Risk management

Proper risk management consists of identifying risks and taking appropriate action, with the objective being to maximise lasting benefits across all areas of an organisation's operations.

Risk management policy

JSW Group has taken steps to thoroughly apply the rules contained in Good practices for WSE-listed companies, as well as to ensure maximum transparency, proper quality of communication with investors and the safeguarding of shareholder rights, also in matters not regulated by law. The observance of these rules is ensured through a comprehensive enterprise risk management (ERM) system, which consists of JSW Group's Enterprise Risk Management Policy and Procedure.

Risk management objective

The aim of enterprise risk management is to identify events and risks that may potentially have an impact on the organisation, maintain risks within the set boundaries and rationally implement business objectives. This is a continuous process, subject to modifications in response to a changing economic environment, changes in the Company's operations and changes concerning the impact of specific risks on the Company's business objectives. Enterprise risk management encompasses activities at the level of JSW, the entire JSW Group and individual business processes.

JSW Group uses systems such as ERM in order to strengthen its management system and increase transparency in managing risk. These benefits enhance risk management performance and reduce the cost of risk and the cost of capital.

Introducing consistent risk management standards at JSW Group is aimed at:

  • maintaining risk within set boundaries and rationally implementing business objectives,
  • ensuring operational security at JSW S.A. and JSW Group companies,
  • establishing a consistent approach to identifying, evaluating and analysing risks and implementing responses to material risks,
  • ensuring the creation and protection of value for shareholders,
  • implementing early-warning tools for threats and alerts for opportunities,
  • supporting business objectives and ensuring strong support for decision-making at all organisational levels, aimed at maximising earnings within an acceptable level of risk,
  • building an organisation that is aware of the risks it takes and strives for continuous improvement.

Proper risk management consists of identifying risks and taking appropriate action, with the objective being to maximise lasting benefits across all areas of an organisation's operations. This entails understanding the potential positive and negative effects of all factors that may have an impact on the organisation, as well as activities intended to increase the likelihood of success and decrease the likelihood of failure and uncertainty with regard to achieving targets.

Risk management rules

The basis of the ERM system that makes it possible to effectively manage risk is the proper collecting and archiving of data for its further processing. Identifying risks and implementing tools for limiting them make it possible to take effective preventive action in the face of a threat. Risk management is a continual process and is subject to continuous improvements, covering both the organisation's strategy as well as procedures for implementing this strategy. It methodically resolves issues related to threats to the organisation's operations that took place in the past, are currently present and are the most likely to occur in the future.

The ERM system is a tool supporting management processes at JSW Group, allowing a comprehensive approach to identifying, evaluating and managing risk.

The ERM system takes account of the following elements:

  • organisation's environment - basic rules, organisational structure, roles and scopes of responsibility in the risk management process,
  • risk identification - identification of primary risk,
  • risk evaluation - analysis and assessment of primary risk and the performance of existing control mechanisms,
  • definition and deployment of action plans - definition of appropriate plans of action that take into account specific responses and strategy for managing a given risk and undertaking activities in line with an approved plan of action for that risk,
  • monitoring and reporting - an element of the risk management process that is related to monitoring the risk profile and reporting on the performance of control mechanisms.

Deliberate management of threats and opportunities makes it possible to protect value and increase JSW Group's value-building capacity.

Roles and responsibilities

Risk management is an integral element of our organisational culture (the organisation's operational style). In this process, strategic assumptions are translated into tactical and operational targets, and the responsibilities of all managers and employees who deal with risk management are precisely defined. It also entails setting out responsibility for results, evaluating outcomes and promoting effective measures at all levels of the organisation. In order to achieve these objectives, a consistent and practical methodology for managing this uncertainty is necessary at JSW Group's level. Effective risk management consists of both forecasting risk factors in different time frames and considering various scenarios.

When taking responsibility for risk, it should be noted that each Risk Owner (RO) manages the key risk factors assigned to him/her within the ERM system. RO is responsible for submitting information on new risks identified in the course of performing his/her duties to the ERM Proxy or another relevant RO.

Risk owners include: Management Board, directors, leaders, representatives or other persons in charge of their respective processes or functional areas.

Roles in the ERM system

Supervisory Board and Audit Committee

The ERM system is one of the areas of interest of the Supervisory Board's Audit Committee, which monitors the Group's risk management system in accordance with its scope of responsibilities and authority. Within the risk management process, JSW's Supervisory Board is tasked with monitoring the key risks as well as how these risks are managed.

Management Board

The Company's Management Board plays a key role in the Group's ERM process and exercises oversight of the entire risk management process. It approves the ERM assumptions and rules specified in the ERM Policy and Procedure.

Risk Committee

In justified cases (at the request of the ERM Proxy), the Management Board may appoint a Risk Committee, the tasks of which include effectively managing risk and monitoring key risks on an on-going basis.

ERM Proxy

The ERM Proxy reports to the President of the Company's Management Board and is responsible to the President for coordinating the enterprise risk management process, including the following tasks in particular:

  • monitoring the Group's entire ERM process,
  • preparing reports on the risk management process,
  • communicating with internal and external stakeholders with regard to the ERM,
  • providing methodological support on the risk management process,
  • coordinating the process of identifying and assessing risk at the Group's level and supporting other employees in defining, identifying and evaluating risk,
  • holding consultations for the purpose of monitoring risk levels and the effectiveness of the existing control mechanisms. These consultations can be in the form of direct exchange of information and opinions with Risk Owners or a consultation meeting in order to evaluate risk.
  • maintaining and updating the Group's risk register.

Audit and Control Office

The Proxy cooperates with the Audit and Control Office. This cooperation especially entails the sharing of information on risks, including the risk register and risk reports. The Audit and Control Office provides audit and other reports to the Proxy. The Proxy can consult with the Office on the results of risk analysis and assessment.

Risk Owner

The Risk Owner is in charge of supervising and coordinating activities related to the development, implementation and performance of risk action plans. A final decision with regard to a risk management action plan is taken in accordance with the organisation's division of duties and responsibilities.

The Risk Owner reports to the ERM Proxy any identified existing or potential threats that can result in the materialisation of risk or can lead to a disruption in the risk management process.

Evaluating risk management system performance

A planned and cyclical approach to risk management results in identified key risks that have considerable potential impact on Group companies' operations, results or financial situation and can lead to a decline in value and share price. Given the above, there is a strong need for monitoring and periodically verifying the effectiveness of existing control and risk response mechanisms.

Presented below are the benefits of deploying ERM:

The following activities are specifically intended to ensure that the risk management system is effective:

  • review of risks in terms of the system's adequacy and adaptation to the Group's structure and profile, taking into account external and internal factors;
  • cyclical risk reviews and evaluations carried out by Risk Owners;
  • performance of internal audits as part of independent risk management control by the Audit and Control Office Director, together with system improvement proposals;
  • reporting results with regard to changes in risk evaluation, addressed to JSW's Management Board, Supervisory Board, after assessment by the Audit Committee, and to the Ministry of State Assets.

Three Lines of Defense model

Leadership responsibility within the process consists of conducting identification, evaluation and analysis of risks and implementing, as part of daily duties, responses to risks. The leadership is responsible for on-going oversight of risk responses and ensuring that risks do not exceed the expected levels. The leadership is also expected to effectively delegate authority and duties concerning risk management to lower management levels.

Effective risk management requirements constant monitoring. The process of monitoring and analysing the risk management system should provide information on whether:

  • the measures implemented achieved the desired outcome,
  • the adopted risk assessment procedures and information collected for this purpose were appropriate,
  • expanding knowledge on risk management helps in better decision-making and in formulating conclusions regarding risk assessment and management for the future.

The Management Board Proxy for Integrated Management and Risk Management System is responsible for coordinating the entire enterprise risk management process and developing methods and tools used by managers at all JSW Group companies. Is responsible for monitoring and escalating risks and for reporting incidents at agreed time intervals.

The Management Board of JSW S.A. is responsible to shareholders for the entire risk management system, oversight of the process and effective risk response.

The Risk Committee's duty is to effectively manage and monitor key risks on an on-going basis. It periodically reviews current risk levels, supervising the implementation of risk response plans, evaluates JSW Group's overall resilience to risk and submits proposals to the Management Board regarding risk reduction.

Within the risk management process, JSW S.A.'s Supervisory Board is tasked with monitoring the key risks as well as ways of handling these risks. Each year, the Supervisory Board submits to the General Meeting a concise assessment of the Company's situation, including an assessment of the internal control system and risk management system.

Internal audit is an important element in ensuring the effectiveness of the risk management system. The annual internal audit plan is based on a risk assessment and is aligned with business objectives. In the course of each audit task, assessment of the current level of specific risks is carried out. Internal audit is also responsible for performing an independent assessment of adequacy and effectiveness for risk management and issuing recommendations ensuring continuous improvements in risk management practices.