Golden Peacock Award for Risk Management Winners
Year 2018 «« Go Back To Home
Ashok Leyland Limited
Chennai
WNS Global Services (P) Limited
Mumbai
[Automobile] [BPO]
Ashok Leyland Limited is the second largest manufacturer of commercial vehicles in India. Corporate Enterprise Risk Management (ERM) function conducts periodic monitoring to ensure that the risk management processes are being followed and provides assurance to management. As part of strategy setting, Risk Management Strategy is also finalised, considering the acceptable risk appetite and tolerances. Each risk identified is assessed in terms of its impact on the achievement of company's strategic and business objectives. Corporate ERM function also periodically validates the effectiveness of risk mitigation plans to ensure that actions taken to mitigate risks are appropriate. WNS Global Services (P) Limited is a provider of comprehensive data, voice, analytical and business transformation services. Company's ERM Policy acts as apex risk management policy. The Board provides overall guidance and oversight on the risk management framework within WNS and approves the framework and risk appetite. While arriving at a risk mitigation strategy, consideration is given to the cost of mitigating controls vis-a-vis the cost of transfer of the risk, effectiveness of the control design and scalability of the control framework. The Business Process Risk Management and Audit team conducts detailed reviews of operational processes during transition phase or shortly thereafter to determine any residual fraud risk.
Tata Capital Limited
Mumbai
Edelweiss Financial Services Limited
Mumbai
[Financial Services] [Financial Services]
Tata Capital Limited is the flagship financial services arm of the Tata Group providing a wide range of financial products and services to its retail and corporate customers. The company’s Risk Management is compliant with ISO:31000. It has a ‘three-lines-of-defence’ model with primary ownership of risks resting with the various business units. Scenario analysis is done for various scenarios factoring in the external and emerging risks. Stress testing is an integral part of the overall governance and risk management culture. It has a Fraud Risk Management Policy, a Fraud Risk Management Committee and an Approved Information Security and Information Technology Policy in place. Edelweiss Financial Services Limited is one of India’s leading diversified financial services company. The Risk Management Strategy with evaluating decisions are based on risk mantra ’Is it worth’ and ‘Can we afford it’. Board, through Risk Committee, provides aggregated view on the risk principle of the company for all categories of risks as well as the mitigation plans. Risk Management forms an integral part of employees’ performance. The company has developed an in-house Governance Risk Compliance (GRC) software system called ‘Compliance Management System (CMS)’ – RICA GO for regulatory event monitoring, documentation and reporting.
SBI Life Insurance Company Limited
Mumbai
Infosys Limited
Bengaluru
[Insurance] [IT]
SBI Life Insurance Company Limited is a joint venture between State Bank of India and BNP Paribas Cardiff S.A. Risk Management processes are documented as a part of Risk Management Policy. Risk Management Team scans the internal environment and external environment to identify potential risks to the company. It employs various tools like risk register, RCSA, business continuity, heat maps, incident reporting, risk saving and risk reviews to implement the policy. Risks that are rated as High are monitored by RMB-Board and RMC-Executive. Infosys Limited is a leading provider of technology software services and consulting organisation. Company's Enterprise Risk Management (ERM) process is both Risk and Opportunity identification and mitigation of risk and exploitation of opportunity. Cross functional team works with marketing and PR team to proactively mitigate and manage reputational risk. Risk Management Policy at Infosys is implemented by the office of Risk Management via ERM framework. The company has three layers of defense for risk management – Risk Self-assessment, internal corporate audit and internal audit by third party auditor. All risks relating to compliances, fraud etc. do not have any tolerance at Infosys and are always treated as critical/high.
ONGC Videsh Limited
New Delhi
HPCL-Mittal Energy Limited
Noida
[Oil Production] [Oil Refining]
ONGC Videsh Limited is a wholly owned subsidiary of ONGC, the flagship national oil company of India. The primary business of ONGC Videsh is to get involved in prospects for oil and gas acreages outside India, including exploration, development and production of oil and gas. Risks have been mapped with the risk drivers and mitigation factors for all projects and these are mapped in SAP GRC (Governance Risk Compliance) Risk module. While developing mitigation strategies, First Person Responsible (FPR) is defined along with timelines as applicable. Business Continuity Plan (BCP) is in place, for critical organization functions/processes. HPCL–Mittal Energy Limited (HMEL) is a joint venture between Hindustan Petroleum Corporation Limited (HPCL) and Mittal Energy Investments Private Limited. It owns and operates the Guru Gobind Singh Refinery (GGSR). The Board of Directors review the Risk scenario in the company from time to time and oversee implementation of effective risk management. Risk evaluation of each risk is done by understanding and deriving the 'Probability', 'Impact', Urgency' and 'Controllability' on the occurrence of the risk. A detailed Risk Register is prepared by the company on a quarterly basis which acts as a central repository for all the risks of the company.
Tata Steel Limited
Mumbai
InterGlobe Technology Quotient Private Limited
Gurugram
[Steel] [Travel]
Tata Steel Limited has steel manufacturing units with a production capacity 10 MTPA at Jamshedpur and 3 MTPA at Odisha. It operates with a completely integrated value chain that extends from mining to finished steel goods. The goal of company's Enterprise Risk Management (ERM) is to develop a 'Risk intelligent culture' that supports risk informed decision making and helps improve performance. The company uses Risk Maturity Assessment (RMA) scores to check the effectiveness of ERM deployment. RMA has improved to 4.56 in 2017. The company's ERM is aligned with the requirement of Quality Management System (QMS) risk management criteria. Review of the ERM framework deployed is planned on a yearly basis by Internal Auditors and every three years by external auditors InterGlobe Technology Quotient Private Limited, a strategic business unit of InterGlobe Enterprises, is an official distributor of Travelport GDS (Galileo and Worldspan). The risks and controls are embedded into the organizational culture for which the process includes Risk and Controls Self –Assessment. A fraud risk policy detailing applicability, fraud identification, fraud reporting channels, fraud investigations, fraud witness protection and fraud response has been designed to enable prevention, early detection and remediation of frauds. Internal audit review the risk management process as per the internal audit charter.
Year 2017
Reliance Securities Limited
Mumbai
L&T Finance Holdings Limited
Mumbai
[Financial Services] [Financial Services]
Reliance Securities Limited (RSL) is a leading stock broking company in the retail segment in Equity, Equity Derivative and Currency Derivative segments. RSL has a Risk Management Policy and Strategy directed by the Board. The Risk Management Framework follows a three-tire structure: Operational Managers forms the first; Risk Management Committee and the Department are the second and the Internal Audit is the third line of defense. Joint planning sessions are held within the organisation at least a year before the launch of a new product or business so that the stakeholders know the future aspirations and plans of the marketing team. RSL has put in place a comprehensive Information Security Policy. L&T Finance Holdings Limited is India's one of fastest growing NBFCs offering diverse range of financial products and services across rural, housing and infrastructure finance sectors. Risk Management Committee reviews the risk management process on a six-monthly basis to ensure effectiveness. As part of integrating, risk and business prospective, Centre of Excellence has been set for all the focused products. A rigorous quarterly portfolio review based on early warning signals is carried out. The organisation has rolled out a Liquidity Buffer Management Policy to tie-up any liquidity risks. The organisation has a strong Fraud Risk Management Framework which is governed through a dedicated and elaborate vertical mainly Risk Containment Unit. Cyber Security is integrated in the IT Security Policies. The Risk Mitigation Strategy is primarily guided by the risk appetite statement at the enterprise level.
Deutsche Bank AG
(Private & Commercial Clients, India) Mumbai
State Bank of India
Mumba
i
[Financial Sector (Banking) - Private] [Financial Sector (Banking) - PSU]
Deutsche Bank AG launched retail banking services in India in October 2005 and its Private and Commercial Clients Division offers comprehensive range of banking products and services. The Risk Management Principles document sets out the guiding principles of risk management at the bank. The Risk Management Framework is to identify, capture, assess, quantify, control and manage such risks. Operational Review Meeting is conducted monthly to discuss all operational and system related matters. The Global Anti-Fraud Policy focuses on developing strategies to prevent frauds. A group audit independently and objectively examines and reports on the adequacy of the Risk Management System. State Bank of India (SBI) is the largest bank in India and significant by its assets, deposits, branches, customers and employees. The bank has approved Enterprise Risk Management Policy and 44 other risk related policies. SBI has Risk Management Committees of the board for: Credit Risk, Market Risk, Operational Risk, Enterprise & Group Risk and Compliance Risk. Risk Management Framework consists of risk governance structure and policies, assessment and measurement, model development and validation, monitoring and reporting, stress testing and capital adequacy and disclosures. SBI has a Reputation Risk Management Framework and a Fraud Risk Management Policy.
CISF Unit ASG
Mumbai
InterGlobe Hotels Private Limited
Gurgaon
[Government] [Hospitality]
Central Industrial Security Force (CISF), is a Central Armed Police Force of the Government of India engaged in providing security to various government buildings and historical monuments. The CISF Unit ASG, Mumbai provides security at Mumbai Airport. Potential risks are identified by the organisation for mitigation. The operational management is engaged in risk identification, risk evaluation and risk treatment/mitigation. CISF has identified 18 major key risk areas with proposed security measures for baseline, intermediate and high threat conditions to mitigate the risks. The methodology of threat assessment and management uses three-core principles namely: Identify, Implement and Sustain. Wherever needed, brain-storming sessions are carried out to define a realistic timeline for rolling out mitigation. InterGlobe Hotels Private Limited (IGH) is a joint venture between InterGlobe Enterprises Limited and AAPC Singapore Private Ltd (Accor). The main product is to design, develop, construct and manage economy hotels. The organisation has an approved Risk Management Policy, Plan and Strategy. Risk and Control Self-Assessment provides a strong governance structure for making risk management effective. Compliance management is mapped. IGH has an Anti-Fraud Policy and conducts periodic fraud risk assessment. 24x7 Group Security Official Centre has been institutionalized to take care of Cyber Security risks. A detailed action plan for rolling out mitigation strategies for top 10 enterprise risks has been documented for monitoring. Risk based internal audit has been introduced. IGH has developed 'Wrench Tool' for illustrating risk management initiatives taken during the year.
Cholamandalam MS General Insurance Company Ltd
Chennai
Aditya Birla Sun Life Insurance Company Limited
Mumbai
[Insurance (General)] [Insurance (Life)]
Cholamandalam MS General Insurance Company Limited is a joint venture between Murugappa Group and Mitsui Sumitomo Insurance Company Limited, Japan. The organisation has a Board approved Risk Management Policy and Strategy. Its risk management framework and processes are reviewed by the board constituted Risk Management Committee on a quarterly basis. A software from 'Lexus Nexus' is installed to identify false claims made by policy-holders. 'Business Intelligence' software is implemented which analyses all data and probes the list of probable frauds, which gets investigated. The organisation has a Cyber Security Policy and Cyber Security Assurance Audit in place. Aditya Birla Sun Life Insurance Company Limited (ABSLI) is a joint venture between Aditya Birla Capital and Sun Life Financial (India) Insurance Investment Incorporated. Board approved Risk Management Policy and Framework is in place. The risk management effectiveness is reviewed by the Risk Committee on a quarterly basis. Operational risks are governed through Operation Risk Management Policy and database is maintained to track and mitigate risks. Risk Control Self-Assessment Process is implemented as first line of defense. ABSLI is the first insurance company in India to be certified against BS 2599 standards (globally accepted standard on business continuity) and got transition to ISO 22301 (New Global Standards)
Cyient Limited
Hyderabad
ONGC Videsh Limited
New Delhi
[IT] [Oil Production]
Cyient Limited, is an IT enabled engineering service company having main products and services as Engineering, Design-led manufacturing, Network and operations and Analytics. Cyient has a Board approved Risk Management Policy. The Audit and Risk Committee of the Board provides oversight to the management activities of the organisation. All the business planning processes include a process of identifying optimistic, realistic and pessimistic scenarios; and key assumptions and risks associated with these scenarios are closely reviewed. All forecasts are reviewed for key risks and assumptions applied. The organisation has a Cyber Security Framework and Policy aligned to the National Institute of Standards and Technology Cyber Security Framework. 18 Key Risk Indicators have been documented for monitoring of target threshold and trend. ONGC Videsh Limited is the overseas arm of ONGC Limited established for the purpose of prospecting for oil and gas acreages overseas. The organisation has a Board approved Enterprise Risk Management System to manage business risks, complying with the Department of Public Enterprises Guidelines. Risks have been mapped with the risk drivers and mitigation factors for all the projects and also mapped in SAP GRC (Governance, Risk and Compliance) Model. The Enterprise Risk Management is in line with ISO 31000:2009. If the opportunity is attractive and meets the policy criteria, a 'Zero Based Risk Review' is prepared considering all types of risks along with due diligence and sensitivity analysis. Risk Dashboard has been developed for top management, which includes Project Risk Status, Risk Heat Map (without control and with control), quarterly compliance and risk event.
Apollo Tyres Limited
Gurgaon
Bharti Infratel Limited
Gurgaon
[Rubber] [Telecommunication]
Apollo Tyres Limited is a leading tyre manufacturer in the world with six manufacturing units in India, Netherland and Hungary. The organisation has a Board approved Risk Management Charter and Policy. Risk management steering committee is responsible for identification, assessment, mitigation, monitoring and reporting of material risks. Risks are assessed on qualitative two-fold criteria: the likelihood of occurrence of risks and the magnitude of impact of the risk event occurrence. The combination of likelihood of occurrence and the magnitude of impact provide the inherent risk level. The organisation has a Global Compliance Dashboard as an effective tool to monitor governance, risk and compliance. Bharti Infratel Limited is a leading telecom tower infrastructures provider company in India. The organisation deploys, owns and manages telecom towers and communication structure for all wireless operators. Based on their impact on financials, service delivery and customer experience, risks are rated as high, medium and low and then mitigation plans are identified for each of the risk statement. Fraud Risks are identified by the organisation as assets misappropriation, fraudulent statement and financial integrity. Bharti Infratel has a security operation centre. A data leakage prevention system is implemented. In addition to ISO audit, IT audit is also done by third party auditors at regular frequency on IT general control and IT applications control.
Year 2016
Mahindra & Mahindra Limited
Mumbai
Larsen & Toubro Limited
Mumbai
[Automobile] [Engineering]
Mahindra & Mahindra Limited is a leading automobile and farm equipment manufacturer having global presence. The company has identified eight types of risk: Volume and Growth, Value, Cost due to regulation, Cost due to environment and Alternate fuels, Growth due to financial markets, New projects growth and Volume in regard to monsoon. All these risks have been addressed by mitigation plans. Internal Audit provides independent assurance of the Risk Management System and the processes supporting it; and reviews the overall effectiveness of the risk management measures and controls; and assists Risk Committee/ Board of Directors in their monitoring function and to play an integral role in the promotion of risk management. Larsen & Toubro Limited (L&T) is an Indian multinational and diversified company. It has institutionalized Risk Management Processes, aligned to ISO 31000:2009, in the company by implementing Risk Management guidelines, incorporating global best practices and procedures along with qualitative and quantitative tools and techniques. Company has a structured strategic planning exercise – 'Lakshya', which is carried out every 5 years. At the time of formulation of Lakshya Plan, discussions are held with Risk Management Department to identify and assess the risks and develop mitigation plans. The company has in place a robust Communication Risk Management Policy
Vijaya Bank
Bangalore
Edelweiss Financial Services Limited
Mumbai
[Financial Sector (Banking)] [Financial Services]
Vijaya Bank is a premier nationalized bank in India. The key responsibility of Board of Directors is to be aware of the major aspects of the bank's risks as a distinct risk category that should be managed, and to approve and periodically review the bank's Integrated Risk Management Framework. Risk Management Process defines the sequence of activities and decisions involved to manage various risks. The key elements in the Risk Management Process in the bank include Risk Identification; Risk Measurement; Risk Mitigation and Monitoring; and Risk Reporting which includes: Credit, Market, Liquidity and Operational Risks. Key Risk Indicators have been identified for key risks/ risk areas. Edelweiss Group is a leading diversified financial services company. The core philosophy in risk management centres on identification and quantification of risks, defining limits, monitoring them actively and taking swift action, when required, and have an environment with 'no loss' beyond tolerance. Any new risk is evaluated first on the basis of 'worthiness of risk' and 'affordability of risk'. Any risk which does not fit the above criteria is avoided. It has a strong focus on having a reliable Business Continuity Plan (BCP), which will be plan B, should there be any crisis situation.
InterGlobe Hotels Private Limited
Gurgaon
Apollo Munich Health Insurance Company Limited
Gurgaon
[Hospitality] [Insurance (General)]
InterGlobe Hotels Private Limited (IGH) is a joint venture between InterGlobe Enterprises Limited (IGE) and AAPC Singapore Pte. Ltd. The organization has a Board approved Risk Management Policy which includes a documented Risk Management Strategy. The complete risk universe is mapped on a progressive basis on the Governance Portal. It has risk based Internal Audits, Compliance Management, Compliance Audit and Management Certifications. Risk Treatment Plan is generated for the significant identified risks. A fraud risk policy has been designed to enable prevention, early detection and remediation of frauds. Apollo Munich Health Insurance (AMHI) is a joint venture between The Apollo Hospitals Group and Munich Health. Keeping in mind the Reputational Risk, the company follows a rule of thumb that any risk which can have reputational impact is rated 'Highest 4' on impact scale and highlighted to management at the earliest and adequate risk treatment plans are devised to mitigate. It follows bottom up approach to risk management. Risk Universe at AMHI has 14 risks in Strategic Category and 20 from Finance. Different mitigation strategies include – Risk Avoidance/Termination, Risk Transfer, Risk Reduction/Mitigation and Risk Acceptance /Retention.
Tata AIA Life Insurance Company Limited, Mumbai Oil and Natural Gas Corporation Limited
New Delhi
[Insurance (Life)] [Oil Production]
Tata AIA Life Insurance Company Limited (Tata AIA) is a joint venture between Tata Sons and AIA Group Limited. Tata AIA has a Board approved Risk Management Target Operating Model (TOM) and Risk Management Framework (RMF). The TOM classifies the risk management environment into three pillars viz Governance, Capabilities & Culture Development; and Process & Decision making. RMF focuses on creating value for the key stakeholders, policy holders, management and regulators. The company follows three lines of defense mechanism to manage risk within the organisation. Third line is represented by internal audit function, second line is represented by risk and compliance functions and all other functions represent first line of defense. Oil and Natural Gas Corporation Limited (ONGC) is India's largest oil Exploration & Production (E&P) company. ONGC Board has approved a detailed risk register covering entire operational business of ONGC. The risks identified include Operational Risks, Acquisition and Exploration Risks, Development and Production Risks, Abandonment & Site Restoration Risks, Occupational Health and Safety Risks, and Environmental Risks and Market Risks. The risk control measures taken by the risk owners are represented on the basis of its probability of occurrence and its impact on the business process for the described risk where the mitigation efforts have already been applied and reported.
SPECIAL COMMENDATION
Indiabulls Housing Finance Limited
Gurgaon
MSD Wellcome Trust Hilleman Laboratories Private Limited
New Delhi
Indiabulls Housing Finance Limited (IBHFL) is a leading and fast growing Housing Finance Company. The Company has identified various risks like: credit risk, market risk (interest rate and currency risk), liquidity risk and operational risk (technology, employee, transaction and reputation risk). The Company has a robust mechanism to ensure an ongoing review of systems, policies, processes and procedures to contain and mitigate risk that arise from time to time. It's Risk Management Policy lays down guidelines for all operational areas. The Company also has an adequate system of internal controls for business processes, with regard to operations, financial reporting, fraud control, and compliance with applicable laws and regulations. Hilleman Laboratories is a joint venture partnership between Merck & Co, and Welcome Trust. Respective divisions are involved in the planning stage of risk identification in line with ERM objectives set out by the mgmt. The company applies three principles of risk based management process: (a) Identifying what risks are for functions/ departments (b) Understanding of the risks i.e. what is acceptable/non-acceptable to the business/function/ department and (c) Planning and decide upon the correct option for the due course. The Key Risk Indicators have been defined and documented for all types of risks in the form of Risk Impact matrix and risk impact settings.
PNB MetLife India Insurance Company Limited
Gurgaon
PNB MetLife India Insurance Company Limited (PNB MetLife) is one of the fastest growing life insurance companies in the country. The company follows three lines of defense approach for risk identification and escalation. Each function (first Line of Defense) carries out an annual risk and control self-assessment. This submission is reviewed by Risk Management Function (Second Line of Defense) to assess and challenge the first line of defense through testing of controls. The third line of defense is audit observations against the processes. It has a strong whistleblower policy.