Risk management
Proper risk management consists of identifying risks and taking appropriate action, with the objective being to maximise lasting benefits across all areas of an organisation's operations.
Risk management policy
The business model and its implementation entails risks. The Group has taken the necessary measures to observe the principles laid down in the Code of Best Practice for WSE Listed Companies and to ensure utmost transparency of its actions, proper quality of communication with investors and protection of shareholder rights. These principles are implemented, among others, through the comprehensive enterprise risk management system (ERM) which comprises the JSW Group Enterprise Risk Management Policy and Procedure.The Group uses the ERM system to strengthen management and enhance the transparecy of risk management. These benefits contribute to strengthening the effectiveness of risk management and reducing the costs of risk and also the costs of capital.
Risk management objective
The aim of corporate risk management is to identify potential events and risks which may influence the organization, to keep the risk within the prescribed limits, and to ensure achievement of business objectives. This is a continuous process and is subject to modifications driven by the changing business environment, the Group’s operations and the impact of specific risks on the Group’s business objectives. Corporate risk management is one of the tools supporting effective implementation of strategic and operating objectives, and ensuring information on risks to their effective management.
The subject matter of proper risk management entails its identification and addressing it correctly. According to the applicable internal regulations, for all identified risks, a risk owner responsible for monitoring its level is defined. The risk owner is also responsible for overseeing and coordinating measures related to devising, implementing and executing action plans to address risks. By accepting responsibility for risk, each risk owner manages the main factors of the risk assigned to him/her in the ERM system. Identification of risks and implementation of tools to mitigate them allows for taking effective preventive actions in the face of a threat. Risk management is a process, which methodically solves the issues related to threats to the operation of the organization that took place in the past, currently and are most likely to occur in the future. Mindful management of existing threats and opportunities enables the Group to protect its attained value and improve its ability to add extra value.
Risk management rules
The basis of the ERM system that makes it possible to effectively manage risk is the proper collecting and archiving of data for its further processing. Identifying risks and implementing tools for limiting them make it possible to take effective preventive action in the face of a threat.
The ERM system is a tool supporting management processes at JSW Group, allowing a comprehensive approach to identifying, evaluating and managing risk.
The ERM system takes account of the following elements:
- organisation's environment - basic rules, organisational structure, roles and scopes of responsibility in the risk management process,
- risk identification - identification of primary risk,
- risk evaluation - analysis and assessment of primary risk and the performance of existing control mechanisms,
- definition and deployment of action plans - definition of appropriate plans of action that take into account specific responses and strategy for managing a given risk and undertaking activities in line with an approved plan of action for that risk,
- monitoring and reporting - an element of the risk management process that is related to monitoring the risk profile and reporting on the performance of control mechanisms.
Deliberate management of threats and opportunities makes it possible to protect value and increase JSW Group's value-building capacity.
Roles and responsibilities
Risk management is an integral part of the organizational culture. Within this process, responsibilities of managers at various levels are defined precisely.
The Management Board Representative for the Integrated Management System and Risk Management is responsible for coordinating the whole corporate risk management process and for developing methods and tools to be used by managers in all Group companies.
The JSW Management Board is responsible to the shareholders for the comprehensive risk management system, oversight over the process and ensuring effective risk response.
The Risk Committee supports effective risk management and monitors the key risks on an ongoing basis, oversees the implementation of risk response plans, evaluates the Group’s overall risk resilience and presents risk reduction proposals to the Management Board.
The responsibility of the JSW Supervisory Board is to monitor key risks and the ways they are addressed. Every year, the Supervisory Board submits a concise assessment of the internal control system and the risk management system to the Shareholder Meeting.
Internal Audit is an important element ensuring effectiveness of the risk management system. During each audit task, an assessment is made of the current level of the various risks. The annual Internal Audit Plan is based on risk assessment and subordinated to the business objectives. Internal Audit is also responsible for independent assessment of adequacy and effectiveness of risk management and issues recommendations ensuring continuous improvement of risk management practices.
Evaluating risk management system performance
A planned and cyclical approach to risk management results in identified key risks that have considerable potential impact on Group companies' operations, results or financial situation and can lead to a decline in value and share price. Given the above, there is a strong need for monitoring and periodically verifying the effectiveness of existing control and risk response mechanisms.
Presented below are the benefits of deploying ERM:
The following activities are specifically intended to ensure that the risk management system is effective:
- review of risks in terms of the system's adequacy and adaptation to the Group's structure and profile, taking into account external and internal factors;
- cyclical risk reviews and evaluations carried out by Risk Owners;
- performance of internal audits as part of independent risk management control by the Audit and Control Office Director, together with system improvement proposals;
- reporting results with regard to changes in risk evaluation, addressed to JSW's Management Board, Supervisory Board, after assessment by the Audit Committee, and to the Ministry of State Assets.
Three Lines of Defense model
Leadership responsibility within the process consists of conducting identification, evaluation and analysis of risks and implementing, as part of daily duties, responses to risks. The leadership is responsible for on-going oversight of risk responses and ensuring that risks do not exceed the expected levels. The leadership is also expected to effectively delegate authority and duties concerning risk management to lower management levels.
Effective risk management requirements constant monitoring. The process of monitoring and analysing the risk management system should provide information on whether:
- the measures implemented achieved the desired outcome,
- the adopted risk assessment procedures and information collected for this purpose were appropriate,
- expanding knowledge on risk management helps in better decision-making and in formulating conclusions regarding risk assessment and management for the future.
The Management Board of JSW S.A. is responsible to shareholders for the entire risk management system, oversight of the process and effective risk response.