Through the development and updating of risk management policies, the leadership of the Finance Department is committed to continuously reaffirming its commitment to managing institutional risks surrounding its operations and adopting the best international practices for the following purposes:

• Providing a consistent, clear, defined, specialized, integrated, and comprehensive risk management system for all the core functions and tasks of the department, along with the necessary tools, enabling stakeholders to effectively respond to challenges and changes and manage the impact of uncertainty on its ability to achieve its objectives.
• Establishing ethical and objective decision-making standards, based on a comprehensive understanding of potential risks and their internal and external impacts, and trade-offs best suited to the interests of the department.
• Commitment to providing necessary and sufficient information and data about critical risks to senior management promptly, to support decision-making processes and appropriate response for managing expected effects and mitigate them.
• Commitment to providing and make available sufficient and appropriate information within a unified risk management system at all levels of the department.
• Promoting a risk management culture within the department, raising awareness among all concerned parties, and involving them in the process of identifying the risks surrounding their tasks, enhancing their ability to manage and report.
• Ensuring the integration of related management systems, providing appropriate business continuity and crisis and emergency management plans and strategies to ensure the department's ability to recover for business sustainability with minimal losses.
• Commitment to provide all the necessary resources, communication channels, and capabilities to support the implementation of the risk management system within the department.
• Developing periodic review and improvement plans for the risk management system, ensuring its inclusion in performance management and control systems.
• Ensuring the identification of all roles, responsibilities, and accountabilities for the continuity of the risk management system, as well as defining reporting and report submission mechanisms.

Responsibility:

• Tasks related to the implementation and monitoring of the risk management system are assigned to the Strategy and Corporate Performance Division.
• This policy is disseminated through various internal communication channels available within the department and is published on the website. It is reviewed and updated periodically every two years or as needed.