Preamble

Hindustan Prefab Limited is an ISO 9001-2008 certified Schedule ‘C’ Central Public Sector Enterprise under administrative control of the Ministry of Housing & Urban Poverty Alleviation. Credentialed as one of the oldest CPSEs, today HPL is a vibrant organization engaged in providing Project Management Consultancy services in civil construction projects which includes residential buildings including mass housing undervarious Govt. schemes, institutional building, infrastructure developments, specializedprojects in Health Sector & Prefab Construction awarded to it from the Central & stateGovt. and their Agencies.

IRM defines risk as "The combination of the probability of an event and its consequencethat can range from positive to negative." All organizations have objectives at strategic,tactical and operational levels - anything that makes achieving these objective suncertain is a risk. These risks are varied in nature and go hand in hand with the business opportunities. As our world becomes increasingly volatile and unpredictable,we must cope with greater uncertainty. It can never be assured that the Company operates in a totally risk free environment.

At HPL, we do believe Risk management should be embedded in the general management of the organization and fully integrated with other business functions such as finance, strategy, internal control, procurement, continuity planning, HR and compliance. Thus Enterprise risk management is an integrated or holistic approach to managing risk across the organization, using clearly articulated frameworks and processes led from board level. Accordingly the scope of this document is to formalizea risk management policy to identify, evaluate and minimize identifiable risks. This Policy shall be periodically reviewed by the Board of Directors, so that the risks are managed and controlled through properly laid down framework.

Business Environment - Risks and Concerns

While striving to meet its Corporate Mission and Corporate Objectives, risks and concerns go hand-in- hand along with the opportunities. Civil construction is a high risk business which haunts every stakeholder. The company operates under limiting cost and time schedule. The probability of time over run and consequently cost over run exposes company to high risk. Similarly as part of Nation Building Task, the company’s employees and projects are exposed to risks and threats of life and property while operating in risky geographical areas. The Risk Management Policy seeks to strike a balance between company’s strengths, weaknesses, opportunities and threats on one hand with the real and potential risks on the other hand.

HPL’s Approach

HPL’s approach towards Risk Management includes the following:

1. HPL shall establish documented Risk Management System and assign responsibilities to its employees to take corrective and preventive measures.
2. HPL shall review the Risk Management System and Upgrade/ revise-the same periodically.
3. HPL shall strive to increase awareness among its employees and other stake holders about the possible risks and the measures to mitigate and control the same.

Objectives of Risk Management Policy

Following are the objectives of HPL’s Risk management policy:

1. To define a framework for identification, evaluation and mitigation of risk in the decision making process of the business of Hindustan Prefab Limited;
2. To protect Hindustan Prefab Limited from the risks of significant likelihood and consequence in the pursuit of Hindustan Prefab Limited stated strategic goals and objectives;
3. To encourage proactive rather than reactive management;

Risk Management Process

The process of Risk Management covers the following:

1. Risk Identification & Categorization means Company's exposure to uncertainty classified as Strategic/ Operational/Financial/Compliance/Environmental.
2. Risk Management Framework refers to the Organisation structure with responsibility and Accountability for risk management.
3. Risk Assessment and control refers to the method of assessing and recording the company's identified risks in a structured manner their measurement and control.
4. Continuous assessment is the process to be vigil and sensitize the organization regarding potential risks.

Identification and Categorisation of Risks

From the perspective of HPL, the risks can be of following nature:

1. Project selection – It refers to the risk of not selecting projects with the best potential risk/reward ratios.
2. Contractual Risk - Contractual risk refers to the risk of having sub-optimal or erroneous clauses in the contract which could potentially compromise interests and/or provide unintended options/exit routes to other parties.
3. Risk of delay in project completion -
   • This risk refers to the consequences of non-completion of the project by the contracted/ agreed due dates. Its consequences may range from arbitrations, litigations, loss of reputation etc. It is to be noted that delays beyond the extension granted by the client are covered within the scope of this risk.
   • Project leading to time and cost over-runs.
   • Risk related to Govt. regulations & policies on land acquisition. There may be difficulty in acquiring land due to people’s protest and non acceptance of either land acquisition notification or the compensation.
   • Delay in timely approvals and clearances by local authorities.
4. Escalation of project costs risk - The risk of actual project costs exceeding the budgeted project costs is covered here. The budgeted project costs refer to those which have been used in the pricing/ bidding process.
5. Strategic Risk - These risks are associated with operating in the particular industry and includes risks arising from demand changes or changes in customers, industry changes, intense competition, change in technology, Research & Development etc. These risks pose threats or opportunities which materially affect the ability of the organisation to survive.
6. Compliance Risk -These risks are associated with the need to comply with laws and regulations etc. They also apply to the need to act in a manner which stakeholders and customers expect.
7. Operational Risk - Such risks are associated with the company's operational and administrative procedures which inter-alia include accounting controls, regulations, recruitment, IT systems, board composition, contractual risks and exposures, organisational risks and exposures etc.
8. Financial Risk - These risks are associated with financial structure of the company, its transactions and the financial system in place, liquidity risk, regulatory exposures, Imposition of fresh taxes by the Govt. etc.
9. People Risk - People risk is related with the understanding the needs of the employees and aligning it to organizational goals. This risk refers to the inadequate staffing in terms of number or skill sets for the work on hand or for projected or contingent work etc.
10. Information Technology Risk - Information technology risk may be described as the risk of Failure of hardware, Failure of software or Failure of the network. IT risk may result in Loss of data, decline in ineffectiveness of management controls, Delay in achieving milestones or Decline in operating efficiency.
11. Sovereign Risk - Sovereign risk refers to the unanticipated change of laws or adhoc measures adopted by the government resulting in denial of expected/ contracted privileges.
12. Environment Risk - These are associated with release of polluting materials, environmental performance/compliance limits, business opportunities and breach of regulations.

Risk Management Framework

Risk Management Policy entails establishing a framework ensuring realization of the Company's objectives. HPL will have a three tier risk Management Framework as under:

Roles and Responsibilities

To implement the Risk Management Policy, the following roles and responsibilities are laid down for the Enterprise Risk Management Process:

1. The Board of Directors will have the overall responsibility for ensuring that the risks are identified and mitigated. The Company shall submit Report to the Board on annual basis about the risk mitigation procedures.
2. The Chairman and Managing Director shall be the authority to establish a risk management committee in the organisation.
3. General Manager (HQ.) will head the Risk Management Committee to be established by the CMD which will assess the risk areas and suggest risk mitigation mechanism to the Board. The Committee has to provide assurance to the Board that Risk Management processes are working effectively and the key risks are being managed to acceptable levels. The Committee also confirm to the Board that the Company’s risk management and internal control systems are operating effectively in relation to material business risks for the period, and that nothing has occurred since period-end that would materially change the position.
4. All HODs will act as Risk Controller for their respective areas of operations/functions. Regional Heads will also be Risk Controller in respect of Projects/Works under their control.

Risk Assessment

The Risk assessment methodology shall include:

• collection of information
• identification of major risks
• rating of each risk on the basis of
  1. Consequence
  2. Exposure
  4. Probability
• Prioritisation of risks
• Operation-wise exercise on risk identification, risk rating, control mechanism, action and fixing up responsibility
• Programme for risk level reduction plan and setting level of responsibility and accountability
• Formulation of action plan for Monitoring Risk reduction, evaluation and correction

Measurement and control

Identified risks are analysed and the manner in which the risk is to be managed and controlled is then determined and agreed. The generally accepted options are:

Avoidance of Risk	Eliminate	Non performance of activity involving Risk.
Reduction of Risk	Mitigate	Reduction in severity of loss.
Transfer of Risk	Mitigate	Engaging Specialist Adhering to competencies operations.
Retain the Risks	Unavoidable	Retained by default

Continuous Assessment

The Company’s Risk Management is continuous process which implies a continuing cycle of implementing, monitoring, reviewing and managing risk management processes and simultaneously also sensitizing the organization against all possible risks.

Risk Appraisal and Action Plan

1. Risk Management in the company will look into all organisational processes involved in advance detection of risks as well as in identifying and taking suitable action to counter them.
2. Deployment of integrated planning, control and monitoring systems and corporate governance systems and fine tune them on an ongoing basis to ensure that risks are detected at early stage and properly assessed and appropriately managed.
3. Risk management, a key success factor will form an integral component of company's management system. To promote risk awareness throughout the company, risk culture at all levels shall be developed through the mechanism of review framework, progress monitoring and discussions in open forums.
4. Unified early warning system throughout the company will be established and laid down for risk management.