Icelandair’s Risk Management governance framework is designed to manage the Company risk-taking in the context of its business strategy, and considering its risk-bearing capacity, risk appetite, and minimum capital and liquidity requirements. The overall purpose of the framework is to improve operational stability and to form a foundation for proactive risk management.
In addition to the Risk Management Policy, the Risk Management framework consists of three sub-policies, the Financial Risk Policy, the Liquidity Policy, and the Operational Risk Policy as well as guidelines, procedures, and internal controls as deemed appropriate.
To identify and manage risks effectively Icelandair follows a three-lines-of-defense model were these three lines work together to provide structure around risk management and internal governance.
- Risk owners within the business and support functions are responsible for day-to-day risk assessment and mitigation. This includes the responsibility for ensuring the necessary resources and training of employees for identifying, understanding, and monitoring these risks through the relevant internal policies, regulations, and procedures.
- The Treasury and Risk Management team and the Risk Committee are responsible for creating and communicating the Company’s overall risk management framework and strategy. This includes overseeing risk assessment and reporting on principal and emerging risks to the Board.
- Internal control and external auditors provide monitoring, oversight and audit activities reporting independently to the Audit Committee and/or Board of Directors.