NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD Republi of Rand NAEB RISK MANAGEMENT POLICY NAEB is committed to implementation of a formal risk management framework to aid in formal management of enterprise-wide risks and opportunities in compliance to the Ministry of Finance and Economic Planning (MINECOFIN) risk management guidelines 2019 and ISO 31000:2018 standard for Risk Management; to be achieved through 1. Maintaining and continually improving its Risk Management Framework to ensure delivery ofits objectives. Ensuring risk exposure is maintained at an acceptable level as per the documented risk appetite. Applying risk management as a continuous process. Ensuring Risk management responsibilities are defined and implemented sk Management will help to ensure legal and regulatory compliance Communicate and implement this policy throughout the entire organization and key stakeholders through Establishing a Risk Management Procedure ae NAEB?’s high-level Risk Management objectives are defined as follows: Ensure review of the Risk Policy and risk procedure every 3 years. Ensure performance of an annual risk assessment. Ensure quarterly monitoring of risk action plans. Ensure annual Risk Management training of nominated Risk Champions Ensure annual reporting to the Board on the status of risks Ensure quarterly monitoring and reporting of key risk indicators for key control processes Ensure annual awareness and communication to key external stakeholders that affect NAEB’s mandate to embrace risk management as a practice. one ene Claude BIZIMANA CEO-NAEB December 2020 @ BP 104 Kigall To, (250) 2525756000 Hotine 3000 vNAEB NATIONAL AGRICULTURAL (%)) EXPORT DEVELOPMENT \_& BOARD Repub of Rwanda NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD P.O Box 104 Kigali - Rwanda, Phone: +250 0252 57 56 00 E-mail: info@nacb.gov.rw, website: www.naeb.gov.rw NAEB RISK MANAGEMENT PROCEDURE @ BP 106 Kigall Tel, (250) 252 57 5600 Hotline 3800 oe fNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD Reni of Rvanda FOREWORD ‘The purpose of Risk Management to help NAEB better protect and enhance stakeholder value. Its underlying philosophy is that value is maximized when management sets strategy and objectives to deploy resources efficiently and effectively in pursuit of the entity’s objectives” Managing risks should be done through a systematic, structured, and timely framework. This Risk Management Procedure Manual sets out NAEB’s commitment to implementation of @ formal risk ‘management framework to aid in the identification, analysis, evaluation of enterprise wide risks and opportunities according to the Ministry of Finance and Economic Planning risk management guidelines and ISO 31000:2018 Risk Management Guidelines, The implementation of formal Risk Management framework is designed to enable NAEB minimize the probability and impact of adverse incidents: in service delivery to ensure achievement of its mandate. All management, staff and stakeholders will be expected to fully adopt risk management procedures to ensure effective implementation at NAEB Claude BIZIMANA Chief Executive Officer tural Export Development Board National Agri 0 MPMI GOR AEST EM” Satin SA ¥NAEB NATIONAL AGRICULTURAL &) EXPORT DEVELOPMENT : BOARD feos anes AMENDMENT RECORD SHEET REVISION] DATE | SUBJECT REQUESTED [APPROVED — [ISSUED BY: NO. By: BY: DETAILS oF Name, Signature [AMENDMENTS & Date DISTRIBUTION 1, CEO 2. COO 3. CFO 4. DMs 5. DAF 6. RISK MANAGEMENT CHAMPIONS 7. NAEB Website 150) 252575600 Hotline 3800 0 BP 104 Kigali, Tel *NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD es 1. Table of Contents FOREWORD BY CEO. AMENDMENT RECORD SHEET DISTRIBUTION 1 ‘Terms and Definition 2. Purpose z 3. SeOpE a : 4 Risk Appetite Statement ....ncnnnnsnne & Risk Management Governance Structure. 6. Roles and Responsibilities. Board of Directors.. The CEO. Risk Management Committee (Senior Management) Risk Management Champions.. Risk Management Facil 6. Internal Auditor NAEB’s Staff. 2. Risk Assessment Approach... 7.1. Identifying the risks Identify and Evaluate Risk Treatment Select Mitigations... 75. 76. 7.7. Risk Monitoring and Review. Risk Reporting... Review Exceptions. Appendix. 12.1. Risk Register Template. @ BP 104 Kia Tel, (250) 252 57 5600 Hotine 3000 YNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD peptone 1. Terms and Definitions Risk: Effect of uncertainty on objectives. Risk Assessment: The overall process of risk identification, analysis, and evaluation; It attempts to answer the following questio What can happen and why (identification) fi, What are the consequences iii, What is the probability of their future occurrence? iv. Are there any factors that mitigate the consequence or probability of occurrence of the risk? Management: Systematic application of policies, procedures, and practices to the tasks of establishing the context, identifying, analysing, evaluating, communicating, treating, and monitoring risks. Appetite: The willingness to accept risks related to objectives and activities. Risk Register: A tool for documenting risks, and actions to manage each risk. Risk Mitigation / Treatment: Risk mitigating actions refers to action/s that must be taken to lower the likely hood of occurrence of the risk and/or to minimize the impact ifthe risk occurred. Internal Controls: Processes, policies and procedures that are used to govern NAEB to facilitate; achievement of the strategic objectives, ensure optimal resource utilization, integrity and timely reporting, safeguarding of assets and compliance to laws, regulations, policies & contracts inherent in a process or activity before mitigation Inherent Risk: The natural level of ris strategies and controls are put in place. Residual Risk: Risks that remain after mitigation strategies and controls are put in place r) BP 104 Kigali, Tel.(250) 252 575600 Hotline 3800 ¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT 9 2 BOARD ft at 2. Purpose This Risk Management Procedure Manual sets out the definite steps NAEB management and staff will take to implement formal risk management framework as part of NAEB’s commitment to implementation of a Risk Management Policy. This procedure will formal management of enterprise-wide risks and opportunities whether internal or external 3. Seope This policy governs all people, processes and tools used during the execution of NAEB’s mandate and is applicable to all its employees, supplier third parties and stakeholders interacting with NAEB in the execution of its mandate. 4, Risk Appetite Statement Risk appetite isthe level of risk that NAEB is prepared to accept in pursuit ofits objectives. It represents ‘balance between the potential benefits of innovation and the threats that change inevitably brings To realize NAEB's strategic objectives contained in the strategic plan 2019-2024, management needs to take calculated risks in a way that does not jeopardize the direct interests of stakeholders. NAEB's risk appetite can therefore be described as low. Below is a highlight of NAEB's risk appetite. [Fraud Risk AEB shall have Zero Tole nce for fraud risk. Reputational Risk | NAEB shall have Zero Tolerance for reputational risk. Financial Risk Medium: Deliberate efforts will be made towards making NAEB financially | self-sufficient. Credit Risk Low: NAEB we shall have low tolerance to credit. Services shall not be offered on credit l @ BP 104 Kil Tel (250) 252 57 56 00 Hone 3000 oe YNAEB NATIONAL AGRICULTURAL - EXPORT DEVELOPMENT 9 \ BOARD ape ot and Quality Risk Low: NAEB shall facilitate NAEB and stakeholders to deliver high quality services and products of high quality. |Legal Regulatory | Low: NAEB shall comply with all relevant legal and regulatory requirements Risk [Health and Safety | Low: NAEB shall provide a safe environment for all staff, contractors and visitors. Products & Markets | High: NAEB shail optimise its ability to exploit opportunities to expand export products and markets. | | a BP 104 Kigali, Tel (250) 252 575600 Hotline 3800 ¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD tec nt 5. Risk Management Governance Structure Strategise, set risk appetite, monitor “Approval of risk action plan /oversight Internal Audit Risk Management Committee Risk Coordinator Risk Champions Facilitate, guide and support Risk assessment (identify analyse, evaluate) treat and implementation of approved plans, monitoring and ’ BP 104 Kigali, Tel (250)252 57 5600 Hotine 3800 oNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD Repub ot Ran 6. Roles and Responsibilities 6.1. Board of Directors The Board of Directors will be responsible for addressing the corporate governance requirements of risk management and monitoring NAEB’s performance. The board’s focus on effective risk oversight is critical to setting the tone and culture towards effective risk management and internal control. The responsibilities of the board for the governance of risk and controls should include: i. Approve the design and implementation of risk management approaches. Review risk management reports and risk profile. Ensure that staff charged with risk management responsibilities have appropriate authority to carry out their functions. iv. Approve the allocation of resources for effective management of risk. v. The board should solicit formal feedback on the adequacy of risk management and intemal control from the internal audit function at least annually. The board should also solicit the observations of the independent external auditor, recognizing that such observations will generally be limited to risks and controls related to the financial statements. 0 HP 108g MAS) BT 8G Nn B08 oe Y¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT ew BOARD eb of Rand 6.2. The CEO ‘The CEO is responsible for overseeing the execution of NAEB’s strategic plan and policies to ensure desirable outcomes. The overall responsibility for developing, coordinating, implementing, and assessing the effectiveness of the risk management is delegated to the CEO by The Board. The CEO shall also perform the following functions under this policy: i. Approve the risk policy and procedure documents ii, Embed risk management practices in all NAEB’s processes by communication with staff and other stakeholders. Review on a quarterly basis exposure to all forms of risk and reduce it as far as, reasonably practicable to achieve. iv. Guide the policy implementation process through the issuance of appropriate circulars ¥. Define appropriate structures for effective implementation of the risk management policy 6.3. Risk Management Committee (Senior Management) ‘The Risk Management Committee is composed of Senior Management and is responsible for: i, Support Risk Champions in discharge of their functions Ensure that all risks are identified as far as is reasonably foreseeable, each risk is appropriately assessed in terms of likelihood and consequence. iii, Review and approve risk response plan and assessing adequacy of responses, appropriate operational controls are implemented to maximize opportunities and mitigate against potential loses. iv. Ensure that all material risks are monitored on at least quarterly basis. vv. Mobilize resources to assist in risk miti 0 BP 104 Kip Tel (250) 252 5756 00” Hodine 3000 Y¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD ep Rance 6.4. Risk Management Champions. The champions will be composed of nominated representatives from the business covering key processes. Management Champions area collective officer peer group who proactively support and challenge each other in the management of risk within each department, and who in conjunction with the Risk Management Coordinator help embed and drive the approved risk management process within the organization, i, Identify, analyse and evaluate risk in accordance with the documented Risk Management Procedure manual and prepare risk registers for their area of operations ii, Report on the overall risk profile (including but not limited to the key metrics) to the Risk Management Committee iii, Ensure that risk action plans are in place to bring risk exposure back in line with the entity risk appetite; iv. Carry out reviews with key stakeholders to ensure risk management practices are embedded in their operations Carry out awareness on risk management to all staff 6. Risk Management Facilitator Director Finance & Admin shall be the designated Risk Management facilitator. His primary roles are as follows: Guide NAEB in development of risk management policies and procedures including review as appropriate Implement annual reftesher training for Risk Champions and Risk Management Committee to drive awareness and participation in the Risk Management process, iii, Ensure risk assessments are performed annualy and when significant changes occur. iv. Monitor and report on the implementation of risk management action plans to censure they are proceeding as required. v. Consolidating the reports received from the risk management champions for presentation to the Risk Management Committee and the Board. a BP 104 Kigali, Tel.(250) 252575600 Hotline 3800 vNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT 9 BOARD Fences 6.6. Internal Auditor ‘The internal audit function plays an important role in monitoring compliance to risk management guidelines but does NOT have primary responsibility for its implementation or maintenance. The {intemal audit function’s role in relation to the ERM process will be: i, To provide objective assurance to the Board on the effectiveness of NAEB's risk ‘management activities and internal control procedures and mechanism. To enhance regulatory compliance efforts. iii, Report audit findings and make recommendations for improvement. In the risk framework. To ensure that risks are being adequately/appropt \ely identified and that the principles and requirements of managing risk are consistently adopted. 6.7. NAEB’s Staff AILNAEBS’ staff will be fully involved and adequately informed on the risks ass fed with their day to day a disciplined and constructive risk control environment is achieved. tes and their responsibilities. A collaborative approach will be necessary to ensure a a Functions of the employees will include: i. Risk identification and reporting ii, Risk control Compliance to policies and procedures Implementation of agreed upon improvement action plans. tp ‘BP 104 Kigali, Tel. (250) 25257 5600 Hotline 3800 ¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT \_& BOARD Repu ot Randa 7, Risk Assessment Approach NAEB will use the following Risk Assessment approach. of ‘Establishing the Context Risk identification Consultation isk Analysts Monitor ‘and Review bk Evaluation isk Treatment The Risk Assessment Methodology adopted seeks to define a process to be used in assessing enterprise risks and developing risk treatment plans for the identified risks. For NAEB Risk Assessment, the approach will entail the following key steps: - 1. Identifying the risks 2. Analyzing and evaluating the risks 3. Identifying and evaluating treatment options 4, Selection of mitigation measures 150) 252575600 Hotline 3800 v e BP 104 Kigali, TelNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD epic of Rvanda Tle Identifying the risks In this step the critical activities to be carried out are: i, Identifying the assets/processes that are within the seope of the risk assessment ii, Identifying the risks associated with the assets/processes within the scope of the risk assessment, Identifying the risk owners and assigning them risks 7.2. Analyse Risks In this step, the impact or degree of harm upon the organization that may result if risks were to occur is assessed. i. Anassessment of the realistic likelihood of risks occurring considering prevailing threats and vulnerabilities, and the controls currently implemented is done. An estimation of the levels of risks is then carried out. iii, Finally, in this step it is determined whether the risks are acceptable or require treatment using the criteria for accepting risks ‘The outcome of this step is a risk assessment report which indicates all the risks facing the assets identified, At the later stage of this step, a list of mitigating controls and recommended controls are suggested and expounded on in the next step. Based on the Information Resources in the scope of the risk assessment, the computation of risk shall be based on an assessment of: ey ee Where: Impact is the consequence that would result if the risk were to materialize ii, Probability is a measure of the likelihood of a risk occurring. (250) 252575600 Hotline 3800 Y Likelihood/Probability Assessment 0 BP 104 Kigali, TelNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD Repub of Randa To arrive at the likelihood rating, one must consider the existing vulnerabilities, preventive and detective controls, which minimize the likelihood of a risk materializing. The scale, which is used in this assessment, is as follows: - 5 [Almost Certai Is expected once a week- ft [Likely [Will probably occur once a month. [Possible [Might oceur once a quarter. |Unlikely "ossibly once a year. Ir IRare [Extraordinary event — might occur every 1 — 5 years. Impact Assessment Business impact on risks materializing is assessed. Impact assessments are performed against cach threat. The impact scale (Appendix A) enables a business-oriented approach to determine the impact of a threat. To arrive at the impact rating, the existing vulnerabilities and reactive/recovery controls are considered (because reactive controls minimize the impact of the threat if it materializes), The risk assessment impact rating table is used as the source of these Impact categories for NAEB. 0 BP 104 Kigali, Tel. (250) 252575600 Hotline 3800, Y¥NAEB NATIONAL AGRICULTURAL Financial loss! Cost ‘unaeceptabl e to ‘managemen 1 andlor can only be recovered in the long tem Over Frw 100 million Po + Financial loss) Cost major and/or can only be recovered inthe ‘medium tem Between Fw 50 million and Frw 100 million SRC * Financial loss! Cost increase is significant Between Fw million and Fw 50 million 9 % ‘Negative outcomes or sed ‘opportunities that are of, critical importance to the achievement of objectives. Negative ‘outcomes. oF sed ‘opportunities are likely to havea relatively substantial impact on ability to meet objectives Negative outcomes. oF missed ‘opportunities are likely to havea relatively moderate impact on ability to meet objectives Demand for ‘government Inquiry Adverse and extended national electronic and print media and social media, Adverse print media coverage eo EXPORT DEVELOPMENT BOARD Repub of Rand ‘Noncompliance that leads to forced ‘cessation of service by regulator + Multiple court cases leading to adverse rulings/stiff penalties Noncompliance that leads to hefty fines and sanetions by regulator/ministry/court Noncompliance that leads to minor fines or legal action. Hotline 3800 Health and ‘Multiple fatalities, or Significant irreversible effects 0 Ws of people. + Single fatality and/or Severe imeversible disability to persons. Extensive injuries or irreversible isability oF impairment to one oF personsNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD adhe eer a er TY f Sit * Financial Negative fi + Medium’ loss! Cost outcomes. or term largely increase is missed People policy/procedure reversible moderate opportu talking . disability to are likely to among * No legal action ‘one or more Beoween ve a themselves paca Frw reltvely low Significant 100,000.nd impact on Only en medical 1 miltion ability © sectal mods ‘treatment, meet, disabling ot objectives lost time injury Finacial Negative Negligible Breach of intemal Fist sid toss outcomes or impact, policy. treatment or recoverable missed minor ‘over a short opportunites rmediel tem are Tikely to trate have Financial negligible toss of less impect on than Frw ability 0 100,000 eet objectives 73. Evaluation of Risk ‘The overall ranking of risks will be into four broad levels, namely: i. Extreme ii, High iii, Medium iv. Low (250) 252575600 Hotline 3800 Y 0 [BP 104 Kigali, TelNAEB NATIONAL AGRICULTURAL Ses Republi of Rwanda Identified risks will be evaluated on the weights of the likelihood of occurrence and projected consequences to determine if they are extreme, high, medium or low risk as shown in the heat map below ‘The level/rating of risk is assessed using this Heat map. The impact and likelihood are each assessed on a scale of 1-5 by referring to the descriptions, con this page. Risk Level is calculated as the product of these two numbers and will range from 1-25. insignificant ince a year. |Once ‘dOnce a month|Once uarter fweek . " Imost inlikely Possible {Likely pe 0 BP 104 Kgl, Tel (250) 25257 5600 Hotine 3800 ¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD wes Republic of Rwanda 7.4, Identify and Evaluate Risk Treatment Options The criteria established by senior management, each ri iii, Avoid the risk ,. Transfer the risk to another organization (e.g. through insurance or by contractual arrangements treatment plan is the immediate output of the Risk Treatment. It defines how, based on the is to be handled. The options are to: Kno gly accept the risk as it falls within the organization’s "risk tolerance”, in other words management deems the risk acceptable, compared to the cost of implementing or improving controls to mitigate it. i. Implement a suitable control or combination of controls to reduce (mitigate) the risk to a more acceptable level. Controls may be selected from the best practices and/or from other sources. . do not undertake the associated business activity. with a business partner). Each Identified risk will have a treatment option. This will be documented and approved by management 7.5. Select Mitigations Mitigation includes reduction of the likelihood that a risk event will occur and/or reduction of the effect of a risk event if it does occur. Risk mitigation plans should: Characterize the root causes of risks that have been identified and quantified in earlier steps of the risk management process. i. Evaluate risk interactions and common causes. |. Identify alternative mitigation strategies, methods, and tools for each major risk. iv. Assess and prioritize mitigation alternatives. Select and commit the resources required for specific risk mitigation alternatives. Communicate planning results to all project participants for implementation i, Te, (250) 252 57 5600 Hotline 3800 weNAEB NATIONAL AGRICULTURAL - EXPORT DEVELOPMENT BOARD Ropu of Rwanda 6. Risk Acceptance Criteria ‘The risk acceptance criteria will act as a guide to management when considering which risks to accept, mitigate, transfer or avoid. Management will consider the following constraints in applying the acceptance criteria and may choose to accept a risk outside the defined criteria. i. Financial constraints, ii, Time constraints, iii, Technical constraints, iv. Operational constraints, v. Cultural constraints, vi. Ethical constraints, vii. Legal constraints, viii Ease of use, ix. Personnel constraints [RISK RATING Ifa risk is evaluated as Critical, there is a strong need for corrective jeasures. A corrective action plan must be put in place as soon as, IiPa risk Is evaluated as Medium risk, the Risk Owner will determin hat corrective actions are still required to take the risk to LOW jecide to accept the risk. Fa risk is evaluated as low risk, the Risk Owner will accept the risk 0 BP 104 Kigal, Tel, (250) 252 5756.00 Hotine 3900 vNAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT BOARD Republi of Randa 7.7. Risk Monitoring and Review. To ensure structured review and regular reporting occurs each department shall identify key risks within their area to be monitored. Given the diverse nature and dynamic nature of NAEB’s environment, it is important to be alert to emerging risks as well as monitoring existing risks. Monitoring changes to the source and context of risks, the tolerance for certain risks and adequacy of controls shall be carried out regularly. ‘The purpose of monitoring and review is to assure and improve the quality and effectiveness of the risk management process design, implementation, and outcomes. Risk Monitoring and review entails measuring how well NAEB has performed against a set of predefined goals or targets Risk monitoring and review will be done on an ongoing basis to: Determine the effectiveness of risk responses. © Identify risk-impacting changes to NAEB and its environment. © Maintain risk assessments and risk register. © Determine the effectiveness of implemented controls. Monitoring risk factors is of importance on an ongoing basis to ensure that the information needed to make credible, risk-based decisions continues to be available over time. Key risk indicators (KRI’s) are important tools in risk management used to enhance the monitoring of risks and facilitate risk reporting. ‘The organization will identify and establish performance indicators linked to key organizational objectives to give an indication of the overall effectiveness of the risk management framework. Steps to determine KRI’s © Determine the key focus areas based on risk management objectives © Determine the metrics that will be collected, source of information and a baseline for the same ‘© Determine the frequency of measurement © Measure and report Ie AIPA TGQ EAST EG Bate ¥NAEB NATIONAL AGRICULTURAL EXPORT DEVELOPMENT oo BOARD Republi of Rwanda 78. Risk Reporting. Risk reporting is an important part of being able to demonstrate the effectiveness of the risk management program. The following is the reporting program to be followed What is to be reported [To Whom By When | Risk Register Output Risk Management | Risk Champions/Risk | Quarterly Committee Coordinator { es Risk Mitigation status | Risk Management | Risk _Champions/Risk | Quarterly Committee Coordinator Exireme and High Risks | Board CEO Half yearly 7.9. Risk Communication and Consultation Management shall communicate and consult with internal and external stakeholders during all stages of the risk ‘management process, particularly when plans are being first considered and when significant decisions need to be made, Risk management is enhanced through effective communication and consultation when all parties understand each other’s perspective and, where appropriate are actively involved in decision making. Below is the communication and consultation strategy Seren Poe ‘Committee responsibilities 1 ‘The Board should meet half yearly times to review top | Chairperson, Board | half yearly risks in the organisation Reporting responsibilities BP 104 Kia, Tel, 250) 252 57 5600 Hotline 2800 vNATIONAL AGRICULTURAL EXPORT DEVELOPMENT : BOARD Republic of Rwanda Each department should draft a risk management submission quarterly. This submission should focus on the following: Allrisks ranked as either extreme/catastrophic or high risks. Progress in implementing agreed upon actions to improve risk management. Any risk developments or tisk incidences. Risk | Management Champions Quarterly. Risk Assess sment Responsibilities ‘The heads of departments should formally reassess all risks ranked as either extreme or high risks quarterly. Risk Management Committee Quarterly At any point during the year, any risk assessed as catastrophic should be immediately escalated to the CEO who should escalate to the board. isk Management Committee On assessment All departments should review risk registers. at quarterly meetings and update the register’s contents to reflect any changes. Risk Management Champions ‘Quarterly Governance Responsibilities 6 17 Each risk should have a nominated owner who should be responsible for the followi Updating the risk information, © Providing assurance regarding the risk’s controls. © Coordinating the implementation of action plans for the risk © Reporting on any developments regarding the risk, Management Committee ‘As scheduled ‘The intemal audit function should use the outputs of risk assessments to compile its audit coverage plan and should investigate the effectiveness of risk controls. Internal audit ‘Annually ‘The internal audit function should formally review the effectiveness of the organisations risk management processes once a year. Internal Audit Annually BP 104 Kigali, Tel. (250) 252575600 Hotline 3800 oe 7NAEB NATIONAL AGRICULTURAL - EXPORT DEVELOPMENT BOARD Ses Repub of Rwanda Frequency controls associated with risks identified. 8. Review This Risk Management Procedure Manual will be reviewed every three years or when significant changes occur for continual suitability and adequacy. It shall be made available to all employees, stakeholders and interested parties as approved by management. 9. Enforcement It is mandatory that all those who work for NAEB, whether as employees, contractors, consultants, or suppliers, adhere to this policy, and sub-policies, standards, guidelines, or procedures derived from it. Violation of this policy may result in disciplinary action, which may include termination for employees and ‘temporaries; a termination of employment relations in the case of contractors or consultants; or dismissal for interns and volunteers. Additionally, individuals are subject to loss of NAEB’s Information Resources access privileges, civil, and criminal prose 10. Exceptions Where systems, procedures or processes are not able to meet the requirements of this poliey and an appropriate business justification exists, an exception should be raised for review and approval according to the exceptions procedure. @ BP 104 Kigl Tel, (250)252 57 56 00 Hotine 3800 YNAEB NATIONAL AGRICULTURAL «&) EXPORT DEVELOPMENT & BOARD aad Repub of Randa 12. Appendix 12.1. Risk Register Template Tacs 252575600 Hotline 3800 ¥