HOW TO USE THE TEMPLATE

This Risk Management (RM) template consists of 4 sheets:

1) How-to-use the template (this sheet)

2) Risk Assessment. This is the actual template that shall be filled out.
3) Value list. This sheet contains the values for the drop down menus. This must not be changed
4) Risk scales. This defines risk threshold level (risk acceptance level), pluss risk probability and
consequence scales

How to fill out the risk assessment -

(Also see Procedure "GPRO_03 Risk Management" that details responsiblity and needed actions and
reporting related to Risk Management)

Preparations:

0) Define the risk threshold levels. Threshold level defines yellow and red levels.
, consequence- and probability scale to be used for the risk assessment.

Risk assessment:

1) Start with describing the risk elements in column B

2) All risk elements shall be tagged with one of the predefined risk areas in column A. Choose from the
drop-down value list.
3) Describe the potential consequence if the risk is not mitigated in (column C). Here you should also
describe the significance of the risk
4) If mititation measures for the risk element are already taken, describe these in column D
5) Define risk probability and consequence in column E and F. Use the drop-down value list. How to
understand the scales are described in the tab "risk scales".
6) The risk level is calculated in column G and colour green, yellow or red will be automatically set based
on your defined threshold level under the "Ras Scales" sheet. Red means critical risk that needs mitigation
measures to be defined and followed up until closure. Yellow means that risk mitigation should be
considered from case to case. Whether mitigations are needed is decided by local management from case
to case.

If the risk is critical the following steps are required:

7) Define actions (column H) that will be initiated to reduce risk element. Risk can be reduced by reducing
probasbility and/or consequence.
8) Appoint a person (name required) responsible for the risk and minigation actions (colums I) and the
function he/she belongs to (choose from drop-down list in column J)
9) Define due date for completeing action in column K
10) Set status on actions using drop-down list in column L
11) Comment in the status in column M to give a description of the mitigation efforsts.
12) The risk assessment shall be updated monthly (as minimum) until all critical risks are mitigated and
shown as non-critical

See procedure "GPRO_03 Risk Management" for further details.

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
 RISK ASSESSMENT
RISK ANALYSIS RISK MITIGATION
Entry date Risk area Description of risk element Description of consequence Mitigation measures already in Probability Consequence Risk level Actions to reduce risk Risk owner Function Due date Status Comment to status
place
25.05.2018 Financial Misinterpretation of payment terms Account receivables account Global Contract Review Policy 4 3 12 Follow authority matrix, and apply Amit Gautam Sales / In
and/or did not seek for payment payables, cash flow will be affected for approval . Marketing progress
terms approval
11.07.2018 Operational Delivery terms not properly made Longer delivery time, sent to wrong, Sales order process 3 3 9 Ensure that the sales order process Amit Gautam Sales / In
known to operations, shipping, place, additional costs, etc is adhered to concerned dep't Marketing progress
warehouse
17.09.2018 Financial Liabilities in purchase orders, and Additional costs, and/or liabilities Authority matrix, sales order 4 3 12 Ensure authority matrix, and/or sales Amit Gautam Sales / In
contracts received from customers incurred if the liabilities were not process, etc order process are adhered Marketing progress
accounted for prior
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
Date: 2017-06-08
 VALUE LISTS

Risk area
Strategic Risks associated with the long-term strategy and the implementation of the
strategy, incl. the ability to reach the planned objectives. Can be affected by
i.e. industry, capital, legal requirements, political issues, technology, reputation
and competitor activities
Financial Risks associated with the effective management and control of finances incl.
macro risks, risk of being part of the financial market, financing of the
company, liquidity/cash flow, financial reporting etc.
Compliance Risks associated with compliance to regulatory requirements, incl. tax, legal,
accounting, health and safety, environment and data-protection
Business Risks Risk related to management decisions and use of resources, including
reliability/ relationships to customers and suppliers
Operational Risks associated with our day to day operations and the efficiency and safety
of the business processes involved
Political Risk associated with the political stability in the countries where Eltek operates
or are involved
Fraud/corruption Risk associated with corruption or fraudulent activities, e.g. employees
enriching themselves illegally or unethically
Security/IT Risks associated with security over group assets incl. data/personnel
resources and the relationship to various stakeholders
HR Risk associated with attracting the right competence and employees, ability to
retain key personnel and development of skills and competence
Reputation Risk associated with Eltek's name and standing in the market place
Safety Risk associated with safety over personnel and group assets
Environment Risk associated with environmental damage.

Functional Areas
R&D
Product Management
Finance
Administation
Operations
Sales / Marketing
HR
QA

Status
Not started
In progress
Closed

GFORM_015 Risk Management Matrix Valid on date of print only. Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano
 RISK SCALES

Risk threshold levels Value Decription

Level 1 14 Critical risk level. Mitigation is required.
Level 2 10 Important risk that should be adressed (local management to decide from case to case)

Risk Concequence Scale

Value Description Example: Financial impact Example: HSE impact
1 Small EBITDA impact <0,1% No injury
Minor injury with no absence
2 Moderate EBITDA impact 0,1<x<0,4 from work
Moderate/major injury resulting
3 Medium EBITDA impact 0,4<x<1,0 in absence from work
Permanent disability resulting in
4 High EBITDA impact 1,0<x<5 absence from work
Permanent disability resulting in
5 Very high EBITDA impact >5 full job loss or death

Risk Probability Scale

Value Description Example: occurance frequency
1 Small More than 10 years
2 Moderate Once every 5-10 years
3 Medium Once every 2-5 years
4 High Once every 1-2 years
5 Very high Once a year

GFORM_015 Risk Management Matrix Valid on date of print only . Printed: 02/06/2022
Prepared by: hehvno
Approved by: frvano