1. Why should risk management data and plans be documented and appropriately stored?

SweetSpot Pty Ltd: Risk Management Policy

Introduction SweetSpot recognises that risk management is an essential component of good management practice and is committed to ensuring the implementation of risk management processes that focus on the proactive management of risks across the organisation. This risk management policy forms part of SweetSpots internal controls and corporate governance arrangements. The risk management policy is designed to: identify, evaluate, control and manage risks ensure potential threats and opportunities are identified and managed inform directors, senior management and staff members about their roles, responsibilities and reporting procedures with regards to risk management ensure risk management is an integral part of planning at all levels of the organisation. Policy SweetSpot is committed to achieving its vision, business objectives and quality objectives by the proactive management of risk at all levels of the organisation. SweetSpot will identify, evaluate, control and manage risk throughout the organisation in accordance with the SweetSpot Risk Management Framework. Responsibility and Authority Directors, management and employees of SweetSpot have responsibility for implementing aspects of this policy. Role of the Directors The Directors have a governance responsibility in the management of risk. This includes: determining which types of risk are acceptable and which are not setting the standards and expectations of staff with respect to conduct approving major decisions affecting SweetSpots risk profile or exposure monitoring the management of significant risks to reduce the likelihood of potential organisational risks and threats or failure being satisfied that risks are being actively managed, with the appropriate controls in place and working effectively annual review of SweetSpots approach to risk management and approval of changes or improvements to key elements of its processes and procedures. Role of the Senior Management Team and Store Managers Key roles of the senior management team are to: implement policies on risk management and internal control where this is deemed appropriate identify and evaluate areas of significant risks potentially faced by SweetSpot for consideration by the Directors

identify areas where risk management is not adequately addressed and advise the Directors accordingly review and update the Risk Management Strategy undertake an annual review of the effectiveness of systems of internal control and provide an annual report to the Directors, including a summary review and respective recommendations. Role of Caf Employees Key roles of employees are to: familiarise themselves with the content of the Risk Management Policy and clarify any aspects necessary with a senior team member consider any risks they feel could impact on them meeting their objectives and either manage the risk if it is in their control to do so, or inform a management team member of their concerns advise senior management, in the first instance, or the Board of Directors, if concerned about any fraud or unethical behaviour.

SweetSpot Pty Ltd: Risk Management Procedure

1. Establish the context: Define and identify the environment, characteristics and stakeholders, their goals and objectives, and the scope of the specific risk management process. Develop criteria against which risks are evaluated and identify the structure for risk management. 2. Identify and describe risks: Risks are best identified through a collaborative approach involving a cross-section of stakeholders. All conceivable risks must be considered. Ensure any certainties are identified as problems and addressed in the risk management profile. 3. Conduct current risk analysis: An analysis of the risks is conducted to determine their causes, and estimate their probability and consequences. This analysis provides the basis for working on the right risks. 4. Conduct risk evaluation: Risks are considered and prioritised according to their potential impact, and each risk is assessed to determine its level of acceptability. 5. Develop and implement proposed risk treatments: Risk treatments are developed to cost-effectively reduce, contain and control risk. Formal risk management reporting mechanisms are defined and documented. Categorise the risk likelihood.

1. Review the SweetSpot Pty Ltd Risk Management Policy and Procedure. List two strengths and weaknesses for the SweetSpot Policy and Procedure.