Detailed in the Shareholders’ section of ‘Stakeholder Engagement’.
As a diversified enterprise, the Company has always had a system-based approach to business risk management. Backed by strong internal control systems, the current risk management framework of the Company consists of the following elements:
The Corporate Governance Policy clearly lays down the roles and responsibilities of the various entities in relation to risk management. A range of responsibilities, from the strategic to the operational, is specified in the Governance Policy. These role definitions, inter alia, are aimed at ensuring the formulation of appropriate risk management policies and procedures, their effective implementation and independent monitoring and reporting by Internal Audit.
The Corporate Risk Management Cell works with the Businesses to establish and monitor the specific profiles including both strategic and operational risks. The process includes the prioritisation of risks, selection of appropriate mitigation strategies and periodic reviews of the progress on the management of risks.
A combination of centrally issued policies and divisionally evolved procedures brings robustness to the process of ensuring that business risks are effectively addressed.
Appropriate structures have been put in place to proactively monitor and manage the inherent risks in Businesses with unique/ relatively high risk profiles.
A strong and independent Internal Audit function at the Corporate level carries out risk-focussed audits across all Businesses, enabling identification of areas where risk management processes may need to be improved. The Audit Committee of the Board reviews Internal Audit findings and provides strategic guidance on internal controls. The Audit Compliance and Review Committee closely monitors the internal control environment within the Company and ensures that Internal Audit recommendations are effectively implemented.
At the business level, Divisional Auditors continuously verify compliance with laid down policies and procedures and help plug control gaps by assisting the operating management in the formulation of control procedures for new areas of operation.
A robust and comprehensive framework of strategic planning and performance management ensures realisation of business objectives, based on effective strategy implementation. The annual planning exercise requires all Businesses to clearly identify their top risks and set out a mitigation plan with agreed timelines and accountability. Businesses have confirmed that all relevant business risks have been identified, assessed, evaluated and appropriate mitigation systems have been implemented.
The combination of policies and processes, as outlined above, adequately addresses the various risks associated with the Company’s businesses. The senior management of the Company also periodically reviews the risk management framework to maintain its contemporariness so as to effectively address the emerging challenges in a dynamic business environment.
Oversight, Implementation and Audit of Economic, Environmental, Social and Related Policies
The CMC approves the relevant Financial, Environmental, Occupational Health & Safety and Social Development policies of ITC. The Corporate Internal Audit Function audits the implementation of all systems and policies in all Company Businesses and Corporate Headquarters. The Head of the Corporate EHS Department is responsible for laying down ITC’s EHS standards, preparing EHS Guidelines and ensuring effective implementation. The EHS performance of all Units/Factories/Hotels is audited at least once annually to ensure conformity with statutory requirements, Corporate EHS Guidelines and Standards.
The Corporate Human Resources (CHR) Department similarly coordinates all activities relating to the Company’s Social performance. Reports relating to Economic, EHS and Social performance are provided to the CMC on a monthly basis. In addition to the above, periodic presentations are made to the CMC to ensure performance in accordance with specified targets.
All management systems and standards in ITC conform to relevant national and international standards and benefit from internationally accepted best practices. Quality Management Systems in various businesses are certified in accordance with ISO 9001, International Quality Rating System (IQRS), Hazard Analysis and Critical Control Point (HACCP), TQM/TPM, Six Sigma and other internationally renowned standards, as applicable to the respective businesses.
Environment Management Systems in all ITC manufacturing Units and major hotels are certified in accordance with ISO 14001. The Occupational Health & Safety Management Systems in all manufacturing Units are certified in accordance with OHSAS 18001.
The Investor Service Centre (ISC) of the Company is certified in accordance with ISO 9001:2008 and rated ‘Level 5’ (highest level). This stands testimony to the excellence achieved by ISC in providing quality investor services.
Internal Audit Services relating to Systems and Controls in all areas of operation in the Company are certified under ISO 9001:2008 and rated ‘Level 5’ (highest level).