Risk Management Policy
The Company Secretary informed the Board that though the Risk Management Committee need not be constituted by the Company as it applies as on date only to the top 1000 listed companies, the Company should implement a risk management policy for identifying the elements of risk, if any, which in the opinion of the Board may threaten the existence of the Company.
The Risk Management Policy so framed in line with the Company’s objective has to increase the stakeholder value and should attempt to identify the key events/risks impacting the business objectives of the Company and attempts to develop risk policies and strategies to ensure timely evaluation and reporting.
The detailed Risk Management Policy approved by the Management and Board applicable to all the employees and workmen is outlined below and adopted by the Company.
This Risk Management Policy (hereinafter referred to as “Policy”) lays down the risk management mechanism for all employees and workmen (“Employees”) of Switching Technologies Gunther Limited (hereinafter referred to as “Company”). Accordingly, the Company considers ongoing risk management to be a core component of the management of the Company and further understands that the Company’s ability to identify and address risk is pivotal to accomplishing its business objectives.
This Policy outlines the program implemented by the Company to ensure appropriate risk management within its business structure.
1. INTRODUCTION
1.1 Risks are an inherent aspect of the dynamic business environment. Risk is an event or condition that may occur and whose occurrence, if does take place, has a harmful or negative impact on the achievement of the Company’s business objectives.
1.2 Risk management is a key aspect of corporate governance principles and code of conduct which aims to improvise the governance practices and mitigate the risks across the business activities of any organization. In furtherance, risk management is a process defined as the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
1.3 A risk management policy facilitates organizations to put in place effective frameworks for taking informed assessments about Risks. In order to minimize adverse consequence of Risks on business objectives, the Company has outlined this Policy. Risks can be threats or opportunities and a failure to manage them is a significant danger to the Company’s survival and growth. The purpose of this Policy is also to communicate to its Employees the Company’s standard and orderly approach to managing Risks.
2. LEGAL FRAMEWORK
2.1 This Policy is formulated in compliance with Regulation 17(9)(b) of Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 which requires the Company to lay down procedures about Risk assessment and Risk minimization encapsulated as follows:
- (a) The board of the Company shall form a risk management committee which shall periodically review this Policy in order for the management to control the Risk through a properly defined network. The board of directors may reconstitute the composition of the risk management committee, as it may deem fit from time to time.
- (b) The responsibility for identification, assessment, management and reporting of risks and opportunities will primarily rest with the management of the Company since they are best positioned to identify the opportunities and risk they face, evaluate, and manage them on a day-to-day basis.
2.2 In furtherance to the above, Section 134(3) of the Companies Act, 2013 (“Act”) also states that the board of directors of the Company shall include a statement in its board report that the company has developed and implemented a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the Company.
3. OBJECTIVES OF THE POLICY
The key objective of this Policy is to ensure sustainable business growth with stability and establish a structured approach to risk management for the Company. This would include the process of development and periodic review to guide decisions on business risk issues. This would therefore promote a proactive approach in analysis, reporting and mitigation of key risks associated with the business to ensure viable business development.
The specific objectives of this Policy are:
- (a) to establish a risk management framework for the Company;
- (b) to motivate Employees for taking responsibilities to adhere to the risk management framework set-up by the Company and to embed risk management as an integral part of the business;
- (c) to assist the management of the Company to explicitly take account of uncertainty, the nature of that uncertainty and subsequently work towards a solution to address the uncertainty;
- (d) to ensure that all current and expected risk exposures of the Company are identified, qualitatively and quantitatively evaluated, analyzed and appropriately managed;
- (e) to enable compliance with the relevant legal and regulatory requirements; and
- (f) to assure demonstrable achievement of objectives and improvement of financial stability of the Company.
4. SCOPE AND EXTENT OF APPLICATION
4.1 This Policy covers all the events within and outside the Company which have an impact on the business of the Company. The Company recognizes its responsibility to manage risk in an effective and efficient manner as a fundamental component of business operations. The Company is committed to identifying and analyzing risks associated with activities and operations with the objective of maintaining a safe workplace, minimizing losses, maximizing opportunities, developing appropriate risk treatment alternatives, and informed decision making.
4.2 The Policy guidelines are formulated in the context of the present business profile, future growth objectives and new business endeavours or services that may be necessary to achieve the goals, emerging global standards and best practices amongst the comparable organizations.
5. OVERSIGHT AND MANAGEMENT
5.1 The Board of Directors of the Company (hereinafter referred as the “Board”), is responsible for review and ratification of the risk management structure, processes and guidelines which are developed and maintained by the Committee and senior management of the Company. The Committee/management may also refer specific concerns to the Board for final consideration and direction.
5.2 The day-to-day oversight and management of the Company’s risk management has been conferred upon the Risk Management Committee (referred as the “Risk Management Committee” or “Committee”), a Board nominated committee consisting of members of Board of Directors. The Committee is responsible for ensuring that the Company maintains effective risk management and internal control systems and processes and provides regular reports to the Board of Directors on the effectiveness of the risk management policy in identifying and addressing material business risks.
To accomplish this, the Risk Management Committee shall be accountable for:
- (a) managing and monitoring the implementation of action plans developed to address material business risks within the Company and its business units, and regularly reviewing the progress of action plans;
- (b) setting up of internal processes and systems to control the implementation of action plans;
- (c) regular monitoring and evaluation of performance of management in administration of risk;
- (d) providing management and the employees with necessary tools and resources to identify and manage risks;
- (e) regular reporting to the Board on the status of material business risks;
- (f) reviewing and surveilling information technology and cyber security risks that the Company is or may be exposed to, on a consistent basis; and
- (g) ensuring compliance with regulatory requirements and finest practices with respect to risk management.
The Committee shall provide oversight and will report to the board of directors who have the sole responsibility for overseeing all pertinent risks.
5.3 The Company’s senior management is responsible for design and implementation of risk management and internal control systems which identify material risks for the Company and aim to provide the Company with cautions before risks additionally deteriorate. The senior management must execute the action plans developed to direct towards material business risks across the Company and individual business units.
Senior management should regularly monitor and evaluate effectiveness of action plans and the performance of Employees to implement appropriate proposals. Additionally, the senior management in the Company should promote and monitor risk management within the Company and encourage compliance with the internal risk control systems by Employees.
5.4 Each Employee is responsible for implementation, management, and examination of action plans with regards the material business risks, as appropriate.
The reporting obligation of senior management and the Committee ensures that the Board is regularly notified of material risk management disputes and subsequent actions. This is supplemented by evaluating performance of risk management program, the Committee, the senior management, and Employees responsible for its implementation.
6. RISK MANAGEMENT PROCESS
Effective risk management process requires continuous and consistent assessment, mitigation, monitoring, and reporting of risk issues across the organization. Essential to this process is a well-defined methodology to determine corporate direction and objectives. Broadly categorizing, the process consists of the following stages:
6.1 Risk assessment (identification, analysis, and evaluation)
- (a) External and internal risk factors that must be managed are to be identified in the context of business objectives. To identify and assess material business risks, the Company defines risks and formulates risk profiles considering its industry plans and strategies. This involves providing an overview of each material risk assessing the risk level and preparing action plans to address and manage imminent risk. The Company majorly focuses on the following kinds of material risks: (a) all strategic and operational risks; (b) technological risks; (c) competition risks; (d) costs risks; (e) human resource risks; (f) legal and regulatory risks; (g) sustainability risks (particularly environment, safety, and governance related risks); and (h) other unforeseen risks.
- (b) The risk measurement approach includes assessment and reporting, risk control and capability development. On periodic basis, the external and internal risk factors assessment is carried out by the management across the Company. The risks are identified and formally reported through mechanisms like operation reviews and Committee meetings. Internal control is exercised through policies and systems to ensure timely availability of information to facilitate pro-active risk management.
- (c) The risk measurement in relation to this Policy imparts certain identifiable risks as follows:
-
- i. broad market trends and other factors beyond the control of the Company which significantly reduce demand for Company’s services and thereby harming its business, financial conditions and the outcome of operations;
- ii. failure in implementing Company’s current and future strategic plans;
-
- iii. impairment to the Company’s reputation;
-
- iv. the Company’s inablity to expand into new product lines or attracting new investors;
-
- v. its risk management techniques and insurance policies thereof not being effective or adequate;
-
- vi. fluctuations in interest rates;
-
- vii. changes in the government regulations and/or policies;
-
- viii. information security risks and cyber-attacks; and
- ix.any other pertinent risks affecting the Company’s business.
- (d) Risk analysis: Risk analysis involves (a) consideration of the causes and sources of risk; (b) the trigger events i.e., events that would lead to the occurrence of the risks; (c) the positive and negative consequences of the risk, and (d) the likelihood that those consequences can occur.
- (e) Risk evaluation: The purpose of risk evaluation is to assist in decision making, based on the outcomes of risk analysis whereby the risks needing treatment and the priority for treatment. This stage involves comparison of risk levels identified through the analysis process. The decisions shall be made in accordance with the legal and regulatory requirements.
6.2 Risk treatment and mitigation plan
Risk treatment involves process of assessment of risk treatment, followed by deciding whether the risk levels are tolerable, if not tolerable then there is a generation of a new risk treatment, and lastly assessment of effectiveness of that treatment. Based on the risk level, the Company thereby formulates its risk management strategy, a few of them are listed as follows:
- (a) Risk avoidance implies not to continue with the activity that gives rise to the identified risk; and/or
- (b) Risk reduction involves reducing the severity of the loss or likelihood of loss from occurring; and/or
- (c) Risk retention involves accepting the loss, or benefit of gain, from a risk when it occurs. Risk retention is a viable strategy where the cost of insuring against the risk would be greater over time than a total of losses sustainable. This strategy may be included for risks that are enormous whereby neither insurance is viable against the respective risks, nor premiums are feasible.
6.3 Monitoring and review
In order to ensure that risk management is effective and continues to support the Company’s performance, processes shall be established to:
- (a) measure performance of risk management against the key risk indicators, which are to be periodically reviewed for appropriateness;
- (b) measure progress against, and deviation from the risk management plan from time to time; and
- (c) report and evaluation on the progress and effectiveness of the risk management policy being followed.
Reporting is an integral aspect of the process of risk management. Results of risk assessment need to be reported to the Board by the Committee for review, inputs, and monitoring. The Board of the Company is responsible for managing risk on various parameters and ensure implementation of appropriate risk mitigation measures.
The Company regularly evaluates the effectiveness of its risk management plan to ensure that its internal control systems and the processes are monitored and updated on an ongoing basis. The division of accountability between the Board and the Committee seeks to ensure the specific responsibilities for risk management are distinctly communicated and understood by the Employees.
6.4 Communication and consultation
Communication and consultation of plans should be delivered inclusive of issues addressed in relation to the risk ascertained, its causes, its consequences (if any known), and the respective measures with regard the treatment of risk. Effective external and internal communication and consultation should take place to ensure that those accountable for implementation of risk management process and person concerned understand the basis of decisions and reasons therein.
7. RESPONSIBILITY, COMPLIANCE AND CONTROL
7.1 Each Employee of the Company is responsible for the effective management of risk including the identification of potential risks. The head of departments and other senior management persons in the Company at organizational levels under guidance of the Board/Committee are responsible for development of risk mitigation plans and the implementation of risk reduction strategies. Risk management processes should be integrated with other planning processes and management activities.
8. APPROVAL AND AMENDMENTS
8.1 Any amendment to this Policy will be done with the approval of the Board of the Company.
8.2 The Board shall have the right to withdraw and/or amend any part of this Policy or the entire Policy, as and when it deems necessary, and the decision of the Board in this respect shall be final and binding. Any amendment or modification in the applicable laws in this regard shall automatically apply to this Policy and shall be binding on the Employees of the Company.
8.3 The Board shall have discretion to deal with certain risks in the manner it may deem fit. Mitigation of such risks and effectiveness of their alleviation measures and review of the strategy may be promptly reviewed by the Board in consultation with the Committee. Disciplinary actions shall be initiated against the violation of this Policy or guidelines framed thereunder. Therefore, this Policy prescribes that violation of the provisions applicable to risk management framework are not to be jeopardized by the Company.
Policy for determining “Material” Subsidiaries – Not Applicable as the Company does not have any subsidiaries.