2. Strategy and progress
  3. Risk management

Risk management

Navigating challenges with foresight

At SCL, we realise the need to better understand, anticipate and mitigate business risks to minimise their frequency and impact. As we contend with the new responsibility for risk management, we seek greater assurance that there is a system in place, with well-documented, effective mitigation plans and accountability. This provides relevant information for decision making to relevant personnel in a timely manner.

A robust risk management framework has therefore been developed, which is benchmarked with the leading global risk management standards and available guidance. In doing so, the focus has been to have a simple and practical framework that:

  1. Allows a clear and concise view of risks
  2. Prioritises Risks that Matter (RTM), i.e., the Top 10 risks
  3. Puts in place appropriate mitigation plans to manage RTM

This framework will continue to evolve and mature as risk management is implemented in the organisation. It is expected to be reviewed and amended on a regular basis, preferably on an annual basis, to ensure its ongoing relevance and viability.

Guiding principles for risk management

At SCL, we maintain a principles-based attitude to risk management. These principles ensure that our risk management is:

  1. Shareholder value based: Risk management will be focused on sustaining the creation of shareholder value and protecting the same against erosion.
  2. Embedded: Risk management will be embedded in existing business processes to facilitate management of risks across processes on an ongoing basis.
  3. Supported and assured: Risk management will provide support in establishing appropriate processes to manage current risks appropriately and assure the relevant stakeholders over the effectiveness of these processes.
  4. Reviewed: The effectiveness of the risk management programme will be reviewed on a regular basis to ensure its relevance in a dynamic business environment.

Our risk team and reporting structure

Our approach to risk management

We have adopted a top-down approach for identifying and managing risks at the overall entity level. In the top-down approach, the principal challenges impacting the achievement of the organisational objectives have been articulated. Accordingly, the risk library comprises key strategic and business risks applicable. Initially, mitigation plans would be drawn up only for RTM, which would then be extended to all the risks identified over a period of time.

We have formed a Risk Team, headed by the CEO/CFO and comprising all heads of processes together with the Company Secretary. The Team reviews the day-to-day risks of the organisation. It also conducts a Risk Review Meeting once a quarter to analyse the effectiveness of risk mitigation plans and the new set of risks identified and their mitigation strategy.

A report on the status of remediation plans and the current RTM is presented to the Audit Committee every quarter. An annual status of risk management, along with the status of risk remediation plans, shall also be presented to the Board of Directors by the CEO/CFO on an annual basis.

Risk management process

Effective risk management process requires consistent assessment, mitigation, monitoring and reporting of risk issues across the full breadth of the enterprise.

Risk classification framework

Our risk classification framework categorises risks into four major types, under which they are monitored and managed.

Essential to this process is a well-defined methodology for determining corporate direction and objectives. At SCL, this entire process is aligned with annual budgeting processes and each business function would be required to present the results of the risk management exercise as a part of their respective budget presentation.

Our risk management process consists of three broad steps:

  1. Risk assessment and reporting
  2. Risk mitigation
  3. Risk monitoring and assurance

Each step has its own detailed sub-steps that ensure that risk management is methodically undertaken, and regularly reviewed and improved upon.

STRATEGIC RISKS

The strategic focus of the organisation is driven by stakeholder expectations, industry outlook, market dynamics and the way the organisation is governed and guided. This category covers the risks that may impact the strategic focus and future of the organisation.

Stakeholders

The stakeholders of an organisation usually comprise its shareholders, customers, suppliers, business partners, the community in which it operates and the government (including regulatory bodies). This category, therefore, covers the risks relating to shareholder confidence, changes in government policies, over-dependencies on customers and suppliers and ineffective business partnerships.

Governance

Governance signifies the way an organisation is led and managed in the pursuit of its objectives. This category would cover risks, which may arise due to inappropriate strategic focus/direction or resource allocation, inadequacy of business monitoring, actions impacting the reputation of the Company or the improper/immoral conduct of employees.

Market structure

Market structure refers to the dynamics of the industry, country and economy in which the organisation operates. This category would include risks arising due to adverse changes in the economic, political, social or competitive environment in which the organisation operates as well as its ability to influence the market structure.

FINANCIAL RISKS

In pursuit of its objectives, a corporate raises and manages capital as well as protects its monetary resources. Financial risks include risks relating to the manner in which a corporate raises and manages its finances, plans its taxes and reduces uncertainty due to market movement of currency, interest rates and commodity prices. This category of risks also includes risks arising due to frauds and errors.

Capital structure

Capital signifies the monetary resources an organisation requires to sustain its operations and fuel its future expansion. This category would cover risks that may impact the organisation’s ability to acquire an appropriate and cost-effective mix of such resources in line with its requirements.

Liquidity and credit

Availability of funds for day-to-day operations is a key requirement for the smooth functioning of an organisation. This category would cover risks that may arise due to insufficient realisations and/or improper management of funds to further the current and future business objectives.

Market

Markets represent a buyer/seller network for the exchange of capital, credit and resources. This category would include risks emanating from adverse commodity price changes, exchange rate movements and interest rate change.

Fraud and error

A fraud involves the use of unjust or illegal means to gain financial advantage by intentional misstatements in, or omissions of amounts or disclosures from, an entity's accounting records or financial statements. It also includes actions, whether or not accompanied by misstatements of accounting records or financial statements, committed for personal gains. On the other hand, an error is an unintentional misrepresentation of facts. This category would cover risks that an organisation may face in the event of a fraud or error, with or without collusion with external parties.

Taxation

Tax, cess or duty is a compulsory charge levied on the income, sales, property, etc. of an organisation. This category covers risks emanating from an inefficient structuring of business transactions (within the constraints of the applicable rules and regulations) from a taxation perspective (both direct and indirect), which may result in excessive financial outgoes or benefits not being availed.

Exchange rate fluctuations

Company’s business activities inter-alia include import of materials such as coal and pet coke, and capital equipment such as machineries for mining, cement manufacturing, power generation plants, etc. which are linked to international prices and major international currencies. As a result, we are exposed to exchange rate fluctuations on imports and exports. The impact of these fluctuations on the Company’s profitability and finances is considered material.

OPERATIONAL RISKS

Operations refer to the activities of the organisation in harnessing its resources to execute its business model. This category of risks includes risks related to resources and processes, which come together to create products and services that satisfy customers and help achieve the organisation's quality, cost and time performance objectives.

Process

An organisation undertakes business processes to create products and services and deliver them to customers. This category includes those risks that arise due to inefficiencies in, or interruptions to, these processes.

Human resources

Employees and managers help manage the organisation, leverage its assets and operate its business processes. This category includes risks related to the inappropriateness of the organisation structure, inadequacies in training and development of employees, attrition, inadequate succession planning and lack of requisite knowledge, skills and attitude in the employees which may impact the successful execution of the organisation’s business model and achievement of critical business objectives.

Assets

The assets of the organisation are the physical and intellectual resources available to it, which facilitate its business processes in the achievement of its objectives. This category includes risks that have an impact on the availability and value of the organisation’s assets, including plant, property and equipment, IT systems and intellectual property

Information and knowledge

In the course of business operations, an organisation captures information and creates knowledge. Knowledge and informational risks are those that arise due to inefficient capturing, utilisation and protection of knowledge.

Crisis

Crisis emanating from natural calamities or manmade disasters is inherent in the business. Crisis risks cover risks that arise due to earthquake, floods, drought, terrorism, hostile community action and similar events as well as factors such as sabotage by employees, hostile government action and their implications resulting in business discontinuity, disruption of operations, loss of valuable customers, etc.

LEGAL AND COMPLIANCE RISKS

The organisation operates in a legal and regulatory framework that imposes certain obligations on it and helps protects its rights. This category of risks includes risks that arise when an organisation is unable to fulfil its legal obligations or protect its rights.

Legal

Legal risks arise when an organisation does not comply with its enforceable commitments to counterparties or is unable to enforce its rights against counterparties. These risks would include exposure of the organisation to litigation or its inability to protect its rights through litigation. It will also include exposure on account of inadequate representations and warranties from third parties for fulfilling their obligations arising out of the legal agreements entered into with them.

Regulatory

Regulatory risks are those that arise on account of regulations imposed by the government which may affect the organisation's competitive position or its capacity to efficiently conduct business. This category also includes the risks of penalties and prosecution, which may arise on regulatory non-compliance.

Previous Page
Back To Home
Next Page