RISK MANAGEMENT POLICY

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 Risk Management Policy INTRODUCTION The MBC risk management policy sets out the approach of the Board with regard to its philosophy and responsibilities pertaining to risk management within the Corporation. The objective of the policy is to manage risk in a way that derives the best outcomes for the Corporation and its stakeholders and minimise adverse consequences. RISK MANAGEMENT Risk Management is a fundamental part of the MBC’s strategic management. The Corporation places emphasis on good risk management in the identification and treatment of the risks pertaining to its activities. Recognition of risk management is a central element of good corporate governance. It is a continuous and developing process which can be used as a tool to assist in strategic and operational planning. The risks facing the Corporation can stem from factors both external and internal to the MBC. The processes and structures of risk management are directed towards the effective management of potential opportunities and adverse effects within the MBC’s external and internal environment. The key risk areas faced by the Corporation and specific examples of these key areas are given in the diagram below. Page 1

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 RISK ENVIRONMENT STRATEGIC RISKS FINANCIAL RISKS Externally Internally Externally Driven Driven Driven -Credit Internally -Foreign -Liquidity -Competition Driven Exchange and Cash -Customer -Intellectual -Interest Flow Changes Capital -High -Industry Rates Gearing Changes OPERATIONAL RISKS HAZARD RISKS Internally Externally Driven Externally -Accounting Driven Internally Driven controls -Contracts Driven -Regulations -Information -Suppliers -Public Systems -Natural access -Internal events controls -Environment -Supply Chain RISK MANAGEMENT PROCESS The risk management process is a continuous activity that is embedded into existing business practices. The main elements of the MBC risk management process are: 1. Consultation and Communication The MBC liaises with internal and external stakeholders as appropriate at each stage of the risk management process. Page 2

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 2. Establishing the context The internal and external environments within which the Corporation operates are evaluated. These include the legal, social, political, cultural and international contexts. The strategic and operational objectives of the Corporation are also taken into account. The basic parameters within which the risks must be managed are defined. 3. Risk Identification The risks flowing from a specific activity are defined and categorised. The factors critical to the success of the activity and the threats and opportunities related to the achievement of the activity are identified. 4. Risk Analysis and Evaluation Existing control systems are identified and evaluated. Consequences and likelihood and hence the level of risk are determined. Risk estimation can be quantitative, semi-quantitative or qualitative, depending on the activity. The estimated levels of risk are compared with the acceptable levels of risk. The balance between the potential benefits and adverse outcomes is considered. 5. Risk Treatment Specific cost-effective strategies and action plans are developed and implemented in view of increasing potential benefits and reducing potential costs. Responsibilities are allocated to those best placed to address the risk and carry out follow-up as required. 6. Risk Monitoring and Review Risks and the effectiveness of treatment measures are monitored to ensure changing circumstances are taken into consideration. Constant and updated reporting is made on the effectiveness of the measures. 7. Documentation Each stage of the risk management process is documented and constantly reviewed. Page 3

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 The risk management process is schematically portrayed as follows: Establish the context Risk Identification Consultation and Communication Risk Analysis and Documentation Evaluation Risk Treatment Risk Monitoring and Review RESPONSIBILITIES The Board is responsible for setting the risk management policy and risk management process of the Corporation. The Board delegates the monitoring of the risk management process and the examination of key risk issues to the Audit and Risk Management Committee. The Audit and Risk Management Committee advises the Board on the risk attitude to be adopted on each issue. Management is responsible for implementing the risk strategies and processes of the Board and communicating these to the persons concerned. Management evaluates the reports submitted by project/technical teams and brings them to the Audit and Risk Management Committee for consideration. Project/ technical teams work on projects related to their area of expertise and examine the level of risks associated with their activities. They make a report on the pertinent risk issues to Management. Each employee is aware of the risk management process and ensures he uses the process in dealing with risky issues in his work. He is accountable for individual risks and reports to his Head of Department or Management on any issues of concern. Page 4

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 The Board:  Is responsible for devising a risk management policy which covers risk management philosophy and responsibilities;  Derives assurance from the Audit and Risk Management Committee and Management that the risk management policy is complied with and the risk management process is working effectively;  Knows about the most significant risks facing the Corporation;  Ensures that proper systems are in place to cope with existing risks;  Closely examines the recommendations of the Audit and Risk Management Committee in respect of its evaluation of specific activities/ projects and the risks associated with them; and  Is responsible to make disclosure as regards risk management. The Audit and Risk Management Committee:  Ensures that the Corporation complies with the risk management policy and risk management process approved by the Board;  Provides an independent and objective oversight of the information presented by Management on risk-associated activities/ projects;  Examines the risks pertaining to specific activities/ projects and evaluates and recommends to the Board the risk attitude to be adopted for each activity/project;  Reviews the adequacy of internal controls to ensure that they are operating effectively and are appropriate for achieving the goals and objectives of the Corporation; and  Advises the Board on disclosures to be made as regards risk management. Management:  Is accountable to the Board and the Audit and Risk Management Committee for implementing the risk management policy, process and strategies of the Board;  Evaluates the reports made by Technical teams or other persons in respect of specific issues;  Closely monitors the systems in place to cope with risks and recommends any amendments to be brought;  Communicates to all persons concerned on the risk management policy and system in place;  Is responsible for the implementation and maintenance of overall sound risk management; and  Encourages and empowers employees in the management of risk. Page 5

MAURITIUS BROADCASTING CORPORATION RISK MANAGEMENT POLICY – APPROVED BY THE MBC BOARD IN DECEMBER 2011 Project/Technical Teams  Closely evaluate the types of, levels of, probability, estimates and consequences of risks associated with their area of work;  Liaise with internal and external stakeholders as required to arrive at their recommendations for specific actions to be taken;  Use the appropriate risk analysis methods and techniques to evaluate risks in their projects/ activities;  Have performance indicators which allow them to monitor their activities, progress towards objectives and identify variances which require intervention;  Give a comprehensive report on their findings, proposals and any perceived risks or failures of existing control measures; and  Adopt sound risk management practices within their particular areas of responsibility. Employees  Understand their accountability for individual risks;  Are aware of the risk management process and understand how they can enable continuous improvement of the process; and  Report systematically and promptly to their Head of Department on any perceived new risks or failures of existing control measures. In the health and safety field, the MBC recognises that consequences are only negative. Therefore, the management of health and safety risk is focused on prevention and mitigation of harm. There is a full-time registered Safety and Health Officer at the Corporation who ensures that the Corporation complies with all safety and health regulations and standards. The Safety and Health Officer also ensures that the MBC complies with its Safety and Health Policy statement. **************************** Page 6