Risk Management Policy
Goodricke Group Limited (GGL) assesses all risks at both pre and post mitigation levels. Such assessment looks at the actual or potential impact that a risk may have together with
an evaluation of the currently assessed probability of the likelihood of it occurring. GGL has determined the risk mapping plan and procedures after analyzing its top seven risks viz;
- Environmental & Social Risk,
- Business or Operational Risk,
- Market and Competition Risk,
- Financial and Labour Risk,
- Regulatory Risk,
- Organizational Structure, Internal Process And Culture Risk and
- Intellectual Property Rights Risk, while keeping the options open for identiflTing new risks and adverse effects or scenario which may have an impact on the business of GGL.
GGL will perform a full risk mapping exercises every year in accordance with the risk management plan and procedures and any improvements to the plan which the Board of
Directors may implement from time to time.
The Companies Act, 2013 and the Corporate Governance requirements of the Listing Agreement with the stock exchange require that GGL have a Risk Management Policy encompassing a Risk Management plan for identifying, assessing, mitigating and monitoring significant risks which may threaten the existence of GGL. The process should identify a) the nature of each risk b) its possible impact in terms of value c) the likelihood of occurrence d)ownership of the risk and e) steps to be taken to mitigate the risk.
An enterprise-wide risk management framework is applied and it is applicable to all aspects of GGL's business and to be followed at all of its units. This Risk Management Policy has
been created in furtherance of company's commitment to building a strong risk management culture.
The objectives of Risk management at GGL are to:
- Better understand company risk profile;
- Understand and better manage the uncertainties which impact company performance;
- Contribute to safeguarding company value and interest of various stakeholders;
- Ensure that sound business opportunities are identified and pursued without exposing the business to an unacceptable level of risk; and
- Improve compliance with good corporate governance guidelines and practices as well as laws & regulations.
Risk - Any event/non-event, the occurrence/non-occurrence of which can adversely affect the objectives/existence of the company. These threats may be internal/external to GGL, may/may not be directly influenced by GGL and may arise out of routine/non routine actions of GGL.
Risk Management - A structured, consistent and continuous process; for identifying, assessing, deciding on responses to and reporting on the opportunities and threats that may affect the achievement of company objectives.
Risk Library - A compilation of risks identified during the annual risk identification exercise. The risk library may be amended on a half yearly basis to include emerging risks.
Risks That Matter - Key risks (typically with significant impact and likelihood) are derived from the risk library resulting from the annual risk prioritization. Since these risks warrant more focus, GGL documents its mitigation strategy for these risks.
Mitigation Plans - Measures (existing and proposed) to mitigate/monitor/transfer the Risks That Matter.
Risk Competency Scan - Identification and assessment of existing risk mitigation strategies to address the Risks That Matter.
Risk MIS - Periodic reports to executive management or directors on risk management and its results.
THE RISK MANAGEMENT FRAMEWORK
While defining and developing a formalized Risk Management process, leading risk management standards and practices have been considered. However, the focus has been to make this process relevant to business reality and to keep it pragmatic and simple from an implementation and use perspective. The Risk Management Framework outlines the series of activities and their enablers that we expect each unit to deploy, to assess, mitigate and monitor risks. The Risk Management Framework at GGL comprises essentially of the following two elements:
- Risk Management process that helps identify, prioritize and manage risk in GGL; and
- Risk Management structure i.e. the roles and responsibilities for implementing the risk management programme.
Below is a representation of the Risk Management Framework.
Risk Management Process
Whether risks are external/internal to GGL, or can/cannot be directly influenced/managed, they are addressed by a common set of processes through the Risk Management process.
This process is scheduled to be performed:
- Annually along with the business planning exercise.
- At any point of time on account of significant changes in internal business conduct or external business environment.
- When the business seeks to undertake a non-routine transaction (such as an acquisition, entering into a new line of business etc.).
The following stages are involved in the Risk Management process:
- Establish the context is focused on laying down objectives that the company seeks to achieve and safeguard. Risks are identified and prioritized in the context of these objectives.
- Assess (identify and prioritize) risks, which comprises of:
Mitigate risks: involves design and implementation of activities that help manage risk to an acceptable level. It involves assessment of the existing competency of management processes to mitigate risks and make improvements thereto. For the Risks that Matter, the company is expected to formally define risk ownership, mitigation activities, responsibilities and milestones.
Monitor and Report: A formal process to update the Board of Directors, the Audit Committee and the Risk Management Committee on the risk profile and effectiveness of implementation of mitigation plans.
- Risk identification - involves identification of relevant risks that can adversely affect the achievement of the objectives.
- Risk prioritization- involves assessing the relative priority of each risk to arrive at the key risks or Risks That Matter CRTM). This involves considering the potential impact and likelihood of occurrence of the risk.
Risk Registers: Risk Registers shall be maintained showing the risks identified, treatment prescribed, persons responsible for applying treatment, status after the treatment etc. Risk Managers and Risk Officers to be identified for proper maintenance of the Risk Registers which will facilitate reporting of the effectiveness of the risk treatment to the Risk Management Committee, Audit Committee and the Board. Risk Management structure
The roles & responsibilities for implementing the Risk Management process are as follows:
The Board of Directors has the responsibility for overseeing that GGL has put in place a suitable framework for managing risks and this framework have been effectively deployed by the Management" The Board of Directors has delegated the task of overseeing the deployment of the Risk Management Framework to the Audit Committee. On an annual basis, a formal report on Risks That Matter shall be submitted to the Board of Directors for their review. The Audit Committee is responsible for the overall direction setting and reviewing implementation of the Risk Management Framework. Key responsibilities of the
Audit Committee are to:
- Provide direction and evaluate the operation of the Risk Management programme; and
- Review half yearly the annual risk assessments prepared by the Management.
The Risk Management Committee comprised of the Directors' and Executives, shall be responsible for ensuring effective roll-out of the risk management programme. The Risk Management Committee consists of Mr K. Sinha (Independent Director), Mr. P. K. Sen (Independent Director), Mr. A. N. Singh (Managing Director) Mr. S. Banerjee (Company Secretary). While the Company Secretary being Chief Risk Officer shall coordinate with different functions for implementing the risk management programme, the responsibility for identiflTing risks and implementing mitigation plans rests with the line management.
Internal Audit (IA) is entrusted with the responsibility to review and provide independent assurance on overall effectiveness and efficiency of the Risk Management process. While all risks cannot be audited, Corporate Internal Audit, External Audit, Environmental Health & Safety, Insurance or any other function(s) entrusted by the Audit Committee may provide independent assurance on the effectiveness of defined risk mitigation strategies for certain areas. In addition, these functions through their regular audit/ fieldwork at various levels might identify additional risks, which will serve as an input for the subsequent risk identification and definition process.
The Risk Management Framework does not intend to provide complete assurance against failures to achieve business objectives, nor does it provide full assurance against material misstatements, losses, frauds, human errors, misjudgements in decision-making and violations of legislation and regulations.