Rules for controlling and monitoring risk

The aim of the risk monitoring and communication process is to ensure that the response to risk is effective (ad hoc and periodic reports), new risks are identified (updated Risk Register), changes in the internal and external environment and their impact on the business are identified and measures in response to incidents are taken (updated information on Incidents in the Risk Register).

Effective risk monitoring encompasses periodic reviews of Key Risk Indicators, the completeness and timeliness of reporting as well as the status of implementation for selected responses to risk. Risk monitoring also includes audits performed by the Audit and Control Office.

The communication process is intended to:

Continuous learning and improving is a very important element of the risk management process. Raising awareness of enterprise risk management within JSW Group, training and encouraging employees to use knowledge of risks in daily activities will make it possible in the long term to maintain identified risks at acceptable levels.

When taking responsibility for risk, it should be noted that each Risk Owner (RO) manages the key risk factors assigned to him/her within the ERM system. RO is responsible for submitting information on new identified risks when performing his/her duties to a Representative or a similar RO.

Risk owners at JSW Group are: management boards, directors, managers, representatives and other designated persons in charge of functional processes or areas.

The Management Board Representative for Integrated Management and Risk Management System is the owner of the Risk Map, who designs and oversees the system and is responsible for managing risk within his/her area.

Leadership responsibility within the process consists of conducting identification, evaluation and analysis of risks and implementing, as part of daily duties, responses to risks. The leadership is responsible for on-going oversight of risk responses and ensuring that risks do not exceed the expected levels. The leadership is also expected to effectively delegate authority and duties concerning risk management to lower management levels.

The organisational structure with the risk management process is as follows:

The Management Board Representative for Integrated Management and Risk Management System is responsible for coordinating the entire enterprise risk management process, developing methods and tools used by managers at all JSW Group companies and for monitoring and escalating risks and for reporting incidents at agreed time intervals.

JSW’s Management Board is responsible towards the shareholders for the entire risk management system, oversight of the process and for ensuring effective risk responses.

The Risk Committee’s duty is to effectively manage risk and monitor key risks on an on-going basis. It periodically reviews current risk levels, supervising the implementation of risk response plans, evaluates the Group’s overall resilience to risk and submits proposals to the Management Board regarding risk reduction.

Within the risk management process, JSW’s Supervisory Board is tasked with monitoring the key risks as well as ways of handling these risks. Each year, the Supervisory Board submits to the General Meeting a concise assessment of the Company’s situation, including an assessment of the internal control system and risk management system.

Internal audit is an important element in ensuring the effectiveness of the risk management system. The annual internal audit plan is based on risk assessment and is aligned with business objectives. In the course of each audit task, assessment of the current level of specific risks is carried out. Internal audit is also responsible for performing an independent assessment of adequacy and effectiveness for risk management and issuing recommendations ensuring continuous improvements in risk management practices.