/ Corporate Governance
Preamble
Risk Management is a key aspect of the “Corporate Governance Principles and Code of Conduct” which aims to improvise the governance practices across the Company’s activities. Risk management policy and processes enable the Company to proactively manage uncertainty and changes in the internal and external environment to limit negative impacts and capitalize on opportunities.
The Company recognizes risk management as an integral component of good corporate governance and fundamental in achieving its strategic and operational objectives. It improves decision-making, defines opportunities and mitigates material risk that may impact shareholder value.
Scope of Policy
This policy contemplates to cover all locations/verticals and applies to all employees, whether full time, part time or casual at any level of seniority with in the business. The policy also applies to contractors and consultant working on behalf of Pennar Industries Limited.
Risk Management Framework
The risk management framework within Company is working on followings two stages:
1. Identification of Risk and their contributing factors: Various risk facing the business into the following broad categories with examples:
2. Response against Identified Risk (Mitigation Steps): The Company believes that the Risk cannot be eliminated. However, it can be:
3. The risk management process entails:
4. Assessment and review of Risk:
Internal auditor of the company also plays a crucial role in assessment/review of overall control environment as he/she is also responsible for overseeing and managing compliance within the organization and ensuring that the company and its employees are complying with regulatory requirement and internal policies & procedure. He/she has to provide reasonable assurance to Senior Management and the Board of Directors that there are effective and efficient policies and procedures in place, well understood and respected by all employees, and that the company is complying with all regulatory requirement. The combination of policies and process as outlined above adequately addresses various risks associated with company’s businesses. The senior management of the Company periodically reviews the risk management’s framework so as to effectively address the emerging challenges in a dynamic business environment.
5. Risk Management Policy
Management is responsible for ensuring that risk are identified, analyzed, evaluated and mitigated at regular interval. Process owner shall be responsible for implementation of the risk management system as may be applicable to their respective areas of functioning. However Internal Auditor shall be responsible for all communication between management and board regarding risk identification, analyses, evaluation and mitigation plan.
The Board is ultimately responsible for identifying and assessing internal and external risk that may impact the Company in achieving its strategic objectives. The board is also responsible for reviewing and approving the risk management framework and risk appetite on an annual basis.
The internal audit program is aligned to the company’s risk profile and is responsible for providing independent assurance in relation to the effectiveness of processes to manage particular areas of risk. The scope of internal audit’s risk based program is agreed to as part of an annual plan which is refined as required from time to time.