Risk management

Managing risks and opportunities amidst a dynamic external environment

Our businesses are exposed to a variety of risks given that we operate globally. We have a multi-layered risk management system and robust governance framework that align the Company’s operating controls with the Group’s overarching vision and mission and help it deliver on its strategic objectives.

Enterprise risk management

We identify risks at the individual business-level for existing operations as well as for ongoing projects through a wellcrafted methodology. Business-level review meetings, undertaken at least once every quarter, formally discuss risk management. Every business division of the Group has evolved its own risk matrix, which is reviewed by the Business Management Committee. In addition, business divisions have developed their own risk registers.

Respective businesses review the risks, changes in the nature and extent of major risks since the last assessment, control measures and decide on further action. Control measures stated in the risk matrix are also periodically reviewed by the business management teams to verify their effectiveness. These meetings are chaired by the CEOs of the respective businesses and attended by CXOs, senior management and functional heads concerned. The role of Risk Officers at each business-level and at the Group level is to create awareness on the risks among the senior management, and to develop and nurture a risk management culture within the businesses. The Company’s risk mitigation plans are integral to the KRAs/KPIs of process owners. Leadership teams of the businesses are responsible for the governance of the risk management framework.

The Audit & Risk Management Committee aids the Board in the risk management process by identifying and assessing any changes in risk exposure, reviewing riskcontrol measures and approving remedial actions wherever appropriate. The Committee is, in turn, supported by the Group Risk Management Committee (GRMC), which helps it evaluate the design and operating effectiveness of the risk mitigation programme and the control systems.

The Risk Management Committee meets at least four times annually to discuss risks and mitigation measures, review the robustness of our framework at the level of individual businesses and map the progress against actions planned for key risks.

The GRMC comprises the Group Chief Executive Officer, Group Chief Financial Officer and Director-Management Assurance. The Group Head-Health, Safety, Environment & Sustainability is invited to attend these meetings. The GRMC discusses key events impacting the risk profile, relevant risks and uncertainties, emerging risks and progress against planned actions.

Our risk management framework is simple and consistent and provides clarity on managing and reporting risks to the Board. Together, our management systems, organisational structures, processes, standards and Code of Conduct and ethics represent the internal control systems that govern how the Group conducts its business and manages associated risks.

The Board shoulders the ultimate responsibility for the management of risks and for ensuring the effectiveness of internal control systems. This includes review of the Audit & Risk Management Committee’s report on the risk matrix, significant risks, and mitigating actions. Any systemic weaknesses identified by the review is addressed by enhanced procedures to strengthen the relevant controls, which are reviewed regularly.

Since it is critical to deliver on the Group’s strategic objectives, risk management is embedded in businesscritical activities, functions, and processes. The risk management framework is designed to manage rather than eliminate the risk of failure to achieve business objectives and provides reasonable, and not absolute assurance, against material misstatement or loss. Materiality and risk tolerance are key considerations in our decision-making.

The responsibility for identifying and managing risks lies with every manager and business leader. Additionally, we have key risk governance and oversight committees in the Group. They are:

  • The Committee of Directors (COD) comprising Vice Chairman and Group CFO supports the Board by considering, reviewing and approving all borrowing and investment-related proposals within the overall limits approved by the Board. Invitees to these committee meetings are the CEO, business CFOs, Group Head Treasury and BU Treasury Heads, depending upon the agenda
  • The ESG Committee reviews sustainability related risks
  • There are also various Group-level Management Committees (ManComs), such as Procurement ManCom, Sustainability-HSE ManCom, CSR ManCom, and so on which work on identifying risks in specific areas and mitigating them

Each business has developed its own risk matrix, which is reviewed by its respective management committee/executive committee, chaired by its CEO. In addition, each business has developed its own risk register depending on the size of its operations and number of SBUs/ locations. Risks across these risk registers are aggregated and evaluated and the Group’s principal risks are identified, and a response mechanism is formulated.

This element is an important component of the overall internal control process from which the Board obtains assurance. The scope of work, authority and resources of the Management Assurance Services (MAS) are regularly reviewed by the Audit Committee. The responsibilities of MAS include recommending improvements in the control environment and reviewing compliance with our philosophy, policies and procedures.

The planning of internal audits is approached from a risk perspective. In preparing the internal audit plan, reference is made to the risk matrix, and inputs are sought from the senior management, business teams and members of the Audit Committee. In addition, we refer to past audit experience, financial analysis and the prevailing economic and business environment.

Despite COVID-induced disruptions, Vedanta’s business units dealt with its impact extremely well, resulting in an effective response. This was made possible owing to the following:

  • Our safety-first culture that prioritised people’s health and well-being
  • Our collaboration with communities, governments, and health experts, which ensures that best practices are followed
  • Focusing on what is critical to operations and communities, while continuing to build longterm resilience
  • Consistent response to the pandemic across the Group
  • Establishment of COVID-19 taskforces under seasoned leaders
  • Investments in new processes, procedures, protocols, health-testing equipment and support for the workforce

The order in which the risks appear in the section that follows does not necessarily reflect the likelihood of their occurrence or the relative magnitude of their impact on Vedanta’s businesses. The risk direction of each risk has been reviewed based on events, economic conditions, changes in business environment and regulatory changes during the year.

While Vedanta’s risk management framework is designed to help the organisation meet its objectives, there is no guarantee that the Group’s risk management activities will mitigate or prevent these or other risks from occurring.

As a result, despite the challenges, our facilities remained largely operational during the pandemic. Rather, the disruption created an opportunity for us to identify and work on certain transformational aspects for the future. We continue to remain committed to achieving our objectives of zero harm, zero wastage and zero discharge, thus creating sustainable stakeholder value.

The Board, with the assistance of the management, conducts periodic and robust assessments of principal risks and uncertainties of the Group, and tests the financial plans associated with each.