The ERM processes is comprised of four fundamental steps: ESTABLISH THE CONTEXTValeura%u2019s risk management approach begins by defining the business context, identifying risks across all operations, and recording them in a corporate-level enterprise risk register. Inputs to the ERM process are drawn from three sources, including board-level input, management input, and risks identified through the operational risk management process, as more fully described below.Establish the ContextRisk Assessment and PrioritisationRisk Treatment and Enhancing Business ResilienceMonitoring and reportingIdentified risks are consolidated in the enterprise risk register and categorised before being presented to the relevant governance bodies that oversee the ERM process.Management-level inputs Risk Champions, Risk Owners, and function heads are tasked with overseeing risk management at the operational level. They hold quarterly reviews to assess risks from their respective areas.Operational Risk Management (ORM) Process All business functions assess operational risks in line with ISO 9001, ISO 14001, and ISO 45001 standards. These risks are captured for the enterprise risk register, which is reviewed and updated periodically. High-risk issues are prioritised and escalated through the ERM process.Board-level InputsThe Board and executives help identify high-level risks from the top-down perspective.100 2024 SUSTAINABILITY REPORT%uf098 Sustainability at Valeura %uf098 Environment %uf098 Social %uf098 Governance %uf098 Appendix