Page 55 - Tata Chemical Annual Report_2022-2023
P. 55

Integrated Annual Report 2022-23  01-83  84-192              193-365
               Integrated Report      Statutory Reports       Financial Statements
               Managing Risk and Ensuring
               Business Resilience


 Strategic risk  Talent risk

            Challenges of attracting and retaining talent in remote   Impact (2) X Probability (2)
 Recession risk  manufacturing locations (New Risk)        Opportunities arising from risks  Oversight

 Recession fuelled by rising interest rates, impacting demand and price.  Impact (2) X Probability (2)    Ÿ Opportunity to collaborate with     Ÿ Nomination &
            Linkage to Capital                                universities and build brand value  Remuneration
 Linkage to Capital  Oversight  Human Capital                 Ÿ Develop future-ready skills/   Committee
   Ÿ Audit Committee                                          competencies                   Ÿ Risk Management
 Financial Capital                                            Ÿ Provide avenues / opportunity for   Committee
   Ÿ Risk Management Committee
                                                              career growth
 Mitigation plans
            Mitigation plans
   Ÿ Maintaining cost focus: variable & fixed     Ÿ Product mix: expanding product     Ÿ Tie-up with customers, volume
 costs, across all entities  offerings  and price contracts     Ÿ Enabling better infrastructure at     Ÿ Enriching job through job rotation/     Ÿ Career rotation & movements
               remote locations                 exposure and participation in CFT   across business units / geographies
   Ÿ Cash – deleveraging and maximising     Ÿ Supply chain: flexibility in supplying
 cash unless required for capacity   from different locations    Ÿ Enrichment of skills & competencies     Ÿ Avenues for cross-functional
 expansion     through formal education support   deputations / growth through internal
               programme                        job postings

 Digitalisation risk

 Embracing digitalisation as a key lever of business growth  Impact (2) X Probability (2)  Operational risks

 Linkage to Capital  Oversight  Cyber risk
   Ÿ Audit Committee
 Intellectual Capital  Loss of data & compromised operations resulting from cyber attacks  Impact (3) X Probability (2)
   Ÿ Risk Management Committee
            Linkage to Capital                                 Oversight

 Mitigation plans  Manufactured Capital                           Ÿ Audit Committee
   Ÿ IT strategy and IT roadmap are     Ÿ Various digital initiatives are     Ÿ Initiatives are reviewed weekly,     Ÿ Risk Management Committee
 reviewed and updated on a regular   undertaken to improve operational   monthly and quarterly at multiple   Mitigation plans
 basis as per evolving business needs   productivity, enhance customer &   levels of organisational hierarchy
 and industry trends  user experiences, collaborate with   as part of the governance process;     Ÿ Round-the-clock monitoring and     Ÿ Identifying threats and managing the     Ÿ Conducting internal and third party
                                                                                  security assessments to identify and
               planned improvement of security
                                                network devices and perimeter for
   Ÿ Enterprise Reference Architecture is   business partners, and better meet   progress on digital initiatives is   posture, while preventing, detecting,   reducing cybersecurity risks to the   mitigate security gaps/risks to the
 used for decision-making in IT and   the requirements of safety, health,   monitored and reported to the   analysing, and responding to   organisation  Company, and defining strategies to
 solution designing in digital, to drive   environment and sustainability  Management regularly  cybersecurity issues  further strengthen security posture
 synergies and harmonisation    Ÿ Implementation of key digital     Ÿ Post implementation, success     Ÿ Conducting periodic Vulnerability     Ÿ Implementation of Multi-Factor     Ÿ Subscribed to cyber insurance policy
                                                Authentication (MFA) and Virtual
   Ÿ Special focussed track is created to   initiatives by way of first doing a digital   metrics, such as degree of adoption,   Assessment and Penetration Testing   Private Network (VPN) based security   at corporate level
 improve data quality and awareness   value assessment (DVA); this helps   improvement in the target KPIs etc.,   (VAPT) for critical infrastructure assets   solutions to enable safe access to the
 across the functions of the organisation;    to zero down on the best use cases   are tracked on a periodic basis to   and applications, to proactively identify   organisation’s resources    Ÿ Periodic review of cyber security risks
 Data Governance Council and Data   which will maximise business value;   monitor the benefits realised  and remediate potential vulnerabilities   by the Risk Management Committee
 Office are established to review and   benefits of the value assessment     Ÿ Skills and resource requirements   to enhance security posture    Ÿ Implementation of policies, processes   of the Board
 improve data maturity status  include variability reduction, efficiency   are regularly reviewed, and efforts     Ÿ Solutions implemented to   and solutions designed to prevent the     Ÿ IT policies have been updated based
                                                loss, misuse, or unauthorised access of
   Ÿ To assess and improve the digital   improvement, yield improvement,   are made to select the right   continuously detect and mitigate   sensitive information  on ISO & ITIL standards
 maturity of the organisation, ‘Digital   downtime reduction and cost   candidates or business partners   cyber threats in real-time on end-point     Ÿ Complying with government
 Execution Scorecard’ model (framework   reduction; choice of approach and   to support the digital initiatives,   devices and preventing unauthorised     Ÿ Conducting regular security awareness   and industry security standards,
 of a leading global consulting firm   technologies to be used (such as   especially in the prevailing business   privileged access to critical resources  campaigns and training programmes   regulations and audit requirements
 which benchmarks the scores across   analytic models, IIoT or RPA) is also   environment where there is dearth   for employees and building a culture
 industry verticals) is adopted  governed by the DVA results  of digital skillsets  sensitive to cyber security issues within
                                                the Company




 52                                                                                                         53
   50   51   52   53   54   55   56   57   58   59   60