HOW TO USE THE TEMPLATE

This Risk Management (RM) template consists of 4 sheets:

1) How-to-use the template (this sheet)

2) Risk Assessment. This is the actual template that shall be filled out.
3) Value list. This sheet contains the values for the drop down menus. This must not be changed
4) Risk scales. This defines risk threshold level (risk acceptance level), pluss risk probability and
consequence scales

How to fill out the risk assessment -

(Also see Procedure "GPRO_03 Risk Management" that details responsiblity and needed actions and
reporting related to Risk Management)

Preparations:

0) Define the risk threshold levels. Threshold level defines yellow and red levels.
, consequence- and probability scale to be used for the risk assessment.

Risk assessment:

1) Start with describing the risk elements in column B

2) All risk elements shall be tagged with one of the predefined risk areas in column A. Choose from the
drop-down value list.
3) Describe the potential consequence if the risk is not mitigated in (column C). Here you should also
describe the significance of the risk
4) If mititation measures for the risk element are already taken, describe these in column D
5) Define risk probability and consequence in column E and F. Use the drop-down value list. How to
understand the scales are described in the tab "risk scales".
6) The risk level is calculated in column G and colour green, yellow or red will be automatically set based
on your defined threshold level under the "Ras Scales" sheet. Red means critical risk that needs mitigation
measures to be defined and followed up until closure. Yellow means that risk mitigation should be
considered from case to case. Whether mitigations are needed is decided by local management from case
to case.

If the risk is critical the following steps are required:

7) Define actions (column H) that will be initiated to reduce risk element. Risk can be reduced by reducing
probasbility and/or consequence.
8) Appoint a person (name required) responsible for the risk and minigation actions (colums I) and the
function he/she belongs to (choose from drop-down list in column J)
9) Define due date for completeing action in column K
10) Set status on actions using drop-down list in column L
11) Comment in the status in column M to give a description of the mitigation efforsts.
12) The risk assessment shall be updated monthly (as minimum) until all critical risks are mitigated and
shown as non-critical

See procedure "GPRO_03 Risk Management" for further details.

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
 RISK ASSESSMENT
RISK ANALYSIS RISK MITIGATION
Entry date Risk area Description of risk element Description of consequence Mitigation measures already in Proba Conse Risk Actions to reduce risk Risk owner Function Due date Status Comment to status
place bility quenc level
e
26.04.2018 Financial Last Minute flight/Hotel Booking We are likely missing best deal / Global Travel Policy 5 1 5 Travelers should schedule their Shital HR In
fare. Company operational cost meetings/appointments where travel progress
goes up as we will pay whatever is involved as far in advance as
flight/hotel is available. possible to take advantage of
maximum advance purchase
discounts, which is also stated on
the Global Travel Policy but it still
needs to be communicated and
reinforced, especially with new
employees as they come on board.

26.04.2018 Financial Flight Booking that requires We usually provide travelers with
changes the lowest available direct flight
options in order to maximize saving.
The lowest fare ticket is frequently
non-changeable/non-refundable.
Thus for any change requests, we
may have to pay costly airlines fees
or buy a new ticket.
None 5 1 5 Travelers need to provide more shital HR In
information on their travel progress
authorization form such as: they
require changeable ticket if they do
not have confirmed schedule. We
could provide travelers with flight
options that allow changes or
cancellation, which could cost less
than changing existing ticket or
buying a new ticket.

26.04.2018 Financial Flight and Hotel bookings are not
booked through centralized team
due to specific reasons, such as
urgency, personal preference, etc.
- No control of cost as travelers may None 5 1 5 Travel policy that provides specific Shital HR In
book their own travel arrangements guidelines such as travel budget progress
without clarity on the acceptable ranges on flight ticket and hotel if
limits costs. travelers have to book or make their
- Travelers who comply with the own travel arrangement.
company's travel procedures may
have perception of unfair treatment,
inconsistency and double-standards

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
Date: 2017-06-08
 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
Date: 2017-06-08
 VALUE LISTS

Risk area
Strategic Risks associated with the long-term strategy and the implementation of the
strategy, incl. the ability to reach the planned objectives. Can be affected by
i.e. industry, capital, legal requirements, political issues, technology, reputation
and competitor activities
Financial Risks associated with the effective management and control of finances incl.
macro risks, risk of being part of the financial market, financing of the
company, liquidity/cash flow, financial reporting etc.
Compliance Risks associated with compliance to regulatory requirements, incl. tax, legal,
accounting, health and safety, environment and data-protection
Business Risks Risk related to management decisions and use of resources, including
reliability/ relationships to customers and suppliers
Operational Risks associated with our day to day operations and the efficiency and safety
of the business processes involved
Political Risk associated with the political stability in the countries where Eltek operates
or are involved
Fraud/corruption Risk associated with corruption or fraudulent activities, e.g. employees
enriching themselves illegally or unethically
Security/IT Risks associated with security over group assets incl. data/personnel
resources and the relationship to various stakeholders
HR Risk associated with attracting the right competence and employees, ability to
retain key personnel and development of skills and competence
Reputation Risk associated with Eltek's name and standing in the market place
Safety Risk associated with safety over personnel and group assets
Environment Risk associated with environmental damage.

Functional Areas
Engineering
Production
Store
Finance
Purchase
Sales / Marketing
HR
QA
CS
Logistic
Status
Not started
In progress
Closed

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano

Risk threshold levels Value
Level 1 14
Level 2 10
Risk Concequence Scale
Value Description Example: Financial impact
1 Small
2 Moderate
3 Medium
4 High
5 Very high
Risk Probability Scale
Value Description
1 Small
2 Moderate
3 Medium
4 High
5 Very high
GFORM_015 Risk Management Matrix
Prepared by: hehvno
Approved by: frvano
RISK SCALES
Decription
Critical risk level. Mitigation is required.
Important risk that should be adressed (local management to decide from case to case)
Example: HSE impact
EBITDA impact <0,1% No injury
Minor injury with no absence
EBITDA impact 0,1<x<0,4 from work
Moderate/major injury resulting
EBITDA impact 0,4<x<1,0 in absence from work
Permanent disability resulting in
EBITDA impact 1,0<x<5 absence from work
Permanent disability resulting in
EBITDA impact >5 full job loss or death
Example: occurance frequency
More than 10 years
Once every 5-10 years
Once every 2-5 years
Once every 1-2 years
Once a year
Valid on date of print only . Printed: 02/06/2022