Get in touch with us!
Just type your contacts
We wil contact you as soon as possible.

Risk Management Policy


This Risk Management Policy forms part of Black Ocean s.r.o.’s governance and control arrangements.

Risk management is not an isolated activity. It is one element together with planning, project and performance management of effective governance and management. The focus is on those risks that could disrupt the achievement of Black Ocean s.r.o.'s strategy.

The purpose of this policy and the supporting guidance is to establish Black Ocean s.r.o.’s underlying approach to risk management by clarifying the roles and responsibilities of the Board of Directors, the Finance and Audit Committee, Senior Management and other staff. It also describes the context for risk management as part of the overall system of internal controls and arrangements for periodic review. It aims to support those staff with particular involvement in anticipating, assessing and managing risks so that they can take timely and well-founded risk-informed decisions.


A risk is commonly defined as an effect of uncertainty on the achievement of objectives. In other words, risks are various events that can affect the achievement of objectives. Risk can have both negative and positive outcomes. Our aim is to manage the adverse effects and turn the risk into value. Risks are an everyday part of our activities. Our operations involve multiple partnerships, challenging environmental, organizational contexts and extensive geographic scope. The realization of our mission and strategy depends on our ability to recognise risks and to define suitable measures for their treatment. Effective risk management is about effective decision- making, not compliance. It is not limited to the identification and mitigation of negative risks, but also enables opportunities to be recognised that may involve some level of risk where they also have the potential to lead to positive outcomes, supporting the overall strategy.

Risk management refers to all activities performed by Black Ocean s.r.o. to anticipate, identify, assess and control the uncertainties which may impact on Black Ocean s.r.o.'s ability to achieve its aims, objectives and opportunities. These will range from organization-wide to specific projects or programmes, to the individual.

The risk management policy aims to demonstrate that Black Ocean s.r.o. is acting appropriately to anticipate risks; to assess risks; to avoid excessive risk; to embrace necessary or desirable risks with appropriate safeguards; that its response to risk, whether by insurance, control measures or avoidance, is proportionate and effective; that responsible staff are equipped to take risk-based decisions with confidence; and that we are intelligent in applying our risk appetite.


In our work to achieve our ambition, four risks stand out. The first concerns our reputation. Our Mission centers on creating and sharing knowledge and delivering projects that have a real impact. So we must undertake research and knowledge work of the highest quality and secure maximum impact and influence for our activities. As such, our reputation for the quality of our work, our autonomy and ethical and intellectual integrity are of paramount importance. We will be bold in the nature of our work, in our technical thinking, in our methodologies and we will be innovative in how we seek to impact and influence. We will do everything we can to mitigate risks to our reputation.

The second concerns our people. Certain parts of our work takes place online and overseas in locations that are inherently risky. We are responsible for the well-being of our staff. We, therefore, seek to ensure that work with partners overseas and in particular, overseas travel for our own staff, is informed by robust risk assessments and that traveling staff are trained and supported in their individual journeys. We will not require staff to travel or work in areas where we assess the risks to be excessive.

The third concerns our financial position. We will manage our income and control our costs, remain competitive whilst delivering well-managed projects and programmes on time and on budget. We will seek to minimize our financial exposure. We will not compromise our ethical standards to secure funding. We will not undertake work that compromises our financial solvency.

The fourth concerns the impact of our projects and programmes. Many of our services involve partners and collaborators often based online and overseas and/or operating in challenging environments. To do this well, we need to anticipate and manage all project and programme risks at the pre-proposal, proposal and inception stages. We need to make decisions about when to bid for funding and with whom, in good time but often on the basis of imperfect information. We need to be prepared to decide when we will take well-judged risks. when we will support responsible risk-taking and when we will not submit a funding proposal because of the risks. When we do, we must use relevant management information to track progress and identify difficulties. We will support our staff to do this well. We will not undertake work where we assess the financial or delivery risks to be too high. We will not compromise our ethical standards in delivering our work.


Our risk management approach will reflect the following principles:

And will be embedded in our governance structures as follows:


Black Ocean s.r.o.’s objectives in relation to risk management are to:


Effective risk management requires risks to be anticipated, identified and assessed regularly, and actions are taken to manage the risks, whether these are positive or negative. To support risk assessment and actions to be identified, Black Ocean s.r.o. will develop documentation about each project/programme specifying the country of operation, partner exposure, any key risks (e.g. foreign exchange). It will also develop training and communications tools to support project managers to manage risk.

We face specific operating risks that inform our approach to assessing risks as follows:

Details of Black Ocean s.r.o.’s approach to assessing risks are set out in the Appendix.


Our approach to risk management reflects sector guidance and aims to clearly locate responsibility for identifying and managing different levels and types of risk in a structured way.

In each case, the “owner” of the risk should have in place early warning mechanisms to alert Black Ocean s.r.o. so that remedial action can be taken to manage any potential hazards.


Risks regarded as high or very high in impact and probability should be identified in advance and a decision taken about whether to continue with the activity and if so, how to manage it to either realize the potential benefits or avoid the potential downsides. Risks change and evolve as projects develop, before bidding and throughout their funded life. Different risks will be managed with a particular focus. Some will be addressed through routine management, supported by Black Ocean s.r.o.’s systems, procedures and policies. Black Ocean s.r.o.’s risk management process has a particular role to play here in providing the forum for regular review of project implementation, including emerging issues that threaten successful delivery.


We will monitor the risks on the Strategic Risk Register, especially those with a “High” risk score. Clusters/units and departments will be asked to review the operational risks captured in their Registers termly. The Strategic Risk List is kept under review by the Finance and Audit Committee, which meets regularly. It is reported to the Board.
We will learn from our experience of risk management and seek to share issues and ideas with staff to enable them to work effectively in a risk-based manner. This will include learning from those risks that we take on knowingly, where we believe that we could secure significant benefits if the risks are handled responsibly.


The Board is responsible for overseeing risk management with a scheme of delegation to the Finance Resources and Audit Committee and policy implementation by the Director and senior staff. All senior staff are responsible for encouraging good risk management practice within their areas of responsibility and all project managers (researchers and professionals) will need to have regard to risk for the projects that they lead or support.

The Board will:

The Finance and Audit Committee will:

The Strategic Management Team will:

Country Directors, Cluster Directors and Heads of Professional Function will:

Project Managers will:

Individual members of staff will:


Internal controls encompass a review of the risks inherent in each activity. The Finance and Audit Committee report to the Board on the adequacy of internal controls. As part of its remit, the Committee reviews the work of the Internal and External Auditors and of Black Ocean s.r.o.'s management. The Committee is therefore well placed to advise the Board on the effectiveness of the internal control system.

Currently Black Ocean s.r.o. has an external consultant which it contracts to review and report the effectiveness and reliability of the internal control system.
As part of the annual audit, Black Ocean s.r.o.’s External Auditors will advise the Finance and Audit Committee on the operation of the internal financial controls.


The Board will periodically review its risk appetite and risk tolerance. The Board will also periodically review the effectiveness of the internal control system and in doing so will:

As part of its review, the Board will consider:



Most relevant authorities on risk management advocate two main parameters for assessing risks. The parameters are:

Privacy Policy Cookie Policy Risk Management Policy Terms and Conditions
Black Ocean s. r. o. All rights reserved.