• Home
  • Risk Management Policy

Risk Management Policy

VECV recognizes that risk is inherent to any business activity and that managing risk effectively is critical to the immediate and future success of the company. Risk Management policy seeks to identify such risks and provides guidelines to define, assess, report, control and mitigate the identified risks consistently, objectively and holistically.


This policy applies to all business areas and functions of the Company’s operations.

Key Definitions


Risk is the effect of uncertainty on objectives. It is expressed as a combination of the probability of an event and its consequence. Events with a negative impact represent risks, which can prevent value creation or erode existing value.

Risk Management

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact.
Audit Committee means a Committee of Board of Directors of the Company, constituted in accordance with the provisions of Section 177 of the Companies Act, 2013.

Objectives of the policy

The main objective of this policy is to ensure sustainable business growth with stability and to promote a pro-active approach in identifying, evaluating, reporting and managing risks associated with the business. To achieve the key objective of the company, this policy establishes a structured and disciplined approach to Risk Management.

Specific Objectives Of The Policy Are:

  • To protect the interests of stakeholders
  • To ensure that all the current and future material risk exposures of the Company are identified, assessed, appropriately mitigated, minimized and managed.
  • To establish a framework of the company’s risk management process and ensure its implementation.
  • To enable compliance of appropriate regulations

Legal requirements

Risk Management Policy is framed as per the following regulatory requirements under the Companies Act, 2013;

  • Board - As per Section 134(3)(n), a report is required to be laid before company’s general meeting by Board of Directors which will include the followings;
    • A statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company.
  • Audit Committee - As per Section 177(4), every Audit Committee shall act in accordance with the terms of reference specified in writing by the Board which shall include evaluation of internal financial controls and risk management system.
  • Independent Directors - As per Schedule IV, independent directors shall;
    • Help in bringing an independent judgment to bear on the Board’s deliberations especially on issues of strategy, performance, risk management, resources, key appointments and standards of conduct.
    • Satisfy themselves on the integrity of financial information and that financial controls and the systems of risk management are robust and defensible.

Responsibility for Risk Management


Risk Management Policy is framed as per the following regulatory requirements under the Companies Act, 2013;


Management is responsible for the development of risk mitigation plans and the implementation of risk reduction strategies. Risk management processes should be integrated with other planning processes and management activities.

  • Identification – Recognition / anticipation of the risks that may adversely impact the achievement of strategic business objectives of the Company. The below process is followed for risks identification:
    • Strategic priorities are considered as an input for identifying the key risks.
    • Interview of senior executives to gather inputs on the key risks impacting VECV’s strategic priorities
    • External views are taken from subject matter experts
  • Risk Categorizations - All the risks that have been identified shall be classified under the following risk categories.
    • Strategic Risk - Risk of loss resulting from business factors. These risks adversely affect the achievement of strategic objectives and may impair overall value.
    • Financial Risk - Risk directly impacting the balance sheet and access to capital.
    • Operational Risk - Risk of loss resulting from inadequate or failed processes, people and information systems.
    • Compliance Risk - Risk arising in case of non-compliance of legal, regulatory and statutory requirements.
  • Evaluation / Assessment – Severity of risks are assessed based on likelihood and its impact. Accordingly, risk rating Metrix is prepared for all business areas.
  • Prevention & Control – Measures to avoid occurrence of risk, limit its severity and reduce its consequences, selecting the risk management technique
  • Measure and Monitor effectiveness of controls and respond according to the results and improving the risk management process.
  • Reviewing and reporting on the Risk Management process at appropriate intervals.

VECV risk management process comprises of the followingframeworks

  • Enterprise risk management framework for identifying, assessing, mitigating and monitoring ‘Strategic Business Risks’
  • Internal control and Risk Management.

Enterprise Risk Management

  • Through “Enterprise Risk Management” (ERM) the company focus on risks that may impact the achievements of its strategic business objectives. To meet its objectives, company identifies risks under various business areas and develop risks mitigation plan.
  • These identified risks are dovetailed in the Strategic Business Plan (SBP) and the mitigation plans against these identified risks are prepared and executed through various strategic initiatives.
  • Status of these strategic initiatives are periodically reviewed by MD & CEO in management team meetings and quarterly review meetings.

Internal Control and Risk Management

Entity and process level controls are mapped for each process under different business areas.

Individual Business Units are responsible for establishing effective internal controls within various business processes. On a quarterly basis controls are self-assessed by process owner’s using web based tool.

Effective design and implementation of the internal control framework is validated by regular internal audits and test of controls for these units.


  • Risks identified during Enterprise Risk Management exercise are shared with Board of Directors along with mitigation plan.
  • Risks identified during the audit are shared and discussed at appropriate levels of management. Significant issues are reported to Board Audit Committee.
  • Board Audit Committee is updated on compliance of the issues reported in earlier audit committee.
  • Identified risks are mitigated through the ‘Action Plans’ formulated for that purpose and implementation is tracked through online tool.


This policy can be modified at any time by the Board of Directors of the Company.