Upload
rahul-kumar
View
219
Download
0
Embed Size (px)
Citation preview
8/17/2019 Final Risk Management Manual Edition 1
1/46
First Edition
Risk ManagementManual
Total Quality Management217, Nazrul Islam Avenue, Kolkata- 700059
8/17/2019 Final Risk Management Manual Edition 1
2/46
- 1 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Company Profile
Exide Industries Limited is the country’s largest manufacturer of lead acidstorage batteries and Power storage solutions provider. With seven batteriesmanufacturing plant, two inverter plant & two smelting plant with international
standard factories spread across the nation for producing batteries, thecompany offers one of the widest ranges of batteries for every conceivableapplication in automotive as well as industrial segments. Exide also hasmanufacturing facilities in Sri Lanka & Singapore and does business globallythrough its subsidiaries and international affiliates.
Exide’s products are sold globally, particularly in developed markets like Australia, Japan and Western Europe, under its own brand names.
Exide’s strong brand pull, established in India for more than hundred years, is
supplemented by its nationwide dealer network and a very strong R&D center.With the help of its collaborators – Shin Kobe and Furukawa of Japan andEast Penn of the US - Exide has consistently remained at the cutting edge ofinternational battery technology and introduced various pioneering productsand Power storage solutions in the Indian and global markets.
Exide’s vast product range, that includes everything from the smallest UPSbatteries to the giant submarine batteries, find applications in automotive, two-wheelers, inverters, UPS, Power, telecom and railways, among others. Exideis also present in the non-conventional energy business where it designs andintegrates solar and wind Power solutions for use in remote areas of thecountry.
Exide’s customer list includes some of the top most international names inindustries as diverse as automotive, earth moving equipment, telecom andUPS manufacturers.Exide has recently branched out into the synergistic business ofmanufacturing and marketing its own range of home UPS systems therebyoffering a total end to end solution to its customers.
8/17/2019 Final Risk Management Manual Edition 1
3/46
- 2 -| P a g e T o t a l Q u a l i t y M a n a g e m e n t
RISK MANAGEMENT POLICY
We at Exide Industries Limited in the pursuit of our vision to be recognised as Word
Class Company and be the customers’ preferred choice in energy storage system,are subject to certain risks that affect our ability to operate, serve customer, protect
assets and implement strategies. These risks are integral part of our operations /
processes and present across the organisation. We are committed to minimizing/
eliminating these risks through effective risk management to
Achieve our business objectives
Control organization exposure to risks and
Strengthen corporate governance
Further, it is the policy of the company to:
Identify all risks in external and internal context of business as legal, regulatory,social, cultural, political, operational strategic, technological, etc. and deploy effectiverisk mitigation strategies to minimize/eliminate their adverse effects on our endeavourto achieve organizational objective, mission and vision.
Establish. Implement and maintain effective Risk Management System across theorganization and insure identification, evaluation, analysis and mitigation of risksthrough the standard process, metrics, monitoring, control and review mechanism.
Ensure that organisation experience and learning in risk management is
managed, sheared and utilized to improve our preparedness and ability to deal
with risks.
Continually improve the adequacy and effectiveness of Risk Management
System and deploy best of breed processes to minimize risks.
Comply with applicable legal, statutory requirements related to Risk
Management System.
Ensure review of Risk Management policy periodically or in response to
significant events or changes in circumstances.
The Risk Management Policy shall be made available to all stakeholders and
interested parties.
Paban Kr.Kataky
MD & CEO
10th April 2015
8/17/2019 Final Risk Management Manual Edition 1
4/46
- 2 - | Page Total Quality Management
8/17/2019 Final Risk Management Manual Edition 1
5/46
- 4 - | Page Total Quality Management
8/17/2019 Final Risk Management Manual Edition 1
6/46
- 5 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Sl.No Contents Page.No
1 Introduction 7
2 Principles 9
3 Terms And Definitions 124 Framework 14
4.1 General 1415
4.2 Mandate And Commitment 15
4.3 Design Of Framework For Managing Risk 15
4.3.1 Understanding Of The Organization And Its Context 15
4.3.2 Establishing Risk Management Policy 18
4.3.3 Accountability 20
4.3.4 Integration Into Organizational Processes 22
4.3.5 Resources 22
4.3.6 Establishing Internal Communication And ReportingMechanisms
23
4.3.7Establishing External Communication And ReportingMechanisms
24
4.4 Implementing Risk Management 25
4.4.1 Implementing The Framework For Managing Risk 25
4.4.2 Implementing The Risk Management Process 26
4.5 Monitoring And Review Of The Framework 28
4.6 Continual Improvement Of The Framework 28
5 Process 29
5.1 General 29
5.2 Communication And Consultation 29
5.3 Establishing The Context 30
5.3.1 General 30
5.3.2 Establishing The External Context 30
5.3.3 Establishing The Internal Context 31
5.3.4Establishing The Context Of The Risk ManagementProcess
31
5.3.5 Defining Risk Criteria 32
5.4 Risk Assessment 335.4.1 General 33
5.4.2 Risk Identification 33
5.4.3 Risk Analysis 34
5.4.4 Risk Evaluation 35
5.5 Risk Treatment 37
5.5.1 General 37
5.5.2 Selection Of Risk Treatment Options 38
5.5.3 Preparing And Implementing Risk Treatment Plans 38
5.6 Monitoring And Review 39
Corporate Risk Register 40
8/17/2019 Final Risk Management Manual Edition 1
7/46
- 6 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Sl.No Contents Page.No
Annexure-1 Company Level Goal & Critical Success Factor 41
Annexure-2 Functional Level Goal & Critical Success Factor 42
Annexure-3 Risk Register 43
Annexure-4 Risk Treatment 44 Annexure-5 Counter Measure (3W1H) 45
8/17/2019 Final Risk Management Manual Edition 1
8/46
- 7 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Introduction To Risk Management
To improve the Company’s ability to address the increasingly complex
internal and external legal issues and potential business, in 2015 Exide
Industries Limited (“The Company”) began to apply the concept of risk
management. Through risk management, the Company expects to
proactively identify potential critical problems for the Company’s business
and is able to perform mitigation measures that are considered the most
optimal. To conduct these functions, the Company established the Risk
Management Executive committee.
As the framework for risk management, Exide Industries Limited. has
established the implementation of a risk management manual that is
prepared with reference to the rules and standards of the Executive
Committee of the Organization. The socialization phase has been
implemented for the managerial level staff through in-house training,
internal seminars, implementation mentoring, dissemination through the
media intranet, and other activities. To facilitate its application in the
field, a risk management handbook has been formulated and distributed
to the leadership ranks of Exide Industries Limited at the “E” Grade and
above, or to Key Persons that have been authorized to manage risk in
their respective processes. A risk is a potential event that negatively
affects the achievement of the vision, mission, goals and targets of the
Company or organizational unit. Risk Management is an attempt to
minimize the negative effects from the various sources of risks facing theCompany’s business activities so that objectives can be achieved
optimally. The Risk Management Division is responsible for ensuring that
analysis and management of risk have been conducted for all units of the
organization and to ensure that the analysis and management of risk
have been implemented in an effective, efficient and consistent manner at
each process.
To ensure that the implementation of Risk Management in the Company
has been conducted audit according to the standards set by
ISO9001:2015,
To support the implementation of Risk Management in all processes, the
Executive committee has prepared the infrastructure as a means to
guide/train, socialize and mentor.
Risk factors have been identified, which are spread throughout almost all
processes, the risks identified are recorded in a Risk register of Exide
Industries Limited.
8/17/2019 Final Risk Management Manual Edition 1
9/46
- 8 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
The implementations of risk management in the Company, among others,
are done through the following activities:
o The dissemination of risk management implementation internally in
the Company, including the EIL Executive committee
o Risk analysis for processes and corporate risks are conducted as a
representation of the Company risk reporting and as a base for
strategic decisions by Management which is included in the annual
Business Plan.
o Through mentoring the preparation of risk analysis by prioritizing
the main activities of the Company.
o Though preparation of the Company’s risk register.
o Through risk analysis of strategic Company projects (Lead Acid
storage batteries).
o Through spot risk analysis associated with the actual conditionsfacing the Company.
o Conducting risk analysis of environmental, health and occupational
health aspects.
o Implementing different Management System (i.e, QMS, TS, EMS &
OHSAS)) by completing the Key Performance Indicators (KPI) for
the Unit Work Targets with Key Risk Indicators (KRI) in order to
mitigate the performance achievements.
The business risks faced by Exide Industries Limited as Lead acid storage
battery company are classified into four types of risk, these are:
1. Strategic risks (Business Risk), i.e. risks that are strategic for the
development of the company, such as technology development,
government policies, investment plans, new product development,
etc.
2. Operational Risk, the risk of loss due to the failure or inadequacy of
the quality control of business processes.
3. Support Processes Risk, risk that directly or indirectly lead to lossesi.e. financial risk, environmental risk (those impacts on
environmental degradation, environmental pollution, social
disruption, the company’s reputation, etc.),
8/17/2019 Final Risk Management Manual Edition 1
10/46
- 9 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Principles Of Risk Management
For risk management to be effective, an organization should at all levels
comply with the principles below.
a) Risk Management Creates And Protects Value.
Risk management contributes to the demonstrable achievement of objectivesand improvement of performance in, for example, human health and safety,security, legal and regulatory compliance, public acceptance, environmentalprotection, product quality, project management, efficiency in operations,governance and reputation.
b) Risk Management Is An Integral Part Of All Organizational Processes.Risk management is not a stand-alone activity that is separate from the mainactivities and processes of the organization. Risk management is part of theresponsibilities of management and an integral part of all organizationalprocesses, including strategic planning and all project and changemanagement processes.
c) Risk Management Is Part Of Decision Making.
Risk management helps decision makers make informed choices, prioritize
actions and distinguish among alternative courses of action.
d) Risk Management Explicitly Addresses Uncertainty.
Risk management explicitly takes account of uncertainty, the nature of thatuncertainty, and how it can be addressed.
e) Risk Management Is Systematic, Structured And Timely.
A systematic, timely and structured approach to risk management contributes
to efficiency and to consistent, comparable and reliable results.
f) Risk Management Is Based On The Best Available Information.
The inputs to the process of managing risk are based on information sourcessuch as historical data, experience, stakeholder feedback, observation,forecasts and expert judgement. However, decision makers should informthemselves of, and should take into account, any limitations of the data ormodelling used or the possibility of divergence among experts.
8/17/2019 Final Risk Management Manual Edition 1
11/46
- 10 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
g) Risk Management Is Tailored.
Risk management is aligned with the organization's external and internalcontext and risk profile.
h) Risk Management Takes Human And Cultural Factors Into Account.
Risk management recognizes the capabilities, perceptions and intentions ofexternal and internal people that can facilitate or hinder achievement of theorganization's objectives.
i) Risk Management Is Transparent And Inclusive.
Appropriate and timely involvement of stakeholders and, in particular, decisionmakers at all levels of the organization, ensures that risk managementremains relevant and up-to-date. Involvement also allows stakeholders to beproperly represented and to have their views taken into account in determiningrisk criteria.
j) Risk Management Is Dynamic, Iterative And Responsive To Change.
Risk management continually senses and responds to change. As externaland internal events occur, context and knowledge change, monitoring andreview of risks take place, new risks emerge, some change, and othersdisappear.
k) Risk Management Facilitates Continual Improvement Of TheOrganization.
Organizations should develop and implement strategies to improve their riskmanagement maturity alongside all other aspects of their organization.
8/17/2019 Final Risk Management Manual Edition 1
12/46
- 11 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Relationships Between Risk Management Principles, Framework &
Processes
8/17/2019 Final Risk Management Manual Edition 1
13/46
- 12 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Term And Definition
Sr.no Terms Definition
1 Risk Effect of uncertainty on objectives
2Riskmanagement
Coordinated activities to direct and control anorganization with regard to risk
3Riskmanagementframework
Set of components that provide the foundationsand organizational arrangements for designing,implementing, monitoring , reviewing andcontinually improving risk management throughoutthe organization
4Riskmanagementpolicy
Statement of the overall intentions and direction ofan organization related to risk management
5 Risk attitudeOrganization's approach to assess and eventuallypursue, retain, take or turn away from risk
6Riskmanagementplan
Scheme within the risk management frameworkspecifying the approach, the managementcomponents and resources to be applied to themanagement of risk
7 Risk ownerPerson or entity with the accountability andauthority to manage a risk
8
Risk
managementprocess
Systematic application of management policies,procedures and practices to the activities of
communicating, consulting, establishing thecontext, and identifying, analyzing, evaluating,treating, monitoring and reviewing risk
9Establishingthe context
Defining the external and internal parameters to betaken into account when managing risk, andsetting the scope and risk criteria for the riskmanagement policy
10Externalcontext
External environment in which the organizationseeks to achieve its objectives
11 Internal contextInternal environment in which the organization
seeks to achieve its objectives
12Communicationandconsultation
Continual and iterative processes that anorganization conducts to provide, share or obtaininformation and to engage in dialogue withstakeholders regarding the management of risk
13 StakeholderPerson or organization that can affect, be affectedby, or perceive themselves to be affected by adecision or activity
14Riskassessment
Overall process of risk identification, risk analysisand risk evaluation
15 Riskidentification
Process of finding, recognizing and describingrisks
8/17/2019 Final Risk Management Manual Edition 1
14/46
- 13 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
16 EventOccurrence or change of a particular set ofcircumstances
17 Consequence Outcome of an event affecting objectives
18 Likelihood Chance of something happening
19 Risk profile Description of any set of risks
20 Risk analysisProcess to comprehend the nature of risk and todetermine the level of risk
21 Risk criteriaTerms of reference against which the significanceof a risk is evaluated
22 Level of riskMagnitude of a risk or combination of risks,expressed in terms of the combination ofconsequences and their likelihood
23 Risk evaluationProcess of comparing the results of risk analysiswith risk criteria to determine whether the risk
and/or its magnitude is acceptable or tolerable24 Risk treatment Process to modify risk
25 Residual risk Risk remaining after risk treatment
26 Monitoring
Continual checking, supervising, criticallyobserving or determining the status in order toidentify change from the performance levelrequired or expected
27 Review Activity undertaken to determine the suitability,adequacy and effectiveness of the subject matterto achieve established objectives
8/17/2019 Final Risk Management Manual Edition 1
15/46
- 14 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4. Framework
4.1 General
The success of risk management will depend on the effectiveness of the
management framework providing the foundations and arrangements that willembed it throughout Exide at all levels. The framework assists in managingrisks effectively through the application of the risk management process (seeClause 5) at varying levels and within specific contexts of Exide. Theframework ensures that information about risk derived from the riskmanagement process is adequately reported and used as a basis for decisionmaking and accountability at all relevant processes.
This clause describes the necessary components of the framework formanaging risk and the way in which they interrelate in an iterative manner, as
shown,
8/17/2019 Final Risk Management Manual Edition 1
16/46
- 15 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4.2 Mandate And Commitment
Exide’s introduction of risk management and ensures its ongoingeffectiveness with strong and sustained commitment by management of theorganization, as well as strategic and rigorous planning to achieve
commitment from all levels. Management of Exide Industries Limited
o define and endorse the risk management policy;o ensure that the organization's culture and risk management policy are
aligned;o determine risk management performance indicators that align with
performance indicators of the organization;o align risk management objectives with the objectives and strategies of
the organization;o ensure legal and regulatory compliance;o assign accountabilities and responsibilities at appropriate levels within
the organization;o ensure that the necessary resources are allocated to risk management;o communicate the benefits of risk management to all stakeholders; ando ensure that the framework for managing risk continues to remain
appropriate.
4.3 Design Of Framework For Managing Risk
4.3.1 Understanding Of The Organisation And Its Context
Exide has identified its external and internal context to design andimplementation of framework for managing risk. Evaluating the externalcontext includes and is not limited to:The social and cultural, political, legal, regulatory, financial, technological,economic, natural and competitive environment, whether international,national, regional or local;
External Risks
Economic Risk
The battery industry is an industry that produces solution for all type of
batteries related to Lead acid storage batteries to meet the needs of
automotive, Industrial, Defence etc . Therefore, the Company has taken
strategic steps to anticipate various scenarios of events that could adversely
affect the Company’s business continuity.
8/17/2019 Final Risk Management Manual Edition 1
17/46
- 16 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Raw Materials Scarcity Risks
Major raw materials of Exide namely Lead, still come from imports so that
there is the risk of shortages of raw materials for production. The efforts by the
Company to minimize the negative impact of the risk of scarcity of raw
materials, include among others:
o Encourage the establishment of a local Smelters to support the needs
of Lead raw materials.
o Working closely with R&D and collaborators in research to minimise the
wastage of raw materials.
o Expand the network of suppliers for Long term supply of raw materials.
o Improving the database and evaluating the performance of suppliers.
Energy Scarcity Risks (Gas And Electricity)
Energy is a major raw material requirement of the battery industry. In order to
minimize the negative impacts of the risk of energy shortages, the Company
has initiated the following:
o Promote an internal program for energy efficiency through efficiency
programs in all operational areas.
Risk Of Damage And Loss Of Assets
To control the risk of damage and loss of assets, the Company has initiatedthe following:
o Develop the inventory management as prevention and protection
against damage or loss of the Company’s assets.
o Insure all assets and property of the Company, which are exposed to
the risk of loss due to damage, fire, loss and other possible causes are
insured.
o Insure all goods (cargo) that are in transit (transport) with respect to the
agreed terms of delivery by the seller or buyer.
o Insure all possible losses that might occur to the assets themselves andthird parties who are located at the office and factory areas owned by
the Company.
Risk of Exchange Rate Fluctuations
The floating exchange rate system that is implemented by the Government ,
the Rupiah exchange rate movements against foreign currencies, including
U.S. dollars, difficult to predict. The possibility of the Rupiah depreciatingagainst the dollar or other hard foreign currencies is very real. For the
8/17/2019 Final Risk Management Manual Edition 1
18/46
- 17 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Company, the depreciation of the rupiah will greatly affect the cost structure,
given its substantial dependence on imported raw materials. To control this
risk, the Company initiated the following efforts:
o Established sale prices adjusted for exchange rate changes.
Business Competition Risk
Lead Acid storage Battery industry is relatively open. Demand does not make
significant restrictions on market shear. To control this risk, the Company
initiated the following:
o Improve cost competitiveness in all areas.
o Ensure accuracy and speed in handling consumer claims.
o Meet on time delivery and quality demands.o Establish a network of distributors.
o Analyse annual customer feedback to strengthen the Company’s
relationships with customers, while also enhancing customer loyalty.
o Conduct annual customer satisfaction surveys to determine the level of
customer satisfaction with the Company’s products, and to determine
aspects that need to be improved on an on-going basis.
International Regulatory Risk
Globalization, among others, is marked by an increasing role of the World
Trade Organization (WTO), giving birth to a variety of new regulations, which
makes business competition in the entire production chain, from raw materials
procurement to distribution and sale of products increasingly stringent. To
minimize the adverse effects of market liberalization, the Company initiated
the following efforts:
o Regularly assessing the impact of international regulations on the
Company.
o Propose solutions to the minister and the ministries concerned to protect
the interests of the industry.
Risk of Government Policy
Trends in world trade, together with domestic influence government policy, As
a precaution against possible negative impacts, the Company initiated a
variety of efforts including:
8/17/2019 Final Risk Management Manual Edition 1
19/46
- 18 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o Studying the impact of government policies against the Company and
act follow up on these studies.
o Propose solutions to the minister and the relevant Technical
Department to protect the interests of the national industry.
Internal Risk
Evaluating the internal context includes and is not limited to:
Operation Risk Factory
To control the risk of possible disruption of plant operations, the Company has
conducted the following actions:
o Implemented predictive programs and preventive maintenance
consistently.
o Conducting daily, weekly and monthly studies on the operating
performance of its production facilities to increase efficiency and
profitability.
o Assess and implement the revitalization program to ensure reliable
operation of production facilities.
Employee Risk
Risks associated with personnel issues are very broad, including accidents,health, pension plans, retirement, termination of employment, and more. To
minimize such risks, the Company has initiated the following steps:
o Involve all employees in the Workers Social program (Social Security)
which includes insurance for Accidents, Death Benefits, and Pension
Plans, through the Body for the Implementation of the Labor Social
Security Program in accordance with the legislations in force.
o Providing health care to employees and their families.
o Organizing Pension Plans and Old Age Retirement Programs.
o
Provide and grant the rights of employees in accordance with theCollective Labor agreement between the Company and Labor Unions.
Environmental Impact Risk
Environmental pollution, for any reason, can have a negative impact on the
work environment, employee health, and safety of workplace equipment and
also create lawsuits. As evidence of the Company’s commitment to
environmental protection, the Company has commissioned a unit specifically
tasked with managing Safety, Health and Environment. The Company has
8/17/2019 Final Risk Management Manual Edition 1
20/46
- 19 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
consistently and dutifully also implemented rules and regulations, including
those set out in the Environmental Management System (ISO 14000) and
Occupational Health Safety Management system (OHSAS).
4.3.2 Establishing Risk Management Policy
Exide has defined his risk management policy and clearly states theorganization objective for and commitment to “risk management”
As defined in page number 2 of Risk management manual Edition 1
8/17/2019 Final Risk Management Manual Edition 1
21/46
- 20 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4.3.3. Accountability
Exide has ensure that there is accountability, authority and appropriatecompetence for managing risk, including implementing and maintaining therisk management process and ensuring the adequacy, effectiveness andefficiency of any controls.
Organisation chart:
Chief-
Manufacturing
Industrial
MD & CEO
Chief – TQM & MR
MRR-Hsr
MRR-Chn
MRR-Tlj
MRR-Shm
MRR-Hal
MRR-Bwl
Jt. MD. Dir-Indl.
Chief R&D-Auto
VP Projects
Com. Sec &Sr. VP Legal
Dir- HR,
Personnel
Chief-Commercial
Mktg,
Sales &
Service
Orgn
EVP-
Infra,
Mktg. &
Sales
Chief-
Manufacturing
Automotive
COM-Hsr
COM-Chn
COM-Tlj
COM-Shm
Dy. COM-Hal
COM-Bwl
Dir-Finance
Chief R&D-
Indl
COM-Ahm
MRR-Ahm
VP-Sub
MRR-R&D
EVP Special
Projects
MRR-CPSSL
MRR-CML
MRR-CAIL
MRR-Haridwar
MRR-Roorkee
Dy COM-
CML
Dy COM-
CAIL
GM-IT
Dy COM-
Haridwar
Dy COM-
Roorkee
Chief – VD
EVP-FMIB-Business
8/17/2019 Final Risk Management Manual Edition 1
22/46
- 21 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Roles And Responsibilities
Management Board
o Annual review of the risk register and mitigation of risks, ensuring that
the risk management process works effectively .
o Identification of additional corporate risks and their mitigation plan.
Executive Committee
o Identification of corporate risks, their mitigation plan, and effective
deployment of risk management process.
o Half yearly Review of corporate risks and mitigating actions., their
effectiveness.
o Ensure evaluation of risk while making decisions, ensure preparedness
& control.
Process Heads
o To identify risks to the achievement of their unit’s business plan which
might also be corporate risks to compliance officer of such risks.
o To identify relevant mitigating actions, to include these within their unit’s
business plan, and to ensure the business plan is achieved.
o Implement the mitigating actions, monitor & ensure control for
effectiveness.
Compliances Officer
To manage the risk management process ensuring that:
o The Corporate Risk Register is presented to board as appropriate;
o The risk register is access able, and employees are encouraged to
contribute, towards mitigation action.
8/17/2019 Final Risk Management Manual Edition 1
23/46
- 22 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o Inconsistencies, gaps and process deviations, in the Corporate Risk
Register are identified & addressed.
o To ensure that the Corporate Risk Management Policy is kept up to
date
o Ensure that applicable regulatory & statutory requirements pertaining to
risk management are fully addressed.
o Ensure timely reporting / response to any query to regulatory &
statutory authorities.
4.3.4 Integration Into Organisational Process
Exide has embedded in all the processes in a way that risk management is
relevant, effective and efficient. The risk management process should becomepart of, and not separate from, those organizational processes. In particular,risk management has embedded into the policy development, business andstrategic planning and review, and change management processes.Exide ensure that the risk management policy is implemented and that riskmanagement is embedded in all of the processes.
4.3.5 Resources
Exide has allocated appropriate resources for risk management where majorconsideration has been given to the following:
o People, skills, experience and competence;o Resources needed for each step of the risk management process;o The organization's processes, methods and tools to be used for
managing risk;o Documented processes and procedures;o Information and knowledge management systems; ando Training programmes.
8/17/2019 Final Risk Management Manual Edition 1
24/46
- 23 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4.3.6 Establishing Internal Communication And Reporting Mechanisms
Exide has identified the process for internal communication systemo Individual process owner will identify the risk within the processo The risk will be communicated to process Heado Team of process head within the process will review the risk
assessmento The team will forward the risk to executive committee
8/17/2019 Final Risk Management Manual Edition 1
25/46
- 24 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o Executive committee will review the risk assessment and give its reportto process head if its found not satisfactory.
o If the assessment found satisfactory the same will be forwarded tomanaging board.
o Board will finally give its decision based on business / policyrequirement.
4.3.7 Establish External Communication And Reporting Mechanisms
Exide Industries Limited has developed and implements a plan tocommunicate with external stakeholders. This has involved:
o Engaging external stakeholders and ensuring an effective exchange ofinformation in board meeting.
o Reporting to comply with legal, regulatory, and governancerequirements;
o Providing feedback and reporting on communication and consultation;o Using communication to build confidence in the organization; ando Communicating with stakeholders in the event of a crisis or
contingency.These mechanisms have or where appropriate, include processes toconsolidate risk information from a variety of sources.
8/17/2019 Final Risk Management Manual Edition 1
26/46
- 25 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4.4 Implementing Risk Management
4.4.1 Implementation The framework Of Managing Risk
Exide has developed and implement a plan as to how it will communicate withexternal stakeholders.This should involve:o engaging appropriate external stakeholders and ensuring an effective
exchange of information;o external reporting to comply with legal, regulatory, and governance
requirements;o providing feedback and reporting on communication and consultation;o using communication to build confidence in the organization; ando Communicating with stakeholders in the event of a crisis or
contingency.
These mechanisms should, where appropriate, include processes toconsolidate risk information from a variety of sources, and may need toconsider the sensitivity of the information.
Following framework will be used for identifying and recording the risks
identified with the organisation.
8/17/2019 Final Risk Management Manual Edition 1
27/46
- 26 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Identification: The Process of finding, recognizing and describing a Risk
associated with an event that might.
4.4.2 Implementation Of Risk Management Process
Risk management should be implemented by ensuring that the riskmanagement process outlined in Clause 5 is applied through a riskmanagement plan at all relevant levels and functions of the organization aspart of its practices and processes.
Risk Management Process
Achieveme
nt ofobjectives
Delay
Create
Enhanc
e
Prevent
Acceler
ate
Degra
de
8/17/2019 Final Risk Management Manual Edition 1
28/46
- 27 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Management process
1 Risk identification Create risk managementinfrastructure for the organization.
Define business risk management. Review stated business goals. Identify and define
customer/stakeholders/interestedparties and their association it goals.
Identify and define impliedexpectations.
Identify potential risks in thebusiness.
2 Risk assessment Transform risk data into decision-making information.
For each risk, describe likely impactsand the effect on business goals. Estimate risk probabilities. Identify risks to be escalated /
delegated within the organization. Identify risks to be transferred outside
the organization. Rank the retained risks based on
their probability /impact scores.
3 Risk treatment Identify owners for retained risks.
Translate risk information intodecisions and present and futuremitigating actions.
Plan controlling actions for the mostsignificant risks.
Prioritize controlling actions based onthe impact on reducing risks.
Integrate risk planning with technical,commercial and financial proposals.
4 Monitoring Monitor business risk indicators.
Correct for deviations from the plans. Implement selected controlling
actions. Monitor effectiveness of controlling
actions. Report on retained risks.
5 Counter measure Monitor effectiveness of controllingactions.
Capture results of risk managementprogram.
Use information to learn from
experience.
8/17/2019 Final Risk Management Manual Edition 1
29/46
- 28 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
4.5 Monitoring And Review Of The Framework
In order to ensure that risk management is effective and continues to supportorganizational performance, Exide has
o Measure risk management performance against indicators, which areperiodically reviewed by executive committee and the managing board.
o Executives committee will periodic review in Quarterly basis andmanaging board in Half yearly basis to check effectiveness,
o Periodically review whether the risk management framework, policy andplan are still appropriate, given the organizations' external and internalcontext;
o Report in form of audit report and VCS on risk, progress with the riskmanagement plan and how well the risk management policy is beingfollowed; and
o Review the effectiveness of the risk management framework.
4.6 Continual Improvement Of The Framework
Based on results of monitoring and reviews, managing board will takedecisions on how the risk management framework, policy and plan can beimproved. These decisions will lead to improvements in the organization'smanagement of risk and its risk management culture.
8/17/2019 Final Risk Management Manual Edition 1
30/46
- 29 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
5. Process
5.1 General
Exide has identified its risk management process as:
o An integral part of management,o Embedded in the culture and practices, ando Tailored to the business processes of the organization.
It comprises the activities described in 5.2 to 5.6. The risk management
process is shown in Figure 3.
5.2 Communication And Consultation
Exide has identified a process of communication and consultation withexternal and internal stakeholders during all stages of the risk managementprocess.
Plans for communication and consultation have been developed at an earlystage. These plan address issues relating to the risk itself, its causes, itsconsequences, and the action being taken to treat it. Effective external andinternal communication and consultation are in place to ensure that thoseaccountable for implementing the risk management process and stakeholdersunderstand the basis on which decisions are made.
8/17/2019 Final Risk Management Manual Edition 1
31/46
- 30 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
The Executive committee approach will:o Help establish the context appropriately;o Ensure that the interests of stakeholders are understood and
considered;o Help ensure that risks are adequately identified;o Bring different areas of expertise together for analyzing risks;o Ensure that different views are appropriately considered when defining
risk criteria and in evaluating risks;o Secure endorsement and support for a treatment plan;o Enhance appropriate change management during the risk management
process; ando Develop an appropriate external and internal communication and
consultation plan.Exide has developed activity for effective communication and consultation withstakeholders to make judgements about risk based on their perceptions ofrisk. The decision will vary due to differences in values, needs, assumptions,concepts and concerns of stakeholders. As their views can have a significantimpact on the decisions made, the stakeholders' perceptions will be identified,recorded, and taken into account in the decision making process.Communication and consultation will facilitate truthful, relevant, accurate andunderstandable exchanges of information, taking into account confidential andpersonal integrity aspects.
5.3 Establishing The Context
5.3.1 General
By establishing the context, the organization articulates its objectives, definesthe external and internal parameters to be taken into account when managingrisk, and sets the scope and risk criteria for the remaining process. Whilemany of these parameters are similar to those considered in the design of therisk management framework (see 4.3.1).
5.3.2 Establishing The External Context
Exide has external context in which the organization seeks to achieve itsobjectives. Exide understands important in order to ensure that the objectivesand concerns of external stakeholders are considered when developing riskcriteria. It is based on the organization-wide context, but with specific details oflegal and regulatory requirements, stakeholder perceptions and other aspectsof risks specific to the scope of the risk management process.Exide has identified external context but is not limited to:
o The social and cultural, political, legal, regulatory, financial,technological, economic, natural and competitive environment, whether
international, national, regional or local;
8/17/2019 Final Risk Management Manual Edition 1
32/46
- 31 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o Key drivers and trends having impact on the objectives of theorganization; and
o Relationships with, perceptions and values of external stakeholders.
5.3.3 Establishing The Internal Context
The internal context is the internal environment in which the Exide seeks toachieve its objectives. The risk management process had been aligned withthe Exide culture, processes, structure and strategy. Internal context isconsidered that can influence the way in which an organization will managerisk.It has been established concerning:
risk management in the context of the objectives of the organization;
Objectives and criteria of a particular project, process or activity are in-lined with the objectives of the organization.
Exide has identified its internal context but is not limited to:
o Governance, organizational structure, roles and accountabilities;o Policies, objectives, and the strategies that are in place to achieve
them;o Capabilities, understood in terms of resources and knowledge (e.g.
capital, time, people, processes, systems and technologies);o
The relationships with and perceptions and values of internalstakeholders;o The organization's culture;o Information systems, information flows and decision making processes
(both formal and informal);o Standards, guidelines and models adopted by the organization; ando Form and extent of contractual relationships.
5.3.4 Establishing The Context Of The Risk Management Process
Exide has identified objectives, strategies, scope and parameters of theprocesses, where the risk management process is being applied. Themanagement of risk will be undertaken with full consideration of the need to justify the resources used in carrying out risk management. The resourcedefines responsibilities and authorities, and the records to be kept in a riskmanagement register. The contexts of the risk management process aredefined as follows.
8/17/2019 Final Risk Management Manual Edition 1
33/46
- 32 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Register
Risk Identification Risk Assessment
R i s k N u m b e r
D a t e I d e n t i f i e d
r t c a u c c e s s
F a c t o r
R i s k D e s c r i p t i o n
C a u s e
C o n s e q u e n c e
P r o b a b i l i t y
I m p a c t
R i s k S c o r e
R i s k R a n k i n g
R i s k L e v e l - L . M . H
C u r r e n t C o n t r o l s
R i s k T r e a t m e n t
M e t h o d
It has involve following aspects:o Defining the goals and objectives of the risk management activities;
o Defining responsibilities for and within the risk management process;o Defining the activity, process, function, project, product, service or asset
in terms of time and location;o Defining the risk assessment methodologies;o Defining the way performance and effectiveness is evaluated in the
management of risk (As defined above in risk analysis);o Identifying and specifying the decisions that have to be made; ando Identifying, scoping or framing studies needed, their extent and
objectives, and the resources required for such studies. Attention to these and other relevant factors should help ensure that the risk
management approach adopted is appropriate to the circumstances, to theorganization and to the risks affecting the achievement of its objectives.
5.3.5 Defining Risk Criteria
Exide has define criteria to be used to evaluate the significance of risk. Thecriteria will reflect the organization's values, objectives and resources. Some
of the criteria are imposed by, or derived from, legal and regulatoryrequirements and other requirements to which the organization subscribes.Risk criteria are in-lined with the organization's risk management policy (see4.3.2), be defined at the beginning of any risk management process and becontinually reviewed.When defining risk criteria (Refer 4.4.1), factors to be considered shouldinclude the following:
8/17/2019 Final Risk Management Manual Edition 1
34/46
- 33 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Analysis
The Process to comprehend the nature and level of risk, this involves
consideration of Causes & Sources of Risk, their impact/consequences, and
likelihood.
5.4.1 General
Risk assessment is the overall process of risk identification, risk analysis and
risk evaluation.
5.4.2 Risk Identification
Exide will identify:o sources of risk,o areas of impacts,o events (including changes in circumstances) ando their causes and their potential consequences.
The aim of this step is to generate a comprehensive list of risks based on
those events that will create, enhance, prevent, degrade, accelerate or delaythe achievement of objectives. It is important to identify the risks associatedwith not pursuing an opportunity. Comprehensive identification is critical,because a risk that is not identified at this stage will not be included in furtheranalysis.
o Identification will include risks whether or not their source is under thecontrol of the organization, even though the risk source or cause maynot be evident.
o Risk identification will include examination of the knock-on effects of
particular consequences, including cascade and cumulative effects.o It will also consider a wide range of consequences even if the risk
source or cause may not be evident.o As well as identifying what might happen, it is necessary to consider
possible causes and scenarios that show what consequences canoccur.
o All significant causes and consequences will be considered andrecorded into risk register.
8/17/2019 Final Risk Management Manual Edition 1
35/46
- 34 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
5.4.3 Risk Analysis
o Risk analysis involves developing an understanding of the risk.o Risk analysis provides an input to risk evaluation and to decisions on
whether risks need to be treated, and on the most appropriate risktreatment strategies and methods.
o Risk analysis will also provide an input into making decisions wherechoices must be made and the options involve different types and levelsof risk.
o Risk analysis involves consideration of the causes and sources of risk,their positive and negative consequences, and the likelihood that thoseconsequences will occur.
o Factors that affect consequences and likelihood should be identified.o Risk is analyzed by determining consequences and their likelihood, and
other attributes of the risk.o A project will have multiple consequences and can affect multiple
objectives. Existing controls and their effectiveness and efficiencyshould also be taken into account.
o The activity in which consequences and likelihood are expressed andthe process in which they are combined to determine a level of riskmust reflect the type of risk, the information available and the purposefor which the risk assessment output is to be used.
o It is also important to consider the interdependence of different risksand their sources.
o The confidence in determination of the level of risk and its sensitivity topreconditions and assumptions should be considered in the analysis,and communicated effectively to decision makers and stakeholders.
o Factors such as divergence of opinion among experts, uncertainty,availability, quality, quantity and ongoing relevance of information, orlimitations on modelling should be stated and can be highlighted.
o Risk analysis must be undertaken with varying degrees of detail,depending on the risk, the purpose of the analysis, and the information,data and resources available.
o Consequences and their likelihood can be determined by modelling the
outcomes of an event or set of events, or by extrapolation fromexperimental studies or from available data.o Consequences will be expressed in terms of tangible and intangible
impacts. More than one numerical value or descriptor is required tospecify consequences and their likelihood for different times, places,groups or situations.
8/17/2019 Final Risk Management Manual Edition 1
36/46
- 35 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Assessment- Impact
The impact of a risk shall be assessed, as per criteria given below
Impact Rating Criteria
Very Low 1 Likely to have very minor impact in one area
Low 2 Likely to have minor impact in many areas
Medium 3 Likely to have major impact in one area
High 4 Likely to have major impact in many areas
Very High 5 Likely to have major impact in whole Exide
Risk Assessment- Probability
The identified risks shall be assessed, for their likelihood (Probability) as per
given criteria in table
Probability Rating Assessment Criteria
Very Low 1 Extremely unlikely, virtually impossible (0-5% chance)
Low 2 Low but not impossible ( 6-20% chance)
Medium 3 Fairly likely to occur ( 21-50% chance)
High 4 Most likely to occur (51-80% chance)
Very High 5 Almost certain, will occur ( 81-100% chance)
5.4.4 Risk Evaluation
o Exide has identified a process of risk evaluation is to assist in makingdecisions, based on the outcomes of risk analysis, about which risksneed treatment and the priority for treatment implementation.
o Risk evaluation involves comparing the level of risk found during theanalysis process with risk criteria established when the context wasconsidered. Based on this comparison, the need for treatment can beconsidered.
o Decisions will take account of the wider context of the risk and includeconsideration of the tolerance.
8/17/2019 Final Risk Management Manual Edition 1
37/46
- 36 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o The risk evaluation can lead to a decision to undertake further analysis.o The risk evaluation can also lead to a decision not to treat the risk in
any way other than maintaining existing controls.o This decision will be influenced by the organization's risk attitude and
the risk criteria that have been established.
Risk Evaluation Matrix
Probability
Very Low
( 1)
Low (
2)
Medium
( 3)
High
(4)
Very High
(5)
5 10 15 20 25 Very High
(5)
I m p a c
t
4 8 12 16 20 High (4)
3 6 9 12 15 Medium(3)
2 4 6 8 10 Low (2)
1 2 3 4 5 Very Low(1)
Criteria Condition
Very High Major Impact at organization level posing direct threat to businessHigh Major impact due to disruption of processes in many areas
Medium Major impact due to disruption of site specific process
Low Minor impact due to disruption of activities at multiple sites
Very Low Minor impact due to disruption of activities at multiple sites
8/17/2019 Final Risk Management Manual Edition 1
38/46
- 37 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Corporate Risk Register
The Exide has appointed a competent person to comprehensively review the
risks identified by process heads, review its comprehensiveness, interactions,
linkages and identify the critical risks that company is exposed to. This is
documented as Corporate Risk Register.
Following steps have been followed to prepare the corporate risk register
o Training, understanding of framework to all the process heads
o The identification of risks along with process heads following analysis &
evaluation criteria established
o Filtration of high impact risks as an input to corporate risk register
o Additional risks which might have not been covered, inter functional
nature of riskso Preparation of draft corporate risk register
o Review of draft corporate risk register by EXCOM and identification of
additional risks in half yearly basis.
o Incorporation of EXCOM input and concluding final risk register.
o Taking input for risk criticality rating ( Scale 1- 5, 5 being highly critical)
from EXCOM and key leadership positions having insight to external
and internal business environment.
o Declaration of Final “Corporate Risk Register “.
o EXCOM will decide wither the risk has to be discussed in board meeting
based on the criticality of risk.
o Repeat this cycle on annual frequency.
5.5 Risk Treatment
5.5.1 General
Risk treatment involves selecting one or more options for modifying risks, andimplementing those options. Once implemented, treatments provide or modifythe controls.Risk treatment involves a cyclical process of:
o Assessing a risk treatment;o Deciding whether residual risk levels are tolerable;o If not tolerable, generating a new risk treatment; ando Assessing the effectiveness of that treatment.
Risk treatment options are not necessarily mutually exclusive or appropriate inall circumstances. The options can include the following:
o Avoiding the risk by deciding not to start or continue with the activity thatgives rise to the risk;
8/17/2019 Final Risk Management Manual Edition 1
39/46
- 38 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
o Taking or increasing the risk in order to pursue an opportunity;o Removing the risk source;o Changing the likelihood;o Changing the consequences;o Sharing the risk with another party or parties (including contracts and
risk financing); ando Retaining the risk by informed decision.
5.5.3 Preparing And Implementing Risk Treatment Plans
Exide has identified as risk treatment plans is to 5W1H & 3W1H record.The information provided in treatment plan includes:
o The reasons for selection of treatment options, including expectedobjective to be gained;
o Proposed actions;o Resource requirements including contingencies;o Performance measures and constraints;o Reporting and monitoring requirements; ando Timing and schedule.
Action plans will be integrated with the management processes of theorganization and discussed with appropriate stakeholders. Decision makersand other stakeholders will be aware of the nature and extent of the residualrisk after risk treatment in. The residual risk will be documented and subjectedto monitoring, review and, where appropriate, further treatment.
Corporate risk treatment plan will be prepared by cross functional team
depending on the scope of risks. Following steps shall be followed for
treatment of corporate risks. The CFT shall be appointed by EXCOM.
o Risk treatment planning shall be done by appointed CFTs. The CFT
shall be doing the necessary preparatory action towards this planning,
including availability of relevant information, estimation etc.
o The CFT shall present the planned treatment action to ExecutiveCommittee for necessary input towards comprehensiveness of plan.
o The necessary resource approval shall be done for treatment actions.
o The each planned action shall have clearly defined responsibility with
time line as per 5W1H format.
o The CFT shall meet on monthly frequency, and review the progress of
plan. The gap shall be identified in 3W1H formats.
o The CFT shall monitor the respective KPIs against plan.
o Monthly MIS shall be prepared and communicated to compliance
officer.
8/17/2019 Final Risk Management Manual Edition 1
40/46
- 39 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
5.6 Monitoring And Review
Both monitoring and review will be a planned part of the risk managementprocess and involve regular checked in for of audit (Frequency: half yearly). And Risk management System audit in annual basis.
It will be reviewed every quarter by the executive committee. The monitoringand review processes will encompass all aspects of the risk managementprocess for the purposes of:
o ensuring that controls are effective and efficient in both design andoperation;
o obtaining further information to improve risk assessment;o analyzing and learning lessons from events (including near-misses),
changes, trends, successes and failures;o detecting changes in the external and internal context, including
changes to risk criteria and the risk itself which will be require revisionof risk treatments and priorities; and
o Identifying emerging risks.Progress in implementing risk treatment plans provides a performancemeasure. The results will be incorporated into the organization's overallperformance management, measurement and external and internal reportingactivities in for of audit.The results of monitoring and review will be recorded and internally reportedto executive committee, and will also be used as an input to the review of therisk management framework (see 4.5).
5.7 Recording The Risk Management Process
o Record of risk management will be maintained in for of risk register &corporate risk register for the retention period of 3 years. The custody ofthe record will be with compliance officer.
o MIS for KPI’s will be retained for 12months trend.
8/17/2019 Final Risk Management Manual Edition 1
41/46
- 40 - | P a g e T o t a l Q u a l i t y M a n a g e m e n t
8/17/2019 Final Risk Management Manual Edition 1
42/46
41 | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Company Level Goal & Critical Success Factors
C o m p a n
y l e v e l G o a l
S t r a t e g i c
/ O p e r a t i o n a l
S B U L
e v e l G o a l
C r i t i c a l S u
c c e s s F a c t o r
K e y P e
r f o r m a n c e
I n d
i c a t o r
U n i t o f M
e a s u r e m e n t
2 0 1 2 -
1 3 A c t u a l
2 0
1 3 - 1 4
A
c t u a l
2 0
1 4 - 1 5
A
c t u a l
I n d u s t r y b e s t
B
e n c h
m
a r k
N a m e o f
B e n c h M a r k
O r g a
n i s a t i o n
T a r g e t f o r 2 0 1 5 - 1 6
T a r g e t f o r 2 0 1 6 - 1 7
T a r g e t f o r 2 0 1 7 - 1 8
R e m a r k s
8/17/2019 Final Risk Management Manual Edition 1
43/46
42 | P a g e T o t a l Q u a l i t y M a n a g e m e n t
8/17/2019 Final Risk Management Manual Edition 1
44/46
43 | P a g e T o t a l Q u a l i t y M a n a g e m e n t
Risk Register
Risk Identification Risk Assessment
R i s k N o .
D a t e I d e n t i f i e d
C r i t i c a l S u c c e
s s F a c t o r
R i s k D e s c r i p t i o n
C a u s e
C o n s e q u e n c e
P r o b a b i l i t y
I m p a c t
R i s k S c o r e
R i s k R a n k i n g
R i s k L e v e l - L . M
. H
C u r r e n t C o n t r
o l s
R i s k T r e a t m e n t M e t h o d
8/17/2019 Final Risk Management Manual Edition 1
45/46
44 | P a g e T o t a l Q u a l i t y M a n a g e m e n t
RISK TREATMENT
Dept. Risk No. Risk Rank.
Critical SuccessFactor
KPI
Risk Description
Project LeaderTeam members
Current State
Target
Problem definition
Root causes
5W1H
S. No. What
When
Where Who Why HowStart Date End Date
8/17/2019 Final Risk Management Manual Edition 1
46/46
Counter Measure/ 3W1H
S. No. What When Who How