Risk Management System

RISK MANAGEMENT POLICY

JSC “Navoiyazot” is implementing an Enterprise Risk Management (ERM) system based on international standards ISO 31000:2018 “Risk Management – Principles and Guidelines” and the COSO ERM framework.
The goal of the system is to enhance business resilience, industrial and environmental safety, and transparency in decision-making and corporate governance.
The ERM system is being integrated into all key business processes and forms part of Navoiyazot’s strategic transformation.

METHODOLOGY AND PROCESSES

Principles of the Risk Management System (ERM)
The Enterprise Risk Management (ERM) system at JSC “Navoiyazot” is based on the principles of:
Integration, Systematic Approach, Adaptability, Inclusiveness,
Dynamism, Reliability and Accessibility of Information,
and Continuous Improvement at all management levels.
Risks are classified into strategic, operational, environmental, production, and financial categories.
For each risk, its likelihood, impact, and mitigation measures are determined, and residual risk is evaluated.

RISK MANAGEMENT ORGANIZATIONAL STRUCTURE

• Supervisory Board — oversees risk management strategy and approves related policies.
• Audit Committee — monitors the effectiveness of internal control and risk management systems.
• Management Board and Risk Committee — ensure the implementation and operation of the ERM system at the executive level.
• Risk Management Department — coordinates risk identification, assessment, monitoring, and reporting processes.
• Interaction with Internal Audit and Compliance — ensures alignment and effectiveness of control mechanisms.
The Risk Management Department is an independent structural unit of JSC “Navoiyazot” reporting directly to the Chairman of the Management Board.
This structure ensures the independence, objectivity, and strategic importance of risk management processes.
The department was established by Order No. 583/323 dated March 28, 2025.
The staffing plan includes two positions, and during April–October 2025, the department was fully staffed (Orders No. 1618k of April 29 and October 10, 2025).
In 2025, the following documents were developed and approved:
• Regulation on the Risk Management Department (05.05.2025);
• Job descriptions (07.05.2025);
• Regulation on the Risk Management Committee, established under Presidential Decree No. PF-100 (10.07.2024) and Company Order No. 1104 (13.06.2025).

KEY RISKS AND TRENDS

 System Implementation Stages
📘 Stage I – Diagnostic (July–September 2025)
Following a tender held with AO “UzAssets” on UzExTender, a contract (No. C-UZA-25-00113) was signed with KPMG Audit.
KPMG conducted a diagnostic audit and delivered a report, maturity matrix, and implementation roadmap.
📗 Stage II – Methodological (September–October 2025)
Jointly with KPMG, the following documents are being developed:
• Risk Management Policy;
• Risk Identification and Assessment Methodology;
• Risk Appetite and Tolerance Methodology;
• Internal Control and Risk Management Interaction Methodology;
• Corporate Risk Register and templates.
📙 Stage III – Implementation (November 2025 – February 2026)
• Launch of the Corporate Risk Register;
• Training for risk owners based on ISO 31000 and COSO ERM;
• Pilot risk assessment sessions;
• Integration of ERM with the Internal Control System.

🔹 5. Training and Competence Development
• In June 2024, 14 employees completed ISO 31000:2018 training at Cert Academy Group.
• In 2025, staff completed online courses:
– Introduction to Risk Management;
– Operational Risk Management: Frameworks & Strategies;
– Risk Management Professional (PMI-RMP®) Certification Course.
• A working group was formed and a draft implementation plan for ERM and ICS is being prepared (Order No. 1314 of 29.07.2025).
• Regular online sessions with KPMG are held for coordination.
• An internal risk awareness program is planned to promote risk culture through seminars and case studies.

REPORTING AND TRANSPARENCY 

Current Results
• Diagnostic audit by KPMG completed;
• Implementation roadmap developed;
• Risk Management Department established and staffed;
• Key methodological documents prepared;
• Corporate risk register and risk appetite in development;
• Risk Management Committee operational.

📞 Contact
Risk Management Department
JSC “Navoiyazot”
E-mail: standart@navoiyazot.uz
Head of Department — Shakhlo Sayidova