1. Purpose Company recognises that risk management is an integral part of good management practice and fully supports risk management as an integral element in its governance processes.
Therefore, Company will adopt a risk management approach consistent with Indian Standards in their planning, approval, review, and control processes.
The purpose of this policy is to establish the systems and processes required to manage the risks involved in the CompanyÔÇÖs activities so as to maximise opportunities and minimise negative outcomes.
2. Application
This policy applies to all areas of CompanyÔÇÖs operations.
3. Objectives of Risk Management
The objectives of CompanyÔÇÖs risk management activities are to:
(a) Maintain the highest possible integrity for services provided by the Company
(b) Create an environment where all Company employees understand and accept the importance of risk management
(c) Improve incident management and reduction in loss and the cost of risk, including insurance premiums
(d) Achieve a more confident and rigorous basis for decision making and planning
(e) Improve the CompanyÔÇÖs ability to be proactive rather than reactive in risk management
(f) Improve compliance with relevant legislation and
(g) Demonstrate better corporate governance through transparent and responsible risk management processes aligned with accepted best practice standards and methods.
4. Risk Management Process
The main elements of the risk management process are:
(a) Establish the Context
Establish the strategic, organisational and risk management context in which the rest of the process will take place. Criteria against which risk will be evaluated should be established and the structure of the analysis to be defined.
(b) Identify Risks:
Identify what, why and how things can arise as the basis for further analysis.
(c) Analyse Risks
Determine the existing controls and analyse risks in terms of consequence and likelihood in the context of those controls. The analysis should consider the range of potential consequences and how likely those consequences are to occur. Consequence and likelihood may be combined to produce an estiamted level of risk.
(d) Evaluate Risks
Compare estimated levels of risk against the pre-established criteria. This enables risks to be ranked so as to identity management priorities. If the levels of risk established are low, then risks may fall into an acceptable category and treatment may not be required.
(e) Treat Risks Accept and monitor lowÔÇôpriority risks. For other risks, develop and implement a specific management plan, which includes consieration of funding.
(f) Monitor and Review
Monitor and review the performance of the risk management system and changes, which might affect it.
(g) Communicate and consult Communicate and consult with internal and external stakeholders as appropriate at each stage of the risk management process and concerning the process as a whole.
Roles and repsponsibilities
a) Elected reprensentatives:
elected representatives are responsible for supporting the framework that sets the parameters for what is to be achieved. This will require considering risks when making deceisions and allocating funding and resources.
b) Senior Management :
senior managements are responsible for ensuring that a risk management system is establilshed, implemented and maintained in accordance with this policy
c) All Employees Generally:
all employees are generally responsible for identifying potential risks.Management is additionally responsible for risk analysis, evaluation, assignment, registration, and the development of mitigation plans and risk reducion strategies.
These risk management processes should be integrated with other planning processes and management activities.
All employees are required to support and contribute to risk management initiatives and to advise their managers of risk issues they believe require attention.
d) Risk Management Group:
the Plant Head will ensure that employee representatives from across the organization meet regularly, through a risk committee or similar group, to implement risk, management actions throughout the organization. The General Manager or nominees will chair these meetings.
A Risk Management Action Plan wil be developed to guide the implementation of risk management activities.
The Plant Head is responsible for oversighting the implementation of the Risk Management action plan, determining an aceeptable level of risk for the Company, and monitoring the CompanyÔÇÖs overall risk profile and mitigation strategies.
e) Manger and Supervisors:
all managers and supervisors are responsible for the implementation of this Risk Management Policy and the Risk Management Action Plan within their respective areas of responsibility. This includes the identification, assessment and documenting of risks and acceptance or assignment of risk responsibility, ongoing assignment and recording of risks in a risk register.
Risk Assessment:
The objective of any risk management process is to establish a consistent and comparable basis for qualifying and measuring risk across the CompanyÔÇÖs operations.
These risk levels can then be compared to CompanyÔÇÖs acceptable level of risk,as determined by the Plant
Head, to identify an appropriate strategy for treatment.
Supporting Documents:
The General Manage Plant Head will ensure adequate support documents are developed foruse by staff in support of this policy. These documents include a risk register that records all identified risks, a risk management action plan that identifies actions to be taken to mitigate risks and a risk management framework that outlines the entire framework within Company for risk management.
Risk Registration, Treatment and Reporting:
CompanyÔÇÖs risk register requires managers to record, as a minmum, the risk description, an assessment of that risk, the responsible officer for managing that risk and treatment plans.
This information provides a useful tool for managers and staff to consider in both strategic and operational planning and is available to managers and staff.
The risk management group will monitor the risk profile of the Company with particular regard to those risks that exceed an acceptable risk level.
The management of risk will be integrated into CompanyÔÇÖs existing planning and operational processes and will be recognised in the funding and quartely reproting mechanisms,because of the evaluation of the level of risk and Company exposure.
Review :
This policy shall be reviewed at a minimum at least two years to ensure is meet the requirements of legislation and the need of Company.