ITC :: Sustainability Report 2009

Chairman’s Statement:
ITC’s Vision and Strategy

ITC:
Organisational Profile

Certifications, Honours & Awards

Report
Parameters

Governance, Commitments
& Engagements

ITC’s Triple Bottom Line

GRI Index

Annexures

Statement from
Ernst & Young

Self-declaration on Application Level

Home | Contents

«•»

Precautionary approach

As a diversified enterprise, the Company has always had a system-based approach to business risk management. The annual business planning exercise requires all businesses to clearly identify their top risks and set out a mitigation plan with agreed timelines and accountability.

Backed by strong internal control systems, the current risk management framework of the Company consists of the following elements -

•	The Corporate Governance Policy has laid down the roles and responsibilities of the various entities in relation to risk management. A range of responsibilities, from the strategic to the operational, is specified in the Governance Policy. These role definitions, inter alia, are aimed at ensuring formulation of appropriate risk management policies and procedures, their effective implementation and independent monitoring and reporting by Internal Audit. The Corporate Risk Management Cell works with the businesses to identify and establish the respective risk profiles. The risk profiles include both strategic risks and operational risks.
•	A combination of centrally issued policies and divisionally-evolved procedures brings robustness to the process of ensuring that business risks are effectively addressed.
•	Appropriate structures have been put in place to proactively monitor and manage the inherent risks in businesses with unique/relatively high risk profiles.
•	A strong and independent Internal Audit function at the Corporate level carries out risk-focused audits across all businesses, enabling identification of areas where risk management processes may need to be improved. The Audit Committee of the Board reviews Internal Audit findings, and provides strategic guidance on internal controls. The Audit Compliance and Review Committee closely monitors the internal control environment within the Company and ensures that Internal Audit recommendations are effectively implemented.
•	At the business level, Divisional Auditors continuously verify compliance with laid down policies and procedures, mitigate risks in financial reporting through regular transaction audits and help plug control gaps by assisting Operating Management in the formulation of control procedures for new areas of operations.
•	A robust and comprehensive framework of strategic planning and performance management ensures realisation of business objectives based on effective strategy implementation. Businesses confirm periodically that all relevant business risks have been identified, assessed, evaluated and appropriate mitigation systems implemented.

The combination of policies and processes as outlined above adequately addresses the various risks associated with the Company’s businesses. The senior management of the Company periodically reviews the risk management framework to maintain its contemporariness so as to effectively address the emerging challenges in a dynamic business environment.