Byte Civil Company is committed to ensure proper management of a workplace, health and

safety and welfare to all employees and stake holders by minimizing adverse environment
impact to its workplace.
Objectives

 To help the decision makers of the organization explicitly take account of uncertainty, the
nature of that uncertainty and work towards a solution to address it.
 To establish a risk intelligence framework for the organization
 To ensure protection of stake holders value
 To achieve the strategic objective while ensuring appropriate management of risk
 Create an environment where all stuff assume responsibility for risk management

Purpose
To provide a framework for management to identify, assess and rate risks, and to develop
strategies to deal with risks so as to provide reasonable assurance that the Byte Civils’ strategies
objective will be achieved

Scope
To whom does the policy apply to?
The policy applies to all employees, employers, visitors, outside stakeholder, board of directors.

Where/ in what situation does the policy apply?

The policy applies upon the identification of risks in the civil construction that hinders it from
achieving its objectives. It covers all events within the company and events outside the company.
Risk governance
Who is involved in risk management?
Board of directors is responsible for supervising and confirming the risk management principles
and accessing whether the sectors risk management process is appropriate in terms of scope and
content. The board also confirms the risk levels prevailing at any given time and resolves on
measures to be taken to manage the most significant risk faced by the company.
The auditor/ audit committee
Is responsible for the evacuation of the adequacy of the decision making process and the flow of
information to the internal and external stakeholders
The Employer
Is responsible to take all necessary measures to eliminate hazards or minimize the risk to safety
and health in Byte civil construction under their control.
The manager
Is responsible for investigating the situation, determining what action is to be taken, ensure it is
completed and inform the president of the result.
Visitors
Are responsible for following instructions including signs and signals and not act recklessly.
Stakeholders
Are responsible for acting on time and supporting the process by honoring and supporting the
agreed upon process and deadlines.
The chair of the board
Is responsible for the management, the development and the effective performance of the board
of directors and for providing leadership to the board for all aspects of work.
Risk management process
Establish the context
To articulate objectives and define the external and internal parameters to be taken into account
when managing risk, and to set the scope and risk criteria for the remaining process.
The Internal environment is what the risk manager and organization identify as risks coming
from inside the organization

 Governance, organizational structure, roles and accountabilities

 Policies, objectives and the strategies that are in place to achieve them
 Capabilities understood in terms of resources and knowledge for example (capital, time,
people, processes, systems and technology)
The External environment, is what the risk manager and organization identify as risk coming
from outside the organization

 Social, cultural, political, financial, technological, economic and competitive

environment weather
 Relationships with perception and values of external stake holders
 Key drivers and trends having an impact on the objectives of the organization
Risk identification
The principle objective of risk identification program is to locate the risk before it becomes
problems and adversely affect the situation under consideration. Therefore Byte Civil
construction will identify all the risks in the organization that they might encounter. The risks
may be, environment risks, safety or financial aspects of the industry. This risks will be
identified through, interviews, workshops etc. and data will be collected through documentation.
A list of possible risks will then be formulated through check analysis.
Risk analysis
Is a process of identifying the possible outcomes of decisions. It is done in two ways, qualitative
and quantitative analysis. Byte Civil company will use the qualitative risk assessment method as
it is quick and relatively easy to use as broad consequences and likelihood can be identified and
they provide a general understanding of comparative between risk events, and the risk matrix
will be used to separate risk events into risk classes.
Analyze the risk; damaged equipment
Cause; failure to monitor equipment
Consequences; increased overtime and decreased productivity
Control; predictive maintenance

Risk level = probability * impact

Possible * major
3*4
= 12
high
Evaluate the risk
Risk evaluation is a process of comparing the results of risk analysis with criteria to determine
whether the risk and its magnitude is acceptable or tolerable

After treatment; regular inspections

Risk level = probability * impact
Rare * minor
1*2=2
Very low

Risk acceptance
Refers to the behavior of an entity in a situation of uncertainty that results from the decision to
engage in a behavior (or not to engage in it), after weighing the estimated benefits as greater (or
lesser) than the costs under the given circumstances.

Risk avoidance

Refers to not performing any activity that carry risk and or the elimination of risks, activities and
exposures that can negatively affect an organization and its assets.

Risk transfer

Is a risk management and control strategy that involves the contractual shifting of a pure risk
from one party to another.

Risk control
Is a process in which methods for neutralizing or reduction of identified risks are implemented

Communication and consultation

Communication refers to promoting an awareness and understanding of risk. This promotion can
take the form of written, visual or verbal communications in the channel, for example, visual
posters and written risk policies or email updates on risk. On the other hand, consultation focuses
more so on getting feedback and information from stakeholders. This information is then to be
used to support decision-making regarding risks. This can take the form of engaging an external
consultant, creating risk management committees which are inclusive of people from different
levels of the organization, or even facilitating industry round tables events. 

Monitoring and Review

Byte Civil register and associated management improvement plan is reviewed on a quarterly
basis by the management team. The risk management policy is revised every year by the
directors and will take into account progress made against the risk management improvement
plan. This is to ensure that new risks, or existing risks that may have changed during intervening
period, are addressed and that controls that have been adopted to mitigate risks continue to
remain effective. For example, the introduction of new technology may result in new modified
hazards or they can affect existing controls External stake holders

 Customers
 Suppliers
 Share holders
 Government agencies

Internal stake holders

 Employees
 The owner
 Managers

Integration with other systems and processes

What does risk management contribute and how?

Risk management is the process of identifying, assessing and responding to risks associated with
the integration of new software/hardware into an organization’s information technology
infrastructure. Integration risk management is important because it will help Byte Civil
Construction manage the risks associated with integrating new technology into the infrastructure
by identifying and assessing these risks. The organization can take steps to mitigate or avoid
them, which can help minimize disruption to business operations and protect sensitive data.

Risk categories

Strategic risk
These are the internal and external events that may make it difficult, or even impossible for an
organization to achieve their objectives and strategic goals

Climate risk

Is the potential for climate change to create adverse consequences for human or ecological
systems. This includes impacts on infrastructure services provision, health and well being

Compliance risk

Is a threat posed to a company’s financial, organizational or reputational standing resulting from

violations of laws, regulations and codes of conducts.

Reputational risk

Is the damage that can occur to a business when it fails to meet the expectations of its
stakeholders and is thus negatively perceived

Risk register

Is a document that is used as a risk management tool to identify potential setbacks within a
project.
I Date Risk Likelihoo Impac Severity Owner(perso Mitigation
D raise description d of the t if the rating n will action( act
d risk risk based on manage the ions to
occurring occurs treatmen risk) mitigate
t and the risks
likelihoo e.g reduce
d the
likelihood
Contractor Offer a
employees not mentoring
adequately program
trained
Labor shortage
Theft to Inspect
equipment/tool regularly
s
Natural Insurance
disasters programs
Poorly written Use of
statement software to
track
productivit
y to see
how
employees
respond
Risk reporting

Is an integral part of any process and critical from a monitoring perspective. Results of risk
assessment are reported to all relevant stake holders for review, input and monitoring. It is
prepared by the risk manager and reviewed by the management team.

Risk management performance

1. Number of risks identified

Byte Civil engineers will track the number of risks identified in different areas within your
organization. In doing so, you can better understand the potential threats and vulnerabilities to
the network, system, project, etc. To gain a holistic view of your risk management performance,
you would need to compare the number of risks identified to the number of risks that occurred,
and finally compare it to the number of risks mitigated.

2. Number of risks that occurred

The company will also quantify the number of risks that materialized into incidents to help better
inform your risk management strategy. This metric can offer better insights into whether or not
your risk management process is effective. For example, when the company notices a high
number of risks that materialized into full-blown issues in the organization. Then, that would
suggest the risk team would need to update the management and remediation tactics to prevent
future risks from materializing. Essentially, the ultimate goal is to minimize the number of risks
as much as possible.

3. Percentage of risks monitored

It’s important to monitor 100% of all identified risks. So that risk teams can then
leverage security ratings to help them prioritize higher-impact risks for remediation efforts. Byte
civil will conducting routine risk assessments and continuous monitoring for all identified risks
to empower the organization to detect increased cyber threat levels. This will also empower the
team to take immediate action on specific cyber risks that are more likely than others to
materialize.

4. Percentage of risks mitigated

Byte civil will need to assess and analyze the types of risks present, and also develop a robust
strategy to eliminate or reduce those risks. Risk teams can leverage risk assessments to help them
prioritize and allocate resources where needed. In doing so, they can reduce inefficiencies that
come from wasted efforts on low-impact risks. Risk teams should always aim to have their risk
mitigation plan effectively to reduce or eliminate 100% of the prioritized risks.

5. Cost of risk management programs

It is critical to have an effective risk management plan in place – saving the business money in
the long run. Risk management programs save organizations money by thwarting cyber risks
before they turn into issues. With a robust risk management strategy in place, organizations can
bounce back much quicker, maintain their reputation, and avoid having to pay significant
recovery costs.

Risk appetite

Mission……………

Vision; to guide decision making throughout the organization

Goal; to be specific, measurable, attainable, relevant and time bound.

Risk appetite statement

 To foster innovation and agility, Byte Civil company will adopt a higher tolerance for
risk in relation to finances and moderate tolerance for risks related to initiatives designed
to improve the company.
 It will ensure the effectiveness of risk management framework, so that the management
board are able to rely on adequate defense functions which includes, monitoring and
assurance functions undertaken by the audit and risk committee and risk governance
 It will ensure that internal audit coverage is driven by a clear understanding of risks,
challenges and opportunities facing Byte Civil Construction. Some of the risks will be
unique to individual service areas within Byte Civil Construction whilst others will be
common to other regulators and organizations, giving opportunities for benchmarking.
 Byte Civil Construction will ensure it has organizational culture which empowers stuff to
undertake well managed risk taking and are able to escalate risk concerns