1.    PURPOSE 

1.01     The purpose of this Statement of Policy and Procedure is to articulate organizational standards related to risk management including risk assessment, risk management, operations recovery planning, physical security and insurance.

2.    SCOPE

2.01     This policy applies to the Board of Directors and all employees

3.    POLICY

3.01    MakeWay shall engage in a formal risk assessment and risk management process. Risk assessments, risk assessment matrix ratings and controls to mitigate risk will be assessed on a quarterly basis and reviewed by the Senior Management team.

3.02     The Finance and Audit Committee will review the risk assessment at least annually and determine any risks need to be brought to the Board of Directors for further review and discussion.

3.03     MakeWay will maintain an operations recovery plan and review and update it annually.

3.04     Procedures related to personal security shall be reviewed with all new employees as part of the orientation process. MakeWay will maintain a Health & Safety Committee that meets regularly to review issues related to employee health and safety.

3.05     Documents and other media of a confidential or sensitive nature shall be securely stored and access-controlled.

3.06     MakeWay shall carry insurance coverage at replacement levels for all major assets, including data assets. MakeWay shall carry commercial general liability insurance, directors and officer’s liability insurance, network security and privacy insurance and volunteer insurance at appropriate levels based on annual review.   Refer to the MakeWay Insurance Program on Box for more details.

3.07    All staff shall receive information regarding compliance with CRA standards for charitable organizations (refer to “Compliance Policy” and “Legal Policy” for more details).

4.    RESPONSIBILITY

4.01     The Board of Directors is responsible to assure itself that risks have been appropriately identified, planned for and managed.

4.02     The CEO is responsible to the Board of Directors for implementation of risk management plans and processes, and is ultimately responsible to ensure that risks are assessed and managed appropriately.

4.03     The CFO is responsible for quarterly review of the risk management plan and mitigating controls.

4.04     The Senior Management Team and all managers are responsible for ensuring that all appropriate and cost-effective steps are taken to minimize or control identifiable risks.

4.05     All staff are responsible to notify their supervisor of any new risks encountered or changes to existing risks.

4.06     The CFO is responsible for ensuring that appropriate insurance is in place. 

4.07     The Director, People & Culture is responsible for maintenance of a Health and Safety Committee.

4.08     The Director, People & Culture is responsible for maintenance of an Emergency Preparedness Plan.

5.    DEFINITIONS 

5.01     “Property coverage” means insurance coverage for loss or damage to property. Property includes both real property (land and buildings) and moveable property (equipment, files, etc.).

5.02     “Risk” means the possibility of a negative or adverse outcome, and the magnitude or severity of the consequences of that outcome.

5.03     “Risk Assessment” is the formal process of objectively evaluating risks to an organizing including the impact and likelihood of occurrence. 

5.04     “Risk Assessment Matrix” is the tool used to assess the overall level of risk related to an identified risk. The risk matrix is based on ratings of the likelihood of a risk occurring multiplied by the impact of the risk.

6.    REFERENCES 

CRA Compliance Policy

Legal Policy 

Insurance Policy