Risk Management Policy

Business Process Integration – Comprises the activities, tasks and steps required to ensure business processes are designed and operated to reflect all obligations and that these processes are fully embedded in the business to effectively manage all types of organizational risks.

Risk – Effect of uncertainty on objectives. Where an effect is a deviation from the expected — positive and /or negative. Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). Risk is often characterized by reference to potential events and consequences or a combination of these.

Risk Appetite – Addresses the balance of risk and reward that the organization is willing to accept. It highlights the amount of risk that the organization is willing to accept whilst detailing the associated decisions’ authorities.

Risk Drivers – Addresses root causes of risks through risk analysis techniques such as

Fishbone diagram.

Risk Management – Coordinated activities to direct and control an organization with regard to risk.

Risk Profile – Comprises the catalogue of risks, defined with root causes and potential likelihood and impact.

Risk Strategy – Encompasses how the business aims to integrate risk management into its strategy of delivering stakeholder value and meeting its business objectives. It aids decision making and effective use of scarce resources.

Stakeholders – Persons or organizations that can affect, be affected by, or perceive themselves to be affected by a decision or activity.

This document provides the policy for the Risk Management within Saudia Dairy & Foodstuff Company (SADAFCO). This policy defines details of the scope and purpose of Risk Management along with key policies that govern the Risk Management practices at SADAFCO.


It is imperative that our business remains resilient; to achieve this, a structured Risk

Management policy will be implemented and maintained across SADAFCO.

At SADAFCO; our primary concern is the safety and well-being of our staff, stakeholders, and the environment together with our capability to maintain the key activities which support achieving our objectives. Practical and robust Risk Management is vital to respond to any major threat or risk that could damage our organization and core services.

The scope of this policy covers all SADAFCO functions and departments. Other entities or functions outside SADAFCO operations are out of the scope of this policy.

SADAFCO shall have an approved clear statement of SADAFCO’s risk management mission, vision and a set of objectives aligned to SADAFCO’s overall strategy.

SADAFCO Risk Management Strategy shall be reviewed and approved as per SADAFCO’s

Delegation of Authority Limits Matrix (DAL).

SADAFCO shall ensure the availability of financial resources to support the Risk Management operations and initiatives. SADAFCO is committed to provide the required resources and training programs to the Risk Management process in order to achieve its Risk Management objectives.

SADAFCO shall have approved clear statements of risk appetite and tolerance limits for the top risks at SADAFCO.

SADAFCO’s overall strategy shall be reviewed to ensure consistency with SADAFCO’s Risk


SADAFCO Risk Appetite shall be reviewed and approved as per SADAFCO’s DAL.

SADAFCO management shall ensure Risk Management activities are integrated within the day-to-day decision making process at SADAFCO.

SADAFCO management shall consider Risk Management in any major change that takes place in any program or initiative, or as a result of any change in SADAFCO operations. In addition, SADAFCO shall consider risk management in all contractual aspects on a regular basis.

SADAFCO management shall assign the Risk Management responsibility to Executive Management Team at SADAFCO, including risk management activities and risk identification.

Assessment, treatment and monitoring shall be conducted in-house by adopting a standard process to manage risks, or by outsourcing the process to a third party consultant.

SADAFCO Risk Profile shall be reviewed and updated on an annual basis, and shall be approved as per SADAFCO’s DAL.

The ERMS, and all other subsequent changes, reviews and amendments to it, shall be reviewed and approved regularly as per the following table:  
DocumentsPeriodical Review/ApprovalResponsibility of Review Approval of Modifications
Risk Management PolicyEvery 3 YearsExecutive Management TeamBoard of Directors
Risk Strategy and AppetiteAnnuallyExecutive Management TeamBoard of Directors
 Risk ProfileAnnuallyExecutive Management TeamChief Executive  Officer (CEO)

Executive Management Team & CEO are deemed responsible for the safekeeping and maintenance of the Risk Management relevant documentation. Archiving process for the Risk Management documentation shall follow SADAFCO’s archiving guidelines.

Access to the Risk Management documentation shall be granted to SADAFCO employees authorized by the CEO.