the operation of the Airport's risk management, including the “first and second lines of defence”, and report to the Airport Board and Supervisory Board.