RISK MANAGEMENT POLICY

1 Introduction

Risk influences every aspect of the business of AirXpanders, Inc. (AirXpanders). Understanding the risks faced by the AirXpanders group and managing them appropriately will enhance its ability to make better decisions, deliver on objectives and subsequently improve performance.If the AirXpanders group fails to identify, assess and manage its risks it may result in unbudgeted expenditure, damage stockholder confidence and potentially jeopardise the ongoing viability of the AirXpanders group.

The AirXpanders group views the management of risks to its people, assets and all aspects of its operations as a fundamental responsibility. It is committed to upholding its corporate and legal obligations by implementing and maintaining a level of risk management that protects and supports these responsibilities.

2 Objective

The AirXpanders group will take informed and considered risks through the introduction of a risk management framework and associated activities that will assist in the creation and protection of value.

3 Policy

To realise its risk management objective, the AirXpanders group will:

  1. identify and assess risks to its business objectives and understand how such risks influence performance;
  2. ensure that an appropriate risk management framework is in place and that this is aligned to its business strategy and that it evolves with its business;
  3. support the framework and strategy with an appropriate organisational structure and ensure that associated responsibilities are clearly defined and communicated at all levels of the business, including its control and accountability systems;
  4. ensure that risk information is communicated through a clear and robust reporting structure; and
  5. integrate ongoing risk management activities within the business.

4 Applicability

This policy applies to all areas of the AirXpanders group’s operations without exclusion and to all personnel.

5 Types of risk

5.1 Strategic risk

Strategic risks are primarily risks caused by events that are external to the AirXpanders group or risks at a group level that have a significant impact on its strategic decisions or activities.The causes of these risks include such things as national and global economies, government policies and regulations and interest rates. Often, they cannot be predicted or monitored through a systematic operation procedure. The lack of advance warning and frequent immediate response required to manage strategic risks means they are often best identified and monitored by senior management as part of their strategic planning and review mechanisms.

Accountability for managing strategic risks therefore rests with the Board and the Chief Executive Officer. The benefit of effectively managing strategic risks is being able to better forecast and quickly adapt to the changing demands that are placed upon AirXpanders.

5.2 Operational risk

Operational risks are inherent in the ongoing activities within the different business units of the AirXpanders group. These are the risks associated with such things as the day-to-day operational performance of staff. Senior management needs ongoing assurance that operational risks are identified and managed.

Accountability for managing operational risks rests particularly with the heads of business units. The benefits of efficiently managing operational risks include maintaining superior quality standards, eliminating undesirable surprises, the early identification of problem issues and being prepared for emergencies if they happen.

5.3 Project risk

Project risks are risks associated with projects that are of a specific, normally short-term nature and are frequently associated with acquisitions, change management and integration projects. An effective strategy for managing project risks is to develop a set of key criteria to manage the significant risks that are common within most projects. This approach assists project managers with the identification of the risks inherent in individual projects.

Project sponsors are accountable for the achievement of project deliverables and outcomes. However, specific risks associated with project management are normally delegated to project managers for their attention. Included among the benefits of efficiently managing project risks are the avoidance of unexpected time and cost overruns. Additionally, when project risks are well managed there are fewer integration problems with assimilating required changes back into general management functions.

6 Responsibilities

6.1 The Board

The Board is ultimately responsible for risk management in the AirXpanders group and for communicating the requirements of this policy.

The Board must satisfy itself that significant risks faced by the AirXpanders group are being managed appropriately and that the system of risk management within AirXpanders is robust enough to respond to changes in its business environment. The Board will also ensure that there is an appropriate organisation and reporting structure in place to support the delivery of this policy on an ongoing basis.

6.2 Audit and Risk Committee

The Audit and Risk Committee will have responsibilities in relation to risk management as set out in the Audit and Risk Committee Charter.

6.3 Business units

Each business unit is responsible for the identification, assessment, control, reporting and ongoing monitoring of risks within its own responsibility. Business units are responsible for implementing the requirements of this policy and for providing assurance to the Board that they have done so. The business unit, where considered appropriate, may enhance its o wn organisational structure provided that such enhancements further assist the achievement of the objectives of this policy.

6.4 Management

Management is responsible for identifying and evaluating risks within their area of responsibility, implementing agreed actions to manage risk and for reporting as well as monitoring any activity or circumstance that may give rise to new or changed risks.

6.5 Employees

All employees have a general duty of care and are responsible for complying with requests from management in connection with the application of this policy. Through appropriate preventative action, all reasonable care should be taken to manage events that have the potential to prevent AirXpanders from achieving its objectives and to ensure that AirXpanders’ operations, assets and reputation are safeguarded.

7 Further information

Any person who has questions about this policy, or who requires further information, should contact the Chief Executive Officer.

8 Review of this policy

This policy may be amended by the Board of Directors.Approved by the Board of Directors of AirXpanders, Inc.