Risk Management

1. 1. Purpose

   The purpose of this Risk Management Policy is to establish a structured and consistent approach to identifying, assessing, managing, and monitoring risks that could impact Canduit's operations, services, and reputation. This ensures that risk is managed proactively and supports informed decision-making aligned with our strategic goals.

2. 2. Scope

   This policy applies to all departments, projects, employees, and contractors of Canduit, including all business operations, enterprise software development (ERP, CRM, HRMS, e-commerce), IT consulting, and custom development services.

3. 3. Risk Management Objectives
   • Identify potential risks that could affect project delivery or business continuity.
   • Assess risks based on likelihood and impact.
   • Implement appropriate controls to mitigate or manage risks.
   • Monitor and review risks continuously.
   • Ensure compliance with legal, regulatory, and contractual obligations.
4. 4. Types of Risks

   Canduit recognizes the following categories of risks:

   • Strategic Risks: Changes in market demand or client expectations, competitive pressure, reputation damage.
   • Operational Risks: Delays in project delivery, insufficient resource allocation, vendor or third-party failures.
   • Financial Risks: Budget overruns, late or non-payment by clients, currency fluctuations.
   • Legal & Regulatory Risks: Non-compliance with laws, contractual disputes, IP or copyright infringement.
   • Technological Risks: System failures, outdated software, inadequate testing or version control.
   • Human Resource Risks: Skill gaps, high staff turnover, inadequate training or onboarding.
5. 5. Risk Management Process

   Canduit follows a five-step risk management cycle:

   • Risk Identification: Risks are identified through project meetings, stakeholder consultations, internal audits, and feedback loops.
   • Risk Assessment: Risks are assessed for likelihood (low/medium/high) and impact (minor/moderate/critical). A risk matrix is used to prioritize actions.
   • Risk Mitigation: Controls and contingency plans are developed. Mitigation strategies include:
     • Avoidance: Eliminating the risk source.
     • Reduction: Minimizing likelihood or impact.
     • Sharing: Outsourcing or insurance.
     • Acceptance: Monitoring low-priority risks.
   • Risk Monitoring: Risks are reviewed periodically. Project managers and team leads track risk indicators and escalate emerging threats.
   • Reporting: Risk status is reported to management via dashboards or review meetings. Critical risks are escalated immediately.
6. 6. Roles & Responsibilities
   • Board of Directors / Executives: Approve the risk management framework. Ensure alignment with business strategy.
   • Risk Officer / Compliance Team: Maintain risk registers, monitor compliance with policies, train staff on risk awareness.
   • Project Managers: Identify and manage project-specific risks, implement mitigation strategies.
   • All Employees: Report potential risks, follow risk management procedures.
7. 7. Risk Tools & Documentation
   • Risk Register: Logs all identified risks and action plans.
   • Issue Tracker: For project-level risk and issue resolution.
   • Audit Logs: Tracks compliance with procedures.
   • Disaster Recovery Plan (DRP): Covers major disruptions.
8. 8. Policy Review

   This policy will be reviewed annually or upon significant business changes. Updates will be communicated company-wide.

9. 9. Exceptions

   Any deviations from this policy must be formally approved by senior management and documented with justification.

10. 10. Contact

    For questions or concerns regarding risk management:

    • Email: privacy@canduit.org
    • Phone: +880 1918-317966
    • Office Address: Zaman Tower (10th Floor), Suite 1104 (A)
      Culvert Road, Purana Paltan, Dhaka–1000, Bangladesh