On 24 January 2017, the PKP CARGO S.A. Management Board adopted Resolution No. 11/2017 on introducing the “Risk Management Policy in PKP CARGO S.A.” (Policy). Pursuant to the resolution, two risk management systems, so far separate: business risk management system and information security system based on ISO 27001 norm, have been combined.
The Internal Control and Audit Department together with the Security Department have been obligated to exercise supervision over the implementation and execution of the provisions of the Policy.
- Learning the risk, determining its level.
- Criteria: probability and implications.
- Comparison of the results with the expectations and responding accordingly.
- Reaction to risk: acceptance, action, transfer, withdrawal
- Based on the analysis, it is determined whether an action plan should be prepared for the risk or whether the risk is tolerated.
Risk management from the perspective of risk owners:
- risk management in their areas of operations
- development and implementation and execution of risk handling plans for risks exceeding the acceptable level,
- risk monitoring and reporting on risk identification, analysis and evaluation,
- handling matters pertaining to risk management on the organizational unit level
- current keeping of risk registers,
- timely submission of the registers to the local information security coordinator responsible for the given location,
- planning of actions regarding risk identification, analysis and evaluation,
- timely submission of information
Reporting lines - The information about risks in PKP CARGO will be submitted as follows: