ACS Deep Vaghela

With the new corporate governance rules and in terms of SEBI Circular No. CIR/CFD/POLICY CELL/7/2014 dated 15.09.2014 and Circular No. CIR/CFD/POLICY CELL/2/2014 dated 17.04.2014, the Listed Company should lay down its policy and procedure for risk management.

With the changing market scenario, now the Risk Management becomes the essential area for management to look it into and now this role is being diverted to the Committee with name Risk Management Committee.

More likely, the whole risk management process seems like:

Risk Management

Risk Assessment

Risk Control
protection works

non-structural measures

Risk Determination

Risk Evaluation

Risk Identification
new risks
change in risk parameters
Risk EstimationDetermine:
probability of  occurrences
magnitude of  consequence value
Risk Acceptance
risk references
risk referents
Risk Aversion
degree of risk reduction
degree of risk avoidance

Risk Management is defined as the overall process of risk identification, quantification, evaluation, acceptance, aversion and management. The decisions are made by considering Risk Assessments within the context of political, social and economic realities. Such decisions are frequently controversial due to the difficulty in determining risks that are acceptable to the public.

Risk management includes Risk Assessment and Risk Control and Risk Assessment includes Risk Determination and Risk Evaluation.

Image courtesy of renjith krishnan at

Image courtesy of renjith krishnan at

Risk Determination involves the related processes of Risk Identification and Risk Estimation. Risk Identification is the process of observation and recognition of new risk parameters or new relationships among existing risk parameters, or perception of a change in the magnitudes of existing risk parameters.

Risk, at the general level, involves two major elements: the occurrence probability of an adverse event and the consequences of the event. Risk Estimation, consequently, is an estimation process, starting from the occurrence probability and ending at the consequence values.

Risk Evaluation is a complex process of developing acceptable levels of risk to individuals, groups, or the society as a whole. It involves the related processes of Risk Acceptance and Risk Aversion.

Risk Acceptance implies that a risk taker is willing to accept some risks to obtain a gain or benefit, if the risk cannot possibly be avoided or controlled. The acceptance level is a reference level against which a risk is determined and then compared. If the determined risk level is below the acceptance level, the risk is deemed acceptable. If it is deemed unacceptable and avoidable, steps may be taken to control the risk or the activity should be ceased. The perception and the acceptance of risks vary with the nature of the risks and depend upon many underlying factors.

Risk Aversion is the control action, taken to avoid or eliminate the risk, regulate or modify the activities to reduce the magnitude and/or frequency of adverse affects.


  • To assess the Company’s risk profile and key areas of risk in particular.
  • To recommend the Board and adoption of risk assessment and rating procedures.
  • To articulate the Company’s policy for the oversight and management of business risks.
  • To examine and determine the sufficiency of the Company’s internal processes for reporting on and managing key risk areas.
  • To assess and recommend the Board acceptable levels of risk.
  • To develop and implement a risk management framework and internal control system.
  • To review the nature and level of insurance coverage.
  • To have special investigations into areas of corporate risk and break-downs in internal control.
  • To review management’s response to the Company’s auditors’ recommendations those are adopted.
  • To report the trends on the Company’s risk profile, reports on specific risks and the status of the risk management process.


  • To define the risk appetite of the organization.
  • To exercise oversight of management’s responsibilities, and review the risk profile of the organization to ensure that risk is not higher than the risk appetite determined by the board.
  • To ensure that the Company is taking appropriate measures to achieve prudent balance between risk and reward in both ongoing and new business activities.
  • To assist the Board in setting risk strategies, policies, frameworks, models and procedures in liaison with management and in the discharge of its duties relating to corporate accountability and associated risk in terms of management assurance and reporting.
  • To review and assess the quality, integrity and effectiveness of the risk management systems and ensure that the risk policies and strategies are effectively managed.
  • To review and assess the nature, role, responsibility and authority of the risk management function within the Company and outline the scope of risk management work.
  • To ensure that the Company has implemented an effective ongoing process to identify risk, to measure its potential impact against a broad set of assumptions and then to activate what is necessary to pro-actively manage these risks, and to decide the Company’s appetite or tolerance for risk.
  • To ensure that a systematic, documented assessment of the processes and outcomes surrounding key risks is undertaken at least annually for the purpose of making its public statement on risk management including internal control.
  • To oversee formal reviews of activities associated with the effectiveness of risk management and internal control processes. A comprehensive system of control should be established to ensure that risks are mitigated and that the Company’s objectives are attained.
  • To review processes and procedures to ensure the effectiveness of internal systems of control so that decision-making capability and accuracy of reporting and financial results are always maintained at an optimal level.
  • To monitor external developments relating to the practice of corporate accountability and the reporting of specifically associated risk, including emerging and prospective impacts.
  • To provide an independent and objective oversight and view of the information presented by the management on corporate accountability and specifically associated risk, also taking account of reports by the Audit Committee to the Board on all categories of identified risks facing by the Company.
  • To review the risk bearing capacity of the Company in light of its reserves, insurance coverage, guarantee funds or other such financial structures.
  • To fulfill its statutory, fiduciary and regulatory responsibilities.
  • To ensure that the risk awareness culture is pervasive throughout the organization.
  • To review issues raised by Internal Audit that impact the risk management framework.
  • To ensure that infrastructure, resources and systems are in place for risk management is adequate to maintain a satisfactory level of risk management discipline.
  • The Board shall review the performance of the risk management committee annually.
  • Perform other activities related to risk management as requested by the Board of Directors or to address issues related to any significant subject within its term of reference.

More Under SEBI

Posted Under

Category : SEBI (3008)
Type : Articles (18509)
Tags : Audit (467)

Leave a Reply

Your email address will not be published. Required fields are marked *