Risk management policy

The aim of the risk management policy is to implement a uniform risk management system within the EPSO-G group in accordance with the internationally accepted COSO ERM standards defining the principles and responsibilities of risk identification, assessment and management.

EPSO-G understands risk management as a structured approach to the management of uncertainties, methodically assessing the impact and likelihood of risks, and applying appropriate management tools.

EPSO-G consistently believes that, in order to ensure a sound implementation of a business strategy, appropriate risk management is a prerequisite. It enhances the effectiveness and quality of the management of subsidiaries, ensures a safe environment for employees and builds trust among stakeholders in the company group.

EPSO-G risk management principles:

  • The principle of maintaining and creating value means that risk management directly contributes to achieving the company’s strategy, its business objectives and improves its performance by helping to properly prepare for and respond to negative events and reduce their impact and/or likelihood;
  • The principle of integrity means that risk management is a part of management, control, planning of day-to-day activities as well as management of changes. Our aim is to make risk management effective and to allocate funds for its measures in a rational and cost-effective manner. Risk management should help the company’s management bodies and executives to make better informed decisions and prioritise actions, assessing possible alternatives and their consequences;
  • The information relevance and reliability principle means that risk management is based on reliable historical data, observation, experience and expert judgment;
  • The principle of timeliness means that the company’s management bodies, executives and other responsible employees must be appropriately informed in a timely manner and involved in the risk management process in order to ensure its usefulness;
  • The principle of autonomy means that, in accordance with EPSO-G's risk management methodology, each company and its collegiate bodies act independently within their competencies, assuming responsibility for making the decisions within their competence, regardless of whether relevant fields of activities are regulated by the group’s risk management documents or not. The companies and their collegiate bodies must independently assess whether compliance with the group’s risk management policy goes against the interests of respective company, its creditors, shareholders or other stakeholders;
  • The principle of transparency in the context of risk management process means that the companies shall provide information on key risks to the stakeholders in order to reveal the motives behind the decisions made and to increase trust in the companies.


Last updated: 01-04-2021