Risk policy
From ACT Wiki
Risk management.
Predetermined actions the entity will take, or have in reserve, to deal with the various situations that might arise.
Risk policy should cover commercial as well as treasury approaches to exposure management.
The policy should identify and reflect the risk appetite and risk tolerances of the organisation, making explicit that a risk management system has been designed to provide reasonable assurance of achieving business objectives.
It should assign accountability for managing risks and reporting results on effectiveness of the system to executive management.