The Company has a Code of Conduct for Prevention of Insider Trading (‘ITC Code’) in the shares and securities of the Company. The ITC Code, inter alia, prohibits purchase/sale of shares of the Company by employees while in possession of unpublished price sensitive information in relation to the Company. Instances of violation of the ITC Code, if any, are reported to the Board and to the regulatory authorities.

The role of the Board of Directors is to provide direction and exercise control to ensure that the Company is managed in a manner that fulfils stakeholders’ aspirations and societal expectations.

Shareholder Mechanisms

Detailed in ‘Shareholders’ section of ‘Stakeholder Engagement’.

Precautionary approach

As a diversified enterprise, the Company has always had a system-based approach to business risk management. The annual business planning exercise requires all businesses to clearly identify their top risks and set out a mitigation plan with agreed timelines and accountability.

Backed by strong internal control systems, the current risk management framework of the Company consists of the following elements:

• The Corporate Governance Policy has laid down the roles and responsibilities of the various entities in relation to risk management. A range of responsibilities, from the strategic to the operational, is specified in the Governance Policy. These role definitions, inter alia, are aimed at ensuring formulation of appropriate risk management policies and procedures, their effective implementation and independent monitoring and reporting by Internal Audit.

• A combination of centrally issued policies and divisionally-evolved procedures brings robustness to the process of ensuring that business risks are effectively addressed.

• Appropriate structures have been put in place to effectively address the inherent risks in business with unique/relatively high risk profiles.

• A strong and independent Internal Audit function at the Corporate level carries out risk-focused audits across all businesses, enabling identification of areas where risk management processes need to be strengthened. The Audit Committee of the Board reviews Internal Audit findings, and provides strategic guidance on internal controls. The Audit Compliance and Review Committee closely monitors the internal control environment within the Company and ensures that Internal Audit recommendations are effectively implemented.

• At the Business level, Divisional Auditors continuously verify compliance with laid down policies and procedures, and help plug control gaps by assisting Operating Management in the formulation of control procedures for new areas of operations.

• A robust and comprehensive framework of business planning and performance management ensures realisation of business objectives based on effective strategy implementation.

The combination of policies and processes as outlined above adequately addresses the various risks associated with the Company’s businesses. The senior management of the Company periodically reviews the risk management framework to maintain its contemporariness so as to effectively address the emerging challenges in a dynamic business environment.

Oversight, Implementation and Audit of Economic, Environmental,
Social and Related Policies

The Corporate Management Committee (CMC) of the Company approves the relevant Financial, Environmental, Occupational Health and Safety, and Social policies of ITC.

The Corporate Internal Audit function audits implementation of all systems and policies in all Company businesses and Corporate Headquarters.The Corporate EHS Department, headed by an Executive Vice-President, is responsible for laying down ITC’s standards, preparing EHS Guidelines, ensuring implementation and, at least annually, auditing the EHS Performance in each of the Units/Factories/Hotels to ensure conformity to statutory requirements, Corporate EHS Guidelines and Standards.

The Corporate Human Resources (CHR) Department similarly coordinates all activities relating to the Company’s social performance.

Reports relating to Economic, EHS and Social performance are provided to the CMC on a monthly basis. In addition to the above, periodic presentations are made to the CMC to ensure performance in accordance with specified targets.

All Management Systems and Standards in ITC conform to relevant national and international standards and benefit from internationally accepted Best Practices. Quality Management Systems in various businesses are certified in accordance with ISO 9001, International Quality Rating System (IQRS), Hazard Analysis and Critical Control Point (HACCP), TQM/TPM, Six Sigma and other internationally renowned standards as applicable to the respective businesses.

Environment Management Systems in all ITC manufacturing units, major hotels and Corporate EHS Department are certified in accordance with ISO 14001.

Occupational Health & Safety Management Systems in all manufacturing units including Corporate EHS Department are certified in accordance with OHSAS 18001.