Draft Risk Management Policy NPCC

NATIONAL PROJECTS
CONSTRUCTION CORPORATION
LIMITED
(A GOVERNMENT OF INDIA ENTERPRISES)
PLOT NO. 67-68, SECTOR 25, FARIDABAD (HARYANA)
1
2
WHAT IS RISK AND WHY IT SHOULD BE MANAGED
Risk is inherent in all activities. It is a normal condition of existence. Risk is the
potential for a negative future reality that may or may not happen. Risk is defined by
two characteristics of a possible negative future event: probability of occurrence
(whether something will happen), and conseuences of occurrence (how
catastrophic if it happens). If the probability of occurrence is not known then one has
uncertainty, and the risk is undefined.
Risk is not a problem. It is an understanding of the level of threat due to potential
problems. ! problem is a conseuence that has already occurred.
In fact, knowledge of a risk is an opportunity to avoid a problem. Risk occurs whether
there is an attempt to manage it or not. Risk exists whether you acknowledge it,
whether you believe it, whether if it is written down, or whether you understand it.
Risk does not change "ust because it is contrary to policy, procedure, or regulation.
Risk is neither good nor bad. It is "ust how things are. Risk can arise from internal or
external sources and may include exposure to such things as economic or financial
loss or gain, physical damage, failure of a pro"ect to achieve its target, client
dissatisfaction, unfavourable publicity, and a threat to physical safety or breach of
security, mismanagement, failure of euipment or fraud.
#rogress and opportunity are companions of risk. In order to make progress, risks
must be understood, managed, and reduced to acceptable levels.
OBJECTIVE OF RISK MANAGEMENT POLICY
$very business has risk associated with it. $very decision taken has some
risk involved. %his is more so in the #ublic &ector which is currently changing rapidly
with more autonomy and more decision making delegated down the line. 'ence
there is a need to define the risks in the business, evaluate them and document their
possible impact. &uch evaluation of risks involved needs to be factored in while
taking the decision.
%he (inistry of )orporate !ffairs, *overnment of India has also accepted the
concept of Risk (anagement and its relevance to the smooth functioning of the
)orporate sector in India and has therefore introduced a specific provision on Risk
(anagement under paragraph (II) ()) of )orporate *overnance voluntary
guidelines, +,,-
%he ob"ective of the Risk (anagement #olicy is:
3
(a) %o define a framework for identification, evaluation and mitigation of risk
in the decision making process of the business of .#))/
(b) %o protect .#)) from those risks of significant likelihood and conseuence
in the pursuit of .#))0s stated strategic goals and ob"ectives/
(c) %o continuously monitor the effectiveness of the management of
risks having particular regard to failings1weaknesses reported/
(d) #rovide assistance to and improve the uality of decision making
throughout the organi2ation/
(e) %o identify and ensure delivery of effective risk management
training programmes.
(f) !ssist in safeguarding the )ompany0s property and reputation.
(g) %o continuously monitor and review risks and controls to cater for
external1internal changes.
RISK MANAGEMENT PROCESS
Definitions
!" Ris# 3 !n e v e n t wh i c h l e a d s t o a r a n g e o f
c o n s e u e n c e s with a negative impact on the attainment of
ualitative or uantitative business goals, and financial performance.
$" Ris# M!n!%e&ent ' It is a systematic application of (anagement #olicies,
procedures and practices to the task of identifying, analy2ing, assessing,
treating and monitoring of risks.
(" Ris# M!n!%e&ent P)o(ess ' %his pertains to the systematic application of
management policies, procedures and practices to the task of
establishing the context, identifying, analy2ing, evaluating, treating,
monitoring and communicating the risks.
*" Ris# St)!te%+ 4 )ompany0s outlook in dealing with various risks
associated with the business and includes company0s decision on
acceptance of risks, avoidance of risks, transfer of risks and its risks
tolerance level.
e" Ris# Assess&ent4 %he overall process of risk analysis and risk
evaluation.
f" Ris# Esti&!tion 4 %he process of uantification of risks.
%" Ris# Des()i,tion 4 ! comprehensive collection of information about risks
in a structured manner.
-" Ris# i*entifi(!tion' process of finding, recogni2ing and detailing risks.
4
i" Ris# Re%iste) 4 ! tool for recording of risks at various locations1levels in
a structured format.
i" Ris# O.ne)4 person or delegate with accountability authority to manage
risk.
RISK MANAGEMENT
Risk management is an organi2ed method for identifying and measuring risk and for
selecting, developing, and implementing options for the handling of risk. It is a
process, not a series of events. Risk management depends on risk management
planning, early identification and analysis of risks, continuous risk tracking and
reassessment, early implementation of corrective actions, communication,
documentation, and coordination. %hough there are many ways to structure risk
management.
!s per I&5 67 ,,, 8Ris# &!n!%e&ent ' P)in(i,/es !n* %0i*e/ines on
i&,/e&ent!tion9 divides risk management process into six steps: (7) identification,
(+) planning, (6) mapping out the social scope of the risk management, identifies
ob"ectives of the stakeholders, and the background of the risk will be assessed, (:)
defining the model for the following action due to risk identification, (;) analy2ing the
risk in an overall process, (<) reducing or taking any other solution to deal with the
risk regarding the situation and available resources. (I&5 +,,-)
TYPES OF RISKS
Risks can be categori2ed into following areas:
St)!te%i( Ris#s
%hese risks relate to the risks to agency=s direction, external environment and risks
to the achievement of its plans. &uch risks would relate to an assessment of the
impact of external environment such as:
> Impact of changes in government policies on the business environment
related to .#)) ?td
> #olitical risk which may arise due to change of governments in countries
where the pro"ects are being executed or even change in state or central
governments in India
> $nvironmental risks that may arise out of changes in environment or some
new rules being introduced that may have an adverse impact on the business
> .#))=s decisions on the impact of increase1decrease of competition.
• Impact of introduction of new technologies and new developments in contract
delivery
5
Co&&e)(i!/ Ris#s
%hese risks relate to various commercial risks which impact the business of the
corporation. %hese could be financial or contractual in nature such as:
> )urrency exchange fluctuation risk. %his could be a substantial risk if the
corporation has large exposure to overseas contracts.
> Inflation risk affects many contracts as the costs may escalate beyond our
estimates and adversely impact the profitability of a contract.
> ?iuidity risk, such as delays in payments or over expenditure in a contract,
which may result in affect the working capital reuirements.
> )redit risk needs to be considered if the corporation is financing any of the
activities of its associates or others where there is a possibility of a default.
> Risk of failure of a contractual relationship, where an associate may fail to
perform thereby adversely affecting the performance of the corporation.
O,e)!tion!/ Ris#s
%hese are risks which may arise while performing the core business of the
corporation. %hese risks would include:
> Risks in implementing pro"ects due to inadeuate human resources.
> (arket risks that may arise due to changes in market place, the demand
supply, new trends which may impact the pro"ects being undertaken.
> Risk of physical damage to assets or threats to physical safety.
> Risks of delays due to delays by vendors supplying goods1euipment.
> Risk of cost escalations or cost over runs.
Te(-ni(!/ Ris#s
Risks may be technical in nature such as:
> Risk of failure of euipment or risk in management of assets.
> Risk of obsolesce of some technologies currently used by the corporation
which may have an adverse impact on its business prospects or efficiencies.
Fin!n(i!/ )is#s
> Risks associated with financial controls.
> Risk of failure of system such as frauds.
Co&,/i!n(e )is#s
> $nvironmental risk while executing certain pro"ects and the risks of delay that
may be introduced if environmental clearance is delayed.
6
> !ny other risks due to the need to meet regulatory reuirements e.g. obtaining
completion certificates for the buildings etc.
RISK IDENTIFICATION
In the process of managing risk first step is to identify potential risks. Risks are about
events that, when triggered, cause problems or benefits. 'ence, risk identification
can start with the source of our problems and those of our competitors (benefit), or
with the problem itself.
• &ource analysis4 Risk sources may be internal or external to the system that is
the target of risk management (use mitigation instead of management since
by its own definition risk deals with factors of decision4making that cannot be
managed). %he ma"or risk sources of internal could be the employees of the
company and external could be the stakeholders.
• #roblem analysis 4 Risks are related to identified threats. @or example: the
threat of losing money, the threat of abuse of confidential information or the
threat of human errors, accidents and casualties. %he threats may exist with
various entities like shareholders, customers and legislative bodies such as
the government.
%he (ethod of identifying risks may depend on culture, industry practice and
compliance.
Co&&on )is# i*entifi(!tion &et-o*s
• 5b"ectives4based risk identification 4 5rgani2ations and pro"ect teams have
ob"ectives. !ny event that may endanger achieving an ob"ective partly or
completely is identified as risk.
• &cenario4based risk identification 4 In scenario analysis different scenarios are
created. %he scenarios may be the alternative ways to achieve an ob"ective,
or an analysis of the interaction of forces in future developments.
• %axonomy4based risk identification 4 %he taxonomy in taxonomy4based risk
identification is a breakdown of possible risk sources. Aased on the taxonomy
and knowledge of best practices, a uestionnaire is compiled. %he answers to
the uestions reveal risks.
• )ommon4risk checking 4 In several industries, lists with known risks are
available. $ach risk in the list can be checked for application to a particular
situation.
• Risk (apping1charting 4 %his method combines the above approaches by
listing resources at risk, threats to those resources, modifying factors which
may increase or decrease the risk and conseuences. )reating
a matrix under these headings enables a variety of approaches. 5ne can
7
begin with resources and consider the threats they are exposed to and the
conseuences of each.
! risk identification matrix is given in %able4I
Table – I: Risk Management Identifiati!n
AREAS O" IMPACT
ASSETS
R
E
#
E
N
U
E
C
O
S
T
P
E
O
P
L
E
C
O
M
M
U
N
I
T
$
P
E
R
"
O
R
M
A
N
C
E
T
I
M
I
N
%
E
N
#
I
R
O
M
E
N
T
I
N
T
A
N
%
I
&
L
E
O
R
%

C!mme'ial
and Legal
1 1 1 1 1
E!n!mi
1
()man
&e*a+i!)'
1 1 1 1
Nat)'al
Calminit,
1
P!litial -
Reg)lat!',
1 1
Te*n!l!g,
1 1 1
C!m.etiti!n
1 1 1 1 1
Management
Ati+it, -
C!nt'!l
1 1 1
Ann)al
Res)lts
1 1 1
RISK ASSESSMENT
5nce risks have been identified, they must then be assessed as to their potential
severity of impact (generally a negative impact, such as damage or loss) and to the
probability of occurrence. %hese uantities can be either simple to measure, in the
case of the value of a lost building, or impossible to know for sure in the case of the
probability of an unlikely event occurring. %herefore, in the assessment process it is
critical to make the best educated decisions in order to properly prioriti2e the
implementation of the risk management plan.
8
In Ris# !ssess&ent Quantitative risk assessment reuires calculations of two
components of risk (R):, the magnitude of the potential loss (L), and the
probability (p) that the loss will occur. A((e,t!$/e )is# is a risk that is understood
and tolerated usually because the cost or difficulty of implementing an effective
counter measure for the associated vulnerability exceeds the expectation of loss.
Rate (or probability) of occurrence multiplied by the impact of the event euals risk
magnitude.
%he above formula can also be re4written in terms of a )omposite Risk Index, as
follows:
Co&,osite Ris# In*e2 3 I&,!(t of Ris# e4ent 2 P)o$!$i/it+ of O((0))en(e
%he impact of the risk event is commonly assessed on a scale of 7 to ;, where 7 and
; represent the minimum and maximum possible impact of an occurrence of a risk
(usually in terms of financial losses). 'owever, the 7 to ; scale can be arbitrary and
need not be on a linear scale.
%he fundamental difficulty in risk assessment is determining the rate of occurrence
since statistical information is not available on all kinds of past incidents.
@urthermore, evaluating the severity of the conseuences (impact) is often uite
difficult for intangible assets. !fter all, probability does not imply certainty.
Bhile the severity of loss may be easy to measure and uantify, the probability of
occurrence may reuire educated guesses. 'owever, determining the probability of
occurrence is necessary to properly prioriti2e the implementation of risk
management plan.
%he table4II below gives the rating of C&everity of loss= (Impact) on ; point scale and
table4III gives the probability of occurrence (?ikelihood) also on a ; point scale.
Table – II: /)antitati+e Data and Risk E0.'essi!ns t! meas)'e 1Im.at2
LE#EL DESCRIPTOR E3AMPLE DETAIL DESCRIPTION
1. I!"#"$"%&' L() $"&%"&* *(!!, ( +"!,-.'"( '( %&.&/"*"'0, (
"1.&%' ( %(11-"'0 !'&+"#.
2. M"(, M2+"-1 $"&%"&* *(!!, 1"(, +"!,-.'"( '( %&.&/"*"'0,
1"(, "1.&%' ( %(11-"'0 !'&+"#.
3. M(+2,&'2 H"#4 $"&%"&* *(!!, !(12 (#("# +"!,-.'"( '(
%&.&/"*"'0 1(+2!' "1.&%' ( %(11-"'0 !'&+"#.
9
5. M&6(, M&6(, $"&%"&* *(!!, (#("# +"!,-.'"( '( %&.&/"*"'0,
1&6(, "1.&%' ( %(11-"'0 !'&+"#.
5. C&'&!',(.4"% M"!!"( %,"'"%&* $"&%"&* *(!!, .2,1&2' +"!,-.'"(
'( %&.&/"*"'0, &+ ,-"(-! "1.&%' ( %(11-"'0
Table – III: /)antitati+e Data and Risk E0.'essi!ns t! meas)'e
1Likeli*!!d2
LE#EL DESCRIPTOR E3AMPLE DETAIL DESCRIPTION
1. R&,2 M&0 (%%-, (*0 " 27%2.'"(&* %",%-1!'&%2!.
2. 8*"92*0 C(-*+ (%%-, &' !(12 '"12.
3. P(!!"/*2 M"#4' (%%-, &' !(12 '"12.
5. L"92*0 :"** .,(/&/*0 (%%-, " 1(!' %",%-1!'&%2!.
5. A*1(!' %2,'&" I! 27.2%'2+ '( (%%-, " 1(!' %",%-1!'&%2!
%he )omposite Index thus can take values ranging (typically) from 7 through +;, and
this range is usually arbitrarily divided into three sub4ranges. %he overall risk
assessment is then ?ow, (edium or 'igh, depending on the sub4range containing
the calculated value of the )omposite Index. @or instance, the three sub4ranges
could be defined as 7 to D, - to 7< and 7E to +;.
T-e Se4 e )it+ of Ris# (!n t-en $e *ete ) &ine* 0sin% t-e fo)&0/ ! 5
Potenti!/ se4e)it+ of /oss i&,!(t" 2 P)o$!$i/it+ of o((0))en(e /i#e/i-oo*" 3 Ris#
%he se4e)it+ of )is# can then be assessed as follows:
+; points F $: $xtreme Risk, Immediate !ction Reuired at highest level
+, points F ': 'igh Risk, !ttention of Aoard members and &enior (anagement
7; points F (: (oderate Risk, !ction by Gepartmental 'eads
7, points and belowF?: ?ow risk/ manage with routine procedures
@urther, both the above factors can change in magnitude depending on the
adeuacy of risk avoidance and prevention measures taken and due to changes in
the external business environment. 'ence it is absolutely necessary to periodically
re4assess risks and intensify1relax mitigation measures, or as necessary. )hanges in
procedures, technology, schedules, budgets, market conditions, political
environment, or other factors typically reuire re4assessment of risks.
%he following may be used to assist in making preliminary "udgments regarding risk
classifications:
10
Lo. Ris# Mo*e)!te Ris# Hi%- Ris#
Conse60en(es Insignificant cost,
schedule, or
technical impact
!ffects program
ob"ectives, cost, or
schedule/ however
cost, schedule,
performance are
achievable
&ignificant impact,
reuiring reserve
or alternate
courses of action
to recover
P)o$!$i/it+ of
O((0))en(e
?ittle or no
estimated
likelihood
#robability
sufficiently high to
be of concern
to management
'igh likelihood of
occurrence
E2tent of
De&onst)!tion
@ull4scale,
integrated
technology has
been
demonstrated
previously
'as been
demonstrated but
design changes,
tests in relevant
environments
reuired
&ignificant design
changes reuired
in order to achieve
reuired1 desired
results
E2isten(e of
C!,!$i/it+
)apability exists
in known
products/
reuires
integration into
new system
)apability exists,
but not at
performance levels
reuired for new
system
)apability does
not currently exist
11
ASSESSMENT OF RISK AND ITS TREATMENT PLAN
Gepending on the different types of risk in an organi2ation as detailed above, so
treat the same, using the different categories of risks. %reatment starts with
preparation of risk register having different types of risks elaboration, their identified
conseuence and with conseuence rating and likely hood rating on a five point
scale, to arrive at the severity of risk.
Ris# O,tions
5nce risks have been identified and assessed, all techniues to manage the risk fall
into one or more of following :% strategy, which are:
7. T)e!t Ris# in designing a new business process with adeuate built4in risk
control and containment measures from the start.
+. To/e)!te )is#s that are accepted in ongoing processes as a normal feature of
business operations and modify mitigation measures.
6. T)!nsfe) )is#s to an external agency (e.g. an insurance company1 out
sourcing)
:. Te)&in!te )is#s altogether (e.g. by closing down a particular high4risk
business area1 eliminate, withdraw from or not become involved)
T)e!t&ent of Ris#
MANAGEMENT
METHOD
OBJECTIVE FEATURES
%erminate Risk is eliminated or avoided
by changing the parameters
of the pro"ect
 (ay change the pro"ect plan to eliminate
conditions creating the risk (risky reuirement,
work scope, technology, or contractor) or
eliminate the risk entirely.
 (ay trade one risk for another lesser risk.
 If a lower risk option is available, revise
baseline to favor it.
 )heck that the lower risk is the better choice
considering the pro"ect as a whole.
12
%ransfer Risk remains viable but is
shifted to another pro"ect
or organi2ation.
5ften called risk allocation.
)annot completely 8transfer
risk9 or responsibility.
 If full transfer is not possible, consider a
partial shift e.g., insurances, performance
bond, #I, warranty, or
 contract guarantee.
 5ften, results in risk being shared between
pro"ect and others.
 5ften best with funding risks.
 (ust consider costs and benefits of
transfer. (ust ensure recipient is best
euipped and prepared to assume the
risk in whole or in part.
 Risk is not avoided. Recipient must be willing
to assume the risk, in whole or in part.
%reat Reduced likelihood and1or
conseuences of a risk
(preferably both) by
series of control actions.
 (ost common form of risk management.
 (ust systematically and carefully identify and
attack root causes of the risk.
 )ontrol actions are comprehensive and
feasible.
 $arly actions often reuired for success.
 !ctions can affect cost, scope, and schedule.
 )ost1benefit analysis can be useful in
selecting best )ontrol action.
%olerate Risk is recogni2ed and
simply taken on by the
pro"ect Residual risks
which are not
transferred.
Gevelop recovery plans for
residual risk.
 ?ast ʺ optionʺ for controlling a risk. .o
feasible means to mitigate or otherwise
control the risk is available.
 Aenefit is that no changes in pro"ect plans
are reuired to address the risk.
 &ometimes used when a compellingly large
reward could be gained by taking the risk.
 %ypically used for obdurate, distant, or
least‐predictable risk e.g. funding levels.
 Residual (remaining) risk is always
accepted.
 Reuires special diligence in monitoring,
because nothing was done to reduce the
risk.
 !lternative or acceptable f ʺ all‐backʺ
positions are especially crucial if the risk is
critical to pro"ect success.
 Borst case is pass ʺ ive acceptance, ʺ when
no fall‐back plans are considered.
RISK MANAGEMENT PLAN
13
&elect appropriate controls or countermeasures to measure each risk. Risk
mitigation needs to be approved by the appropriate level of management. @or
instance, a risk concerning the image of the organi2ation should have top
management decision behind it.
%he risk management plan should propose applicable and effective security controls
for managing the risks. It is "ust like high risk of computer viruses could be mitigated
by acuiring and implementing antivirus software. ! good risk management plan
should contain a schedule for control implementation and responsible persons for
those actions.
RISK MANAGEMENT DOCUMENTATION
%he Risk Register (as per format at Anne20)e' )will tracks and monitors the status
of all risks including probability and conseuence of each risk (pre and post‐
mitigation) and details on the risk control actions. %he Risk (anager is responsible
for identifying and assessing of risks. %his responsibility includes providing regular
re‐evaluation and a status update of risk entries in Risk Register. %he Risk
Register is a living document used for the .#)).
#ro"ect risks and the management actions to control them are reviewed and
updated periodically by Risk (anager, )hief Risk (anager and Aoard of Girectors
of .#)). .ew and imminent risks are added into the Register when identified.
Risks are closed when the risk is no longer credible or when the risk has been
reali2ed and no residual risk remains.
%he Risk (anager is responsible for maintenance of the Risk Register for ensuring
that )hief Risk (anager monitor and reassess risks regularly, and that the Risk
'andling #lans are being implemented in a timely and effective manner.
Items with risk hi gher severity level must be entered in the .#)) )ontingency
!nalysis, which is the product of the impact and the risk probability.
14
ANNEXURE-
Ris# Re%iste)
Function / Activity:
S7
No7
Ris# Des()i,tion T+,e of Ris# Ris# R!tin% Li#e/i-oo* Miti%!tin%
A(tion
Res,onsi$i/it+
@orce (a"eure &trategic ?ow
)ompetition 5perational (edium
$xchange
@luctuation
)ompliance 'igh
%ime H )ost
5ver run
@inancial Iery 'igh
Jncertain Beather
)onditions
$nvironmental
?abour Jnrest
.on4availability1
increase in price
of input.
Gefect in
designing
?oss of
experienced
manpower
Gelay in decision
making etc.
(Note: If Risk description is considered/not avaia!e sa"e "a# !e added$
D!te of Ris# Re4ie.5

Co&,/ete* $+5 D!te5
Re4ie.e* $+5 D!te5
15
ORGANISATIONAL STRUCTURE WITH RESPONSIBILITY AND
ACCOUNTABILITY FOR RISK MANAGEMENT5
In order that the risk management gets the priority it deserves, the policy needs to be
driven and implemented from the board level, with one of the directors being made in4
charge. %he )hairman and (anaging Girector, as authority to establish a risk
management system in the organi2ation, shall be designated as in4charge of Risk
(anagement.
! high level responsibility for Risk (anagement will provide the resources and
authority to mitigate risks effectively. Risk (anagement is not "ust a technical or
financial issue but is an organi2ational management issue.
! )hief Risk (anager ()R() needs to be appointed who will be responsible for
coordinating the development and maintenance of risk management policies,
procedures, standards and forms for the .#)). !ll '5Gs and Konal in4charges will be
Risk (anagers in respect of pro"ects1 works under their control.
%he )R( will ensure that the risk assessment process is performed at least once
annually and an update should be carried out. %he )R( will ensure that the
departmental heads are aware and in agreement with the risk assessment and risk
management plan and that they are aware of the risks of failure. %he )R( will report to
the )(G1 Aoard of Girector on the key risk areas every year and also outline the
mitigation measures undertaken.
RISK O RG A NISA T I ON CH ART
BOARD OF DIRECTORS
Chairman and Managing Directr
(*Support will be provided to CRM by a Risk Management Group to be established by the
CMD with detailed terms of reference
%&ief Risk 'ana(er)
Risk 'ana(ers
(*ona 'ana(ers$
Risk 'ana(ers
(+,-s at %.,.$
RISK MANAGEMENT AND STRATEGY ON'GOING
Risk management is simply a practice of systematically selecting cost4effective
approaches for minimising the effect of threat reali2ation to the organi2ation. !ll risks
can never be fully avoided or mitigated simply because of financial and practical
limitations. %herefore, all organi2ations have to accept some level of residual risks.
Bhereas risk management tends to be preemptive, strategy shall be adopted to deal
with the conseuences of realised residual risks. %he necessity to have strategy in
place arises because even very unlikely events will occur if given enough time. Risk
management also proposes applicable controls for the observed risks. %herefore, risk
management covers several areas that are vital for the strategy planning. 'owever, the
strategy process goes beyond risk management0s preemptive approach and assumes
that the disaster will happen at some point.
RISK COMMUNICATION
Risk communication is a complex cross4disciplinary academic field. #roblems for risk
communicators involve how to reach the intended audience, to make the risk
comprehensible and relatable to other risks, how to pay appropriate respect to the
audience0s values related to the risk, how to predict the audience0s response to the
communication, etc. ! main goal of risk communication is to improve collective and
individual decision making. Risk communication is somewhat related to crisis
communication.
Se4en (!)*in!/ )0/es fo) t-e ,)!(ti(e of )is# (o&&0ni(!tion
• !ccept and involve the public1other consumers as legitimate partners (e.g.
stakeholders).
• #lan carefully and evaluate your efforts with a focus on your strengths,
weaknesses, opportunities, and threats (&B5%).
• ?isten to the stakeholders= specific concerns.
• Ae honest, frank, and open.
• )oordinate and collaborate with other credible sources.
• (eet the needs of the media.
• &peak clearly and with compassion.
SPECIFIC RISKS TO THE CORPORATION AND ITS MITIGATION
MEASURES ADOPTED
BUSINESS OPERATIONS RISKS5
%hese risks relate broadly to the company=s organisation and management, such as
planning, monitoring and reporting systems in the day to day management process
namely:
> 5rganisation and management risks,
> #ro"ects working1 interruption risks,
> #rofitability
Ris# &iti%!tion &e!s0)es:
> %he )ompany functions under a well defined organi2ation structure.
> @low of information is well defined to avoid any conflict or communication
gap between two or more Gepartments.
> &econd level positions are created in each Gepartment to continue the work
without any interruption in case of non4availability of functional heads.
> $ffective steps are being taken to reduce cost of production on a continuing
basis taking various changing scenarios in the market.
BUSINESS DEVELOPMENT
&tate level pressure arising losing of pro"ects
Ris# &iti%!tion &e!s0)es:
• !ward of pro"ects should be with transparency.
• &hould have strong legally binding agreements with the state *overnments1
agencies once the pro"ect is allocated1 (oJ signed for the same.
.#)) is awarded pro"ects in difficult1 remote areas and private agency awarded with
pro"ects with easier areas
Ris# &iti%!tion &e!s0)es:
• *overnment should support for timely completion of pro"ects in difficult1
remote areas with incentives to off load some risks.
Risk of poor relationship with the clients
Ris# &iti%!tion &e!s0)es:
• &uitable #ro"ect (anager may be posted at #ro"ect with regular suitable
guidance. It will improve the relation for getting further works under the client.
Risk of non workable rate1 agency
Ris# &iti%!tion &e!s0)es:
• !s per contract, terms H condition work, the analysis of rates should be made
with the consideration of local H other related conditions in the area.
• )redentials of agency1 contractor with financial parameters must be verified
as per norms and local conditions.
PROJECT MANAGEMENT
Gelays in decision making
Ris# &iti%!tion &e!s0)es:
• Gelays in decision making leading to financial loss may be charged with
more accountability f or the same.
• Internal monitoring mechanism may be developed for the approval of
files or system. %he key decision points should be identified which delayed
and affected the overall pro"ect. %he estimated time for these decisions
and t h e responsible agency1agent for decision making should be clearly
identified. 5nce the system is in place the company will fix accountability
for delays in decision making
Gelays in award of contract because of contract litigations
Ris# &iti%!tion &e!s0)es:
• Jniform tender approval procedure must be developed to avoiding
contract litigations that arise due to issues raised on tendering procedures
considering all aspects related to tendering.
• Getailed s t a n d a r d contracts agreement covering each factor for avoiding
loop holes with the lesson from various contracts should be carried forward
to to make them more robust.
#ro"ect cost overrun Risks
Ris# &iti%!tion &e!s0)es:
• )lauses for penalties, liuidated damages, performance bonus, completion1
performance guarantees may be added in contract agreement to transfer
such risks to agencies1contractor.
• Reduce cost overruns adopting fixed1lump4sum turnkey contracts, and
developing contingency plan, and developing scope and risk management.
Jpgradation of technology
Ris# &iti%!tion &e!s0)es:
• %he manpower at every level may be updated with new technology in the all
fields, vi2. @inance, *reen $ngineering technology, )onstruction
(ethodology, .ew machinery H material, 'uman Resources skill
development to cope up these.
• !ttending seminars, workshops, technical1 non technical fairs, training in
different field to enhance the competency to work new scenario.
%errorism1 insurgent groups impact on pro"ect leading to time and cost overrun
Ris# &iti%!tion &e!s0)es:
• ?iaison with &tate *overnment (Gepartment of 'ome), and (inistry of
'ome !ffairs for adeuate protection of its pro"ect sites
• $nsure that there are no penalty clauses in the working for the pro"ect
which are likely to be impacted by the acts of terrorism1 insurgent groups.
• $xplore the option of taking terrorism coverage policy for pro"ects in &tates
effected by terrorism1 insurgent groups for nullifying any loss of its financial
interests
.on availability and1 or price hike of raw materials like cement, steel, bricks, sand etc.
Ris# &iti%!tion &e!s0)es:
• #rescribe minimum inventory norms for critical raw material and monitor
regularly its movement. #enalty can be included in the contract conditions
for not meeting the average inventory norms by the contractor even
without any disruption of pro"ect activity on such account
)ontractor i ssues l i ke euipment problems, construction methodology, labor
unions, poor labour uality and scarcity of contractor labour
Ris# &iti%!tion &e!s0)es:
• Gevelop a screening filter for weeding out non4serious bidders and1or
put erring contractors under a black list to forbid them in future tenders
participation. #ublish such list of erring contractors to discourage growth of
such vendors.
• !warding of c ritical assignments to new contractor may be avoided.
• 5ffer of assi gnment s to be ext ensi vel y advertised t o allow
maximum agencies1contractor to participate in the tendering process.
$xpert agenci es1 contractors may be encouraged.
• Bith the implementation of contractors= performance feedback system.
#repare a agencies1contractors Information and Rating &ystem to allow
evaluation of all agencies1contractors.
LI8UIDITY RISKS5
> @inancial solvency and liuidity risks
> Aorrowing limits
> )ash management risks
Ris# Miti%!tion Me!s0)es:
> #roper financial planning in terms of cash flow, is put in place with
detailed !nnual #lans discussed at appropriate levels within the organisation.
> !nnual and uarterly budgets are prepared and put up to management for
detailed discussion and an analysis of the nature and uality of the
assumptions, parameters etc.
> %hese budgets with Iariance !nalysis are prepared to have better
financial planning and study of factors giving rise to variances.
> Gaily and monthly cash flows are prepared, followed and monitored at senior
levels to prevent undue loss of interest and utilise cash in an effective
manner.
> )ash management services are availed from Aank to avoid any loss of
interest on collections
CREDIT RISKS5
> Risks in settlement of dues by clients1contractors
> #rovision for bad and doubtful debts
Ris# Miti%!tion Me!s0)es:
> &ystems put in place for assessment of creditworthiness of clients1
contractors.
> #rovision for bad and doubtful debts made to arrive at correct financial
position of the )ompany.
> !ppropriate recovery management and follow up.
HUMAN RESOURCE RISKS5
• ?abour %urnover Risks, involving replacement risks, training risks, skill
risks, etc.
• Jnrest Risks due to &trikes and ?ockouts.
Ris# Miti%!tion Me!s0)es:
> )ompany has proper recruitment policy for recruitment of personnel at
induction levels in the organi2ation.
> #roper appraisal system for revision of compensation on a periodical
basis has been evolved and followed regularly to keep the high morale of
manpower.
> $mployees are trained at regular intervals to upgrade their skills with new
developed technologies.
> !ctivities relating to the Belfare of employees are undertaken.
> $mployees are to be encouraged to make suggestions and discuss any
problems with their &uperiors. &o a monthly interactive meeting of teams
should be held.
DISASTER RISKS5
> .atural risks like @ire, @loods, $arthuakes, etc.
Ris# Miti%!tion Me!s0)es:
> %he #roperties1 !ssets of the company are insured against natural risks,
like fire, flood, earthuakes, etc. with periodical review of adeuacy, rates
and risks covered under professional advice.
> @ire extinguishers have been placed at fire sensitive locations.
> %raining of (anpower for fighting with .atural Gisasters and usage of @i rst aid
medical care in case of accidents at site1 offices.
INFORMATION TECHNOLOGY RISKS5
> &ystem capability
> &ystem reliability
> Gata integrity risks
> )oordinating and interfacing risks
Ris# Miti%!tion Me!s0)es:
> I% Givision maintains repairs and upgrades the systems on a continuous
basis with personnel who are trained in software and hardware.
> #assword protection is provided at different levels to ensure data integrity.
> ?icensed software is being used in the systems.
• Leeping the periodic backup provisions for servers related to all our intranet H
internet activities.
> %he )ompany ensures 8Gata &ecuri ty9, by having access control 1
restrictions.
LEGAL RISKS5
%hese risks relate to the following:
> )ontract Risks
> )ontractual ?iability
> @rauds
> Mudicial Risks
> Insurance Risks
Ris# Miti%!tion Me!s0)es:
@ollowing are the Risk mitigation measures adopted by the )ompany to
mitigate the risks relating to ?egal aspects:
> ! study of contracts with focus on contractual liabilities, deductions,
penalties and interest conditions is undertaken on a regular basis.
> %he ?egal department vets all legal and contractual documents with
legal advice from ?egal retainers for different branches of legislation.
>)ontracts are finali2ed as per the advice from legal professionals and
!dvocates.
>Insurance policies are audited to avoid any later disputes.
>%imely payment of insurance and full coverage of properties1!ssets of the
)ompany under insurance.
>Internal control systems for proper control on the operations of the
)ompany and to detect any frauds.
INTEREST RATE RISK MANAGEMENT5
%he )ompany keeps #ro"ect @unds1 &ecurity deposits, $(Gs etc with @inancial
Institutions in the form of @ixed Geposits of different periodicity. %his money is also
regulating the )ash @low for the #ro"ect1 )orporation.
Ris# Miti%!tion Me!s0)es:
!ll are considered month wise for the current year and uarter wise for
later use, accordingly time period is fixed. Aesides, the cash flows are
prepared and monitored.
DISCLAIMER CLAUSE
%he (anagement cautions readers that the risks outlined above are not exhaustive
and are for information purposes only. (anagement is not an expert in assessment of
risk factors, risk mitigation measures and management=s perception of risks. Readers
are therefore reuested to exercise their own "udgment in assessing various risks
associated with the )ompany.