Fraud Risk Management PDF

CHAPTER 18 AFTER STRATEGIES OF THE RISK MITIGATION Fraud Risk Management 1. Fraud means cheating someone to gain something dishonestly. 2. It involves wrongful actions or hiding facts to benefit one person and harm another. 3. Fraud Risk Management helps reduce fraud by identifying risks and creating plans to prevent them. Why Fraud Risk Management is Needed Fraud can harm a company’s reputation and cause loss of trust. This may lead to losing existing customers and missing out on new ones, damaging the business. Fraud Risk Management Process 1. Identifying Risks: Find out who or which departments might commit fraud and how. 2. Assessing Risks: Understand the causes and impact of risks, and find solutions. 3. Responding to Risks: Take action to reduce risks and prevent them from happening again. 4. Monitoring and Reviewing: Regularly check and update the process to adapt to changes. 5. Reporting Risks: Report fraud risks clearly and suggest steps to reduce fraud effectively. Role of Company Secretary in Risk Management 1. Company Secretaries ensure compliance, protect the organization’s integrity, and uphold ethical standards. 2. Their duties include: o Advising on governance, risk management, and compliance. o Promoting ethical and corporate behavior. o Balancing the interests of the Board, management, and stakeholders. 3. At the board level, they address key risk management questions: o What is the organization’s risk philosophy? o Is it understood by everyone? o How is risk management linked to organizational goals? o What is the organization’s risk tolerance? o Are risk responses aligned with this tolerance? o Is communication with external parties effective? Reputation Risk 1. Reputation risk arises from negative perceptions by customers, investors, regulators, or others, harming a business's relationships and funding. 2. It may not cause immediate financial loss but can lead to serious long-term damage if not addressed early. 3. Effects of reputation loss include: o Loss of brand value o Drop in share value o Broken strategic relationships o Difficulty hiring and keeping employees Managing Reputation Risk 1. Include risk management in business strategies. 2. Ensure strong board oversight. 3. Build a positive image through clear communication. 4. Promote compliance and good governance. 5. Maintain internal checks and peer reviews. 6. Publish quality reports and newsletters. Importance of Internal Audit 1. Boosts Productivity: Internal audits improve risk management, controls, and governance, helping the organization rely on processes rather than people. 2. Protects Assets: Audits detect fraud, identify risks, and provide solutions to address gaps. 3. Ensures Quality: Audits check the effectiveness of systems and processes, suggesting improvements when needed. 4. Provides Unbiased Insight: Internal audits give an independent view of the organization’s controls, even with limited resources. 5. Supports Good Governance: Audits review internal controls, governance, and accounting practices. Role of Internal Auditor 1. Reviews the internal control system and suggests improvements. 2. Raises awareness and trains staff on internal controls. 3. Checks compliance with laws and management’s instructions. 4. Ensures reliable reporting and proper functioning of processes. 5. Key duties: o Assess risk management. o Ensure legal compliance. o Recommend control improvements. o Investigate fraud and promote ethics. o Offer independent advice. o Monitor follow-ups on audit actions. Crisis Management Crisis management is a strategy to handle unexpected events or threats that could harm people, property, or business operations. Its goal is to minimize harm and ensure quick recovery. Types of Crisis 1. Natural Disasters: Unpredictable events like floods or earthquakes that require preparedness to protect resources. 2. Technological Crises: Issues like data breaches or malware that need swift actions to limit damage. 3. Organizational Misdeeds: Problems caused by unethical or illegal actions of the company; managers must ensure ethical practices. 4. Confrontational Crises: Internal conflicts between departments; plans should address disputes fairly. 5. Rumours: False accusations from competitors; act fast to disprove them with evidence. Crisis Management Plan 1. Assign a crisis manager to lead. 2. Train employees regularly on crisis handling. 3. Form a crisis response team under the manager. 4. Prepare plans for different types of crises. 5. Use systems to detect warning signs early. 6. Appoint a reliable employee to report crises immediately. ESG Risk Assessment ESG stands for Environmental, Social, and Governance. These factors are often reported in sustainability or annual reports but are not part of mandatory financial reporting. Types of ESG Risks 1. Environmental Risks: Issues like pollution, deforestation, and greenhouse gas emissions. 2. Social Risks: Factors like customer relations, human rights, labor rights, and employee relations. 3. Governance Risks: Concerns like succession planning, board practices, and executive pay. Importance of ESG Risk Assessment 1. Sustainability: Helps manage resources, reduce costs, and retain employees. 2. Regulatory Compliance: Eases communication with authorities and reduces legal issues. 3. Investment Appeal: Attracts socially responsible investors. 4. Employee Productivity: Motivates employees by fostering a sense of purpose. 5. Profitability: Reduces risks and boosts profits. Environmental Risks Environmental risks are dangers that affect air, water, soil, or biological systems and impact humans. They can be caused by human activities (like new technology or pollution) or natural events (like floods or earthquakes). Some risks, such as industrial pollution, can be predicted. Environmental concerns are getting more attention due to climate change, emissions, resource use, and biodiversity protection. Examples include: 1. Climate change and greenhouse gas emissions 2. Waste reduction and recycling 3. Pollution control 4. Deforestation 5. Protecting ecosystems 6. Environmental management techniques Social Risk Social risks include issues like product recalls, labor violations, boycotts, and poor treatment of employees. These risks can affect everyone involved with the company—suppliers, communities, employees, and customers. Building good relationships with all stakeholders is key for long-term success. Examples of social risks: 1. Inclusion, equity, and diversity 2. Workplace safety 3. Respecting human rights 4. Data security 5. Fair labor practices for suppliers Governance Risk Governance is how an organization is managed, including its values, policies, and structure. It defines acceptable behavior and ensures policies are followed. Governance should identify weaknesses and make decisions to reduce risks. It should share information at the right time so management can make informed decisions. Governance affects every part of the organization. Governance risks include: 1. Corporate morals and ethics 2. Anti-competitive practices 3. Open communication 4. Grievance policies 5. Preventing fraud and corruption 6. Executive compensation 7. Board diversity 8. Corruption and extortion 9. Tax compliance ESG Risk Management 1. ESG is a specific type of risk management with many potential uses. 2. ESG assurance is manageable with the right strategy and tools. 3. ESG risk management helps identify, handle, and reduce risks. 4. There is no single strategy for assessing ESG risks, as global standards are not yet unified. 5. Companies should define ESG risks through data collection and analysis. 6. A thorough risk assessment is needed to ensure business processes align with ESG goals. Climate Risk 1. Weather and climate risks have been increasing, causing more damage. 2. Future climate projections show more extreme weather and slow climate changes. 3. These risks affect the development of communities and countries. 4. There is a growing need for effective climate risk management to reduce losses. 5. "Loss and Damage" refers to the negative effects of climate change that people can't adapt to, as per UNFCCC. Climate Risk Management Process 1. Assess information needs for risk management. 2. Define the system of interest. 3. Develop a method specific to the context. 4. Identify climate risks at low and high levels. 5. Evaluate risks to determine acceptable and intolerable levels. 6. Assess options for managing the risks. Business Continuity Plan (BCP) A Business Continuity Plan (BCP) is a strategy that outlines how a company will continue its operations during unplanned disruptions, such as natural disasters, cyber-attacks, or other crises. The plan aims to prevent business interruption and ensure rapid recovery to minimize impacts. Importance of BCP: A BCP helps to identify and mitigate potential threats. It ensures business operations continue during a crisis and reduces downtime. Departments like finance, HR, and marketing can have tailored BCPs for their specific needs, ensuring each part of the organization remains operational. Key Focus Areas: 1. Finance Operations: o Ensuring access to financial resources. o Maintaining financial reporting, data security, and regulatory compliance. o Ensuring availability of key financial personnel. 2. HR Operations: o Ensuring employees are paid and benefits are maintained. o Securing personnel data and maintaining payroll systems. 3. Marketing Operations: o Ensuring marketing systems and processes continue. o Maintaining the company’s reputation and promotional activities during a crisis. Features of an Effective BCP: 1. Strategy: The business strategies used to complete daily operations and ensure continuity. 2. Organization: Structure, communication, and responsibilities of employees. 3. Applications and Data: Ensuring critical software and data availability, including backup systems. 4. Processes: Ensuring business processes and IT systems operate smoothly. 5. Technology: Necessary systems, networks, and industry-specific technologies. 6. Facilities: Contingency plans for alternate disaster recovery sites. Steps to Create a Business Continuity Plan: 1. Assemble a BCP Team: o Create a contact list of key personnel involved in the BCP. o Clearly define roles and responsibilities for crisis management. o Plan for regular updates to the BCP. 2. Ensure Employee Safety and Wellbeing: o Prioritize employee safety and consider flexible work arrangements (e.g., remote work). o Set up effective communication channels to keep employees informed during crises. 3. Conduct a Business Impact Analysis (BIA): o Identify potential risks to financial performance, operations, and reputation. o Brainstorm risks and assess how they could impact business continuity. 4. Implement Recovery Strategies: o Plan for how to restore operations, such as getting personnel back to work or maintaining service demand despite facility damage. o Consider remote work or alternate locations if facilities are impacted. 5. Test and Improve the Plan: o Regularly test and evaluate the BCP to ensure its effectiveness. o Identify gaps and update the plan to address emerging risks. Crisis Management Plan (CMP) Crisis management refers to the process of responding to unexpected events that threaten the organization’s stability and operations. A Crisis Management Plan (CMP) is a specific component of the Business Continuity Plan (BCP) designed to handle such crises, focusing on procedures and protocols for managing sudden emergencies like public relations issues or safety incidents. Key Aspects of Crisis Management: 1. Finance Manager's Role: o Oversee the company's financial response to the crisis. o Ensure access to financial resources, maintaining financial reporting and compliance with regulations. o Collaborate with legal and regulatory teams to ensure compliance during crisis management. 2. Marketing Manager's Role: o Manage the company's marketing response to the crisis. o Ensure that marketing efforts continue and the company’s image and reputation are upheld. o Coordinate with the public relations team to handle the company’s public image during the crisis. 3. HR Manager's Role (Not mentioned but implied): o Manage the well-being of employees during the crisis. o Ensure communication and coordination among staff to maintain morale and productivity. Each department plays a critical role, and their actions and decisions impact the organization’s ability to recover from the crisis. Features of Crisis Management: Need for Crisis Management: 1. Prepares employees and managers to handle unexpected events with resilience. 2. Helps employees adjust to changes and cope with crisis situations. 3. Allows managers to analyze crisis causes and determine appropriate responses. 4. Helps managers devise strategies to navigate uncertain conditions. 5. Alerts the organization to early signs of crisis and provides measures to mitigate potential damage. Essential Features of Crisis Management: 1. Crisis Analysis: Helps employees and managers identify and understand events leading to a crisis, allowing for proactive responses. 2. Cultural Adjustment: Ensures that the organization’s culture adapts to changing conditions during the crisis. 3. Coordination: Promotes effective coordination across departments to handle emergencies. 4. Communication: Emphasizes the importance of clear and effective communication among employees during the crisis. Avoiding Conflicts Between Management and Board 1. Independent Board: At least 75% of board members should be independent. The chairman should not be the same person as the CEO. 2. Annual Elections: Annual elections for board members help ensure they make careful decisions and stay accountable to shareholders. 3. Self-Assessment: The board should assess its own performance each year. Independent directors should meet regularly to discuss policies, management, and compensation without management influence. Disaster Recovery Plan (DRP) A Disaster Recovery Plan (DRP) outlines the procedures a company will follow to restore its critical operations and services after a disaster. The goal is to help the company recover quickly and return to normal operations. Importance of DRP: DRPs are essential for risk management and business continuity. They help minimize the impact of disasters, protect company assets, and ensure continued service to customers and stakeholders. DRPs typically involve risk analysis, disaster response strategies, data and system backups, alternative communication methods, and contingency plans. Steps Taken by RBI Against YES Bank: 1. RBI took over the management of YES Bank. 2. A moratorium was imposed on the bank. 3. A reconstruction scheme was introduced with SBI investing capital to acquire a 49% stake in the bank. Features of a Disaster Recovery Plan: 1. Disaster Recovery Team: A team is responsible for developing, implementing, and maintaining the DRP. All employees should understand their role in the plan. 2. Risk Identification and Assessment: Identify potential risks (natural, man-made, or technology-related) to the organization. This helps develop effective recovery strategies. 3. Critical Resources Identification: Determine which business processes, applications, and documents are critical for the organization's operation. Focus on short-term survivability like generating cash flow rather than long-term recovery. 4. Backup and Off-site Storage: Establish procedures for backing up critical data and documents. Define who performs the backups, how often, and where the backups are stored. Key documents such as financial statements, tax returns, and employee records should be backed up and stored off-site. 5. Testing and Maintenance: DRPs should be tested and updated regularly to remain effective. Organizations must continually evaluate and improve their recovery strategies in response to new risks and changes. Relationship between Business Continuity Plan (BCP), Crisis Management Plan (CMP), and Disaster Recovery Plan (DRP) In the corporate world, BCP, CMP, and DRP are interconnected components of a risk management strategy. Here's a breakdown of their relationship: 1. BCP (Business Continuity Plan) ensures that essential business functions continue during and after a disruptive event. It focuses on overall operations, including staffing, communication, and key business services. 2. CMP (Crisis Management Plan) is focused on managing specific crises. It involves procedures and strategies to deal with an unexpected event, such as a public relations issue, safety emergency, or other immediate threats. 3. DRP (Disaster Recovery Plan) is a part of BCP and focuses on restoring IT systems and infrastructure after a disaster. It ensures that critical data and technological resources are quickly recovered. Table: Relationship between BCP, CMP, and DRP Business Continuity Plan Crisis Management Disaster Recovery Plan Aspect (BCP) Plan (CMP) (DRP) Ensure essential operations Provide a framework for Focus on recovering IT Purpose continue during a managing specific systems and data post- disruption. crises. disaster. Narrower, focuses on Narrow, focuses on Broad, covers all business Scope managing crises (e.g., technology and data functions. PR, safety). recovery. Managing immediate Restoring critical Minimizing disruption and Focus impact and guiding technology and enabling quick recovery. crisis response. infrastructure. Involves leadership, PR, Involves IT teams for Involves all departments to Involvement and legal teams for recovery of systems and maintain operations. crisis control. data. Active during the crisis Active during the entire Active post-disaster for Timing and immediate crisis and recovery. recovery of IT systems. aftermath. Define crisis protocols, Backup systems, restore Identify critical processes, manage public data, and ensure tech Key Actions maintain communication, perception, and mitigate infrastructure is up and and plan for continuity. damage. running. Cyber Risk Management In today’s cybersecurity landscape, managing cyber risks is increasingly challenging due to the complex nature of threats and the rapid growth of technology. Effective cyber risk management is essential to protect a company’s financial assets, databases, and intellectual property. A well-structured risk assessment helps in deploying security measures and safeguarding sensitive information. Cyber Security Risk Management Process 1. Identify Risks: Recognize potential cyber threats and vulnerabilities in your systems that could compromise cybersecurity. 2. Analyze Severity: Assess the likelihood of each risk occurring and the potential impact it could have on the organization. 3. Evaluate Risk Appetite: Determine how each identified risk aligns with your organization's acceptable level of risk. 4. Prioritize Risks: Rank the risks based on their severity and likelihood, focusing on the most critical ones first. 5. Decide Response Actions: o Treat: Implement security controls to reduce the likelihood or impact of the risk. o Tolerate: Accept the risk after evaluating its impact and likelihood. o Terminate: Avoid the risk by changing or halting the activities that cause it. o Transfer: Shift the risk to another party through insurance or outsourcing. 6. Monitor and Review: Since the cyber risk landscape is ever-evolving, continuously monitor risks, review your security measures, and make necessary adjustments to ensure ongoing protection. Cybersecurity Measures According to the International Telecommunication Union, cybersecurity measures are classified into five key areas: 1. Legal Measures: Establish laws and regulations to safeguard cyberspace. 2. Technical Measures: Use technology (software and hardware) to prevent, detect, and mitigate cyber-attacks. 3. Organizational Measures: Ensure proper implementation of cybersecurity policies within an organization. 4. Capacity Building: Improve knowledge and skills to enhance cybersecurity awareness and capabilities. 5. Cooperation Measures: Foster partnerships between various stakeholders to improve organizational resilience against cyber threats. CHAPTER 19 Sustainable development means meeting today’s needs without harming future generations. It connects economic growth, social well-being, and environmental protection. In business, sustainability involves operating in a way that benefits both current and future generations, considering the impact on the community and addressing environmental, social, and governance issues. It’s about creating value for current stakeholders while safeguarding the interests of future ones. Sustainability reporting began in response to concerns about environmental harm and unethical business practices. In the late 1980s, companies, especially those with large environmental impacts, started publishing reports to highlight their efforts in sustainability. Over time, this evolved into corporate social responsibility (CSR) reporting, driven by various organizations, governments, and experts in sustainability and environmental management. MEANING OF SUSTAINIBILITY AUDIT A sustainability audit assesses an organization's environmental, social, and economic impacts. It identifies areas for improving sustainability and reducing negative effects on the environment, society, and economy. The audit covers factors like energy use, waste management, water usage, employee relations, and community engagement. It evaluates both internal factors (like energy use) and external factors (like climate change legislation and customer preferences). The purpose is to help companies improve sustainability, meet stakeholders' expectations, and ensure transparency and accountability. It helps companies develop strategies to become more sustainable and improve their workplace practices. Rise / Evolution of Sustainability Audit: 1. Sustainability audits have evolved as society’s understanding of sustainability grew, and organizations became more aware of their environmental and societal impacts. 2. Initially focused on environmental issues like energy use, waste, and water, sustainability audits now include social and economic factors, such as human rights, labor practices, and economic performance. 3. Corporate sustainability reporting and the demand for transparency from stakeholders have accelerated the evolution of sustainability audits. Many organizations now use audits to measure and report on sustainability performance. 4. Technological advancements, such as data analytics and machine learning, have improved how organizations measure, monitor, and improve sustainability performance. 5. While the founder of sustainability audits is unclear, organizations like UNEP, WBCSD, and GRI played key roles in developing sustainability audit standards and practices. 6. These organizations established sustainability reporting guidelines and supported businesses in improving sustainability performance. 7. The importance of Environmental, Social, and Corporate Governance (ESG) has grown, with companies evaluated from environmental and societal perspectives, not just economic ones. 8. Standard-setting initiatives like ISO 26000, GRI, and UN SDGs illustrate the increasing focus on sustainability. 9. Sustainability covers the impact of an organization on society and the environment, including areas like governance, human rights, labor practices, and community involvement. 10. Each organization can define its sustainability focus based on factors like size, location, business activities, and stakeholder expectations. 11. Sustainability initiatives should be managed across all organizational levels, integrating ESG evaluation throughout the value chain. 12. ESG risks go beyond reputational risks, encompassing environmental, compliance, financial, and reputational threats that can harm companies. 13. Financial risks of climate change are critical for banks and insurers, as regulators require stress testing, ESG disclosures, and climate risk management. Asset managers are also pressured to embed sustainability across their operations. Framework of Sustainability Audit: 1. Planning and Preparation: o Define the scope and objectives of the audit. o Identify stakeholders. o Prepare a plan for conducting the audit. 2. Data Collection and Analysis: o Gather data on the organization's environmental, social, and economic impacts. o Review policies, procedures, and practices related to sustainability. 3. Assessment and Evaluation: o Evaluate the collected data. o Analyze the organization’s sustainability performance. o Benchmark performance against industry standards and best practices. 4. Report Generation: o Summarize the audit findings. o Present recommendations for improvement. 5. Implementation and Monitoring: o Implement the recommendations. o Monitor progress to ensure sustainability goals are met over time. The framework may vary slightly between organizations but generally follows these basic steps, depending on the organization's sustainability goals and available resources. Process of Conducting a Sustainability Audit: 1. Assess Company Culture: o Understand how open employees are about discussing social responsibility. o Review the training employees have received on sustainability issues. 2. Explore Social Responsibility Results: o Auditors examine the outcomes related to the company’s social responsibility practices. 3. Review Sustainability Strategy: o Analyze the company’s sustainability goals and objectives, and review relevant documents (e.g., contracts, regulatory filings). 4. Evaluate Execution of Sustainability Activities: o Assess the results achieved from sustainability efforts and check for negative impacts or infractions in social responsibility practices. 5. Policy Alignment: o Check if the company’s policies match its sustainability initiatives, including evaluating supplier relationships (e.g., human rights records). 6. Provide Findings and Recommendations: o Share the audit report with the management and board, offering suggestions for improving sustainable practices. 7. Create a Scorecard: o The final product is a scorecard that evaluates the company’s performance against its social responsibility goals. Steps in Conducting the Audit: 1. Defining Scope and Objectives: o Determine which aspects of the organization will be included in the audit and the goals to be achieved. 2. Gathering Data: o Collect data on environmental, social, and economic impacts. Review existing sustainability reports, conduct surveys, and analyze internal documents. 3. Assessment and Evaluation: o Evaluate sustainability performance, benchmark against industry standards, and identify areas for improvement. 4. Preparing a Report: o Summarize findings and present actionable recommendations for improvement. 5. Implementing and Monitoring Actions: o Take action on recommendations and monitor progress to meet sustainability goals. 6. Reporting and Communicating: o Communicate audit findings, improvement areas, and action plans to stakeholders (employees, customers, shareholders, etc.). The process may involve engaging external experts for specific tasks depending on the organization’s size, complexity, and sustainability goals. Sustainability Audit Report: Key Elements 1. Executive Summary: Overview of the audit’s purpose, findings, and recommendations. 2. Background: Context of the organization, its sustainability goals, and audit scope. 3. Methodology: Details on data sources, stakeholders, and analysis techniques. 4. Key Findings: Analysis of sustainability performance on key ESG issues. 5. Recommendations: Actions to improve sustainability in various areas. 6. Implementation Plan: Plan for executing recommendations with goals, timelines, and responsibilities. 7. Conclusion: Summary of findings and the organization's commitment to sustainability. Audit Standards on Sustainability: 1. Global Reporting Initiative (GRI) Standards: Provides guidelines for organizations to measure and report their sustainability performance globally. 2. ISO 26000: An international standard for corporate social responsibility, guiding organizations on topics like environmental responsibility, human rights, and community involvement. 3. Sustainability Assessment Standards: Includes frameworks like Environmental Management Accounting (EMA), AA1000, and Sustainability Assessment Framework (SAF). 4. National and Regional Standards: Examples include the EU's Eco-Management and Audit Scheme (EMAS) for sustainability measurement and reporting. Importance of Sustainability Audit: 1. Identifying ESG Risks: Helps in identifying environmental, social, and governance risks and benchmarking against competitors. 2. Improving Performance: Aids in identifying areas for improvement, leading to cost savings, efficiency gains, and reduced environmental impact. 3. Measuring Sustainability: Offers a systematic way to measure performance and track progress over time. 4. Demonstrating Commitment: Shows the organization's commitment to sustainability and responsibility. 5. Enhancing Reputation: Improves brand image, attracting stakeholders who value sustainability. 6. Fostering Innovation: Encourages competitiveness by addressing sustainability challenges and responding to market demands. Meaning of ESG (Environmental, Social, and Governance): 1. ESG Framework: A strategy that focuses on creating value for all organizational stakeholders, including employees, customers, suppliers, and financiers. 2. Sustainable and Ethical Focus: ESG represents a company's approach to financial interests with a focus on sustainability and ethical impacts. 3. Capital Markets: ESG helps evaluate organizations' future financial performance, considering non-financial indicators like environmental impact (e.g., carbon footprint). 4. Corporate Reporting: ESG reporting is used by stakeholders to assess risks and opportunities related to sustainability. 5. Investor Evaluation: Investors use ESG data to assess risks and opportunities, aiming for higher long-term risk-adjusted returns by focusing on sustainability-related issues. Criteria for ESG: 1. Environmental: Involves how much an organization considers the protection of natural resources, including: o Air and water quality o Biodiversity o Deforestation 2. Social: Focuses on how an organization treats people and impacts the community, including: o Customer satisfaction o Data protection and privacy o Support for underserved communities 3. Governance: Examines how a corporation manages itself and its internal systems, focusing on: o Company leadership o Board diversity and structure o Corruption and bribery prevention Meaning of ESG Rating: 1. ESG Score: An objective measure of a company's performance on Environmental, Social, and Governance (ESG) issues. Different rating platforms use varying evaluation criteria, but they all assess one or more of the ESG factors. 2. Industry-Specific vs. Industry-Agnostic: o Industry-specific ratings focus on material issues relevant to that particular industry. o Industry-agnostic ratings address widely applicable issues such as climate change, diversity, equity, inclusion (DEI), and human rights. 3. Rating Method: ESG ratings are determined by assigning weights to each measurement criterion and assessing the company's performance against them. The final score is usually a weighted sum of the ratings for each criterion. 4. Risk Assessment: ESG ratings measure a company’s exposure to long-term environmental, social, and governance risks, such as energy efficiency, worker safety, and board independence, which have financial implications but are often not covered in traditional financial reviews. 5. Implications of Ratings: o Good ESG Rating: Indicates the company is effectively managing its ESG risks. o Poor ESG Rating: Suggests higher exposure to unmanaged ESG risks. 6. Investor Use: ESG ratings, alongside traditional financial reports, provide investors with a broader view of a company's long-term potential and its approach to sustainability risks. ESG Key Performance Indicators (KPIs): 1. Purpose: ESG KPIs help companies track their environmental, social, and governance (ESG) impacts. They are important for venture capital and private equity managers to assess the ESG risks of their investments. 2. Regulation: As per SEBI (LODR) Regulations, top 1000 listed companies must include a Business Responsibility and Sustainability Report with ESG disclosures in their annual reports. 3. Assurance: The report should be assured, either limited or reasonable. Limited assurance is easier but less reliable, while reasonable assurance is more credible but costly. 4. BRSR Core: SEBI introduced the BRSR Core to ensure reasonable assurance on select ESG KPIs. These KPIs are quantifiable and relevant for both manufacturing and service sectors. 5. Supply Chain Reporting: Currently, supply chain metrics are optional in the BRSR report but will gradually become mandatory for top companies by 2025, with assurance requirements phased in. 6. Timeline: o FY 2024-25: ESG disclosures for supply chain are optional for the top 250 companies. o FY 2025-26: ESG disclosures for supply chain are mandatory for the top 250 companies, with assurance required on a comply or explain basis. ESG Rating Providers and Methodology: 1. ESG Rating Agencies: These organizations assess a company’s environmental, social, and governance (ESG) policies to determine its sustainability. Their reports help stakeholders decide on investments and business partnerships. 2. Increasing Demand: As ESG investing grows, the need for ESG data and ratings is rising globally. Investors rely on ESG ratings to assess a company’s performance on ESG issues and potential risks. 3. Data Collection: ESG rating providers gather data from company disclosures, news, third-party reports, and surveys. They use their own methodologies to process this data into a single score or rating. ESG Rating Providers: 1. Sustainalytics: Provides ESG ratings for 20,000 companies and 172 countries. It evaluates companies on environmental, social, and governance performance globally, using both quantitative data and qualitative analysis. 2. MSCI ESG Ratings: Rates 14,000 companies based on their exposure to ESG risks and opportunities. It assesses how well companies manage these risks compared to industry peers, with scores from 0 to 10 and ratings from AAA to CCC. 3. Bloomberg ESG Disclosure Scores: Rates over 11,800 companies on their ESG disclosures, covering topics like climate change, human capital, and shareholders' rights. 4. Institutional Shareholder Services (ISS): Provides ESG ratings and analysis across sustainable investment issues like climate change, human rights, and corruption. 5. S&P Global ESG Scores: Uses a bottom-up approach to assess companies on their ESG performance, focusing on environmental practices and employee relations. 6. CDP Climate, Water, and Forest Scores: Provides environmental data to help investors find companies addressing climate change, water security, and deforestation. 7. Moody’s ESG Solutions Group: Offers ESG ratings and analytics, using data from various sources like Vigeo Eiris and Four Twenty Seven, focusing on sustainable finance and environmental responsibility. 8. Dun & Bradstreet: Provides business data and insights, including ESG analysis to help companies understand their sustainability performance compared to peers. Offers ESG scores, sector-level analysis, and reports tailored to specific industries or countries. Helps businesses track their ESG performance and assess risks when partnering with third parties. Understanding MSCI ESG Ratings: 1. Categories for MSCI ESG Score: o Environmental: Issues like carbon emissions, water sourcing, pollution, and renewable energy. o Social: Focuses on labor management, product safety, community relations, and access to healthcare. o Governance: Looks at board diversity, executive pay, and company accounting practices. 2. Scoring Process: o MSCI selects key issues for each industry (e.g., packaging waste for the soft drink industry). o Companies are scored on each issue from 0 to 10, based on how well they manage the risks. o A higher score means better risk management. For example, Microsoft’s goal to become carbon-negative by 2030. 3. Weighting of Issues: o Key issues are weighted by their potential impact and timeline. Immediate risks like worker safety are weighted higher than long-term risks. 4. Final Rating: o Scores and weights are combined to give a final score from 0 to 10, which is then translated into an ESG rating from CCC (lowest) to AAA (highest). 5. Data Sources: o MSCI uses public data, company reports, media outlets, and works with companies to validate the information. 6. Example: o Amazon: MSCI gave Amazon a BBB rating. It excels in governance and privacy but has poor scores in labor management and corporate behavior due to issues like worker complaints and unfair practices. These could lead to financial risks such as lawsuits and damage to reputation. Advantages of ESG Ratings: 1. Competitive Advantage: o Companies with high ESG scores are seen as more sustainable, attracting customers and clients who value sustainability. o ESG programs help build brand loyalty and recognition. 2. Cost Reduction: o Tracking ESG metrics like energy use and waste can help companies reduce costs and improve operational efficiency. o ESG programs also lower risks of fines and penalties. 3. Attracting Investors and Lenders: o Companies with good ESG scores are more appealing to investors and lenders, as they tend to outperform competitors. 4. Supply Chain Benefits: o Companies with strong ESG programs attract supply chain partners who value sustainability, leading to better business opportunities. o Larger companies increasingly require ESG standards from their suppliers. 5. Attracting and Retaining Talent: o Many job seekers now prioritize companies with strong ESG commitments, making it easier to recruit and retain top talent. o Employees are more satisfied and productive when working for companies with good ESG practices. 6. Improving Financial Performance: o Implementing ESG programs can contribute to a company’s growth and financial success by attracting customers, investors, and talent. o Small to mid-sized companies can now easily implement ESG goals with the help of software. ESG Reporting Benefits (BSE Guidance): 1. Raises Corporate Transparency: o ESG reporting goes beyond financial metrics, improving transparency and accountability to stakeholders. 2. Strengthens Risk Management: o Sustainability reporting helps identify emerging risks and opportunities, improving the company’s risk management and reputation. 3. Promotes Stakeholder Engagement: o Engaging with stakeholders (shareholders, employees, customers, etc.) is key to understanding their concerns and improving sustainability performance. 4. Improves Communication with Stakeholders: o ESG reports help companies communicate their sustainability performance and align with industry standards, facilitating better engagement and comparison over time. ESG REPORTING IN INDIA ESG reporting in India began in 2009 with the Ministry of Corporate Affairs issuing voluntary CSR guidelines. Over time, frameworks like Business Responsibility Reporting (BRR), Corporate Social Responsibility (CSR), National Guidelines on Responsible Business Conduct (NGRBC), and the Business Responsibility and Sustainability Report (BRSR) have been introduced. The Companies Act, 2013, mandated energy conservation reporting, and directors are required to act in the company's best interests, including environmental protection. In 2012, SEBI mandated top 100 listed companies to report ESG data, extending this to the top 500 by 2015. In 2017, SEBI introduced green debt securities regulations, encouraging ESG-compliant projects. The Indian Banks' Association also issued guidelines for responsible financing. BRSR requires disclosures against nine principles of the NGRBCs, with mandatory reporting on essential indicators and voluntary reporting on leadership indicators. From FY 2022-23, the top 1,000 listed companies must disclose ESG-related information annually. Appoint a Chief Sustainability Executive Companies will need to create teams with sustainability roles, including a Chief Sustainability Officer (CSO). The CSO will help communicate and overcome challenges in adapting to new sustainability policies. To motivate employees, companies could tie ESG goals to bonuses, helping everyone work together to achieve them. Create an ESG Policy Budget New sustainability policies require a budget for hiring and partnerships. The CFO's support is necessary for funding these changes. Some changes, like extending the life of IT assets, can actually save money in the long run. Assess Partners’ Sustainability Practices Companies must assess their partners' sustainability to reduce their carbon footprint. This includes all suppliers and service providers, from equipment to professional services. Companies not focusing on sustainability may fall behind, as stricter regulations will separate serious efforts from greenwashing. Organizations that address these challenges now will be seen as responsible, attracting investors and customers in the future. CHAPTER 20 Introduction to Integrated Reporting 1. Integrated reporting is part of an evolving corporate reporting system, supported by frameworks and standards for measurement, disclosure, and regulation. 2. It is defined as a process based on integrated thinking, resulting in a report on value creation over time, with related communications. 3. Integrated reporting combines key information on an organization’s strategy, governance, performance, and prospects, reflecting its commercial, social, and environmental context. It shows how the organization creates value now and in the future. 4. Integrated reporting is not just a reporting process, but is rooted in integrated thinking, which improves decision-making by enhancing the understanding of value creation. 5. When integrated thinking is embedded in daily operations, it naturally flows into internal and external communications, reinforcing both integrated thinking and reporting. 6. The integrated report is a concise summary of an organization’s strategy, governance, performance, and prospects, showing how it creates value in the short, medium, and long term. 7. The integrated report is the main outcome of integrated reporting, clearly showing how an organization’s strategy and operations contribute to long-term value creation. 8. While integrated reporting aligns with developments in other types of reporting, it focuses on value creation across time and includes: o Conciseness, strategic focus, and future orientation. o The interdependencies of capitals and connectivity of information. o The importance of integrated thinking within the organization. 9. Integrated reporting promotes a more efficient approach to corporate reporting, improving the quality of information for better allocation of financial capital. 10. The main goal of the integrated report is to explain to financial capital providers how an organization creates, preserves, or diminishes value over time. 11. It benefits all stakeholders, including employees, customers, suppliers, communities, legislators, regulators, and policymakers. 12. The Integrated Reporting framework was developed by the International Integrated Reporting Council (IIRC) and provides principles and content elements for preparing and presenting integrated reports. It applies to private, public, and non-profit organizations. Guiding Principles for Integrated Reporting 1. Strategic Focus and Future Orientation The report should explain the organization’s strategy and how it creates value in the short, medium, and long term, considering its use of and impact on various capitals. 2. Connectivity of Information The report should show how different factors, their interrelations, and dependencies affect the organization’s ability to create value over time. 3. Stakeholder Relationships It should provide insight into the organization’s relationships with key stakeholders, including how it addresses their needs and interests. 4. Materiality The report should disclose information on matters that significantly affect the organization’s ability to create value over time. 5. Conciseness The report should be clear and to the point, focusing on key information that reflects the organization’s value creation. 6. Reliability and Completeness The report should include all material matters, both positive and negative, presented in a balanced way. 7. Consistency and Comparability The information should be: o Consistent over time. o Comparable with other organizations, to the extent relevant to the organization’s value creation. Content Elements of an Integrated Report 1. Organizational Overview and External Environment What does the organization do, and what are the circumstances in which it operates? 2. Governance How does the organization’s governance structure support its ability to create value in the short, medium, and long term? 3. Business Model What is the organization’s business model? 4. Risks and Opportunities What specific risks and opportunities affect the organization’s ability to create value, and how is the organization addressing them? 5. Strategy and Resource Allocation Where does the organization want to go, and how does it plan to get there? 6. Performance To what extent has the organization achieved its strategic objectives, and what are the outcomes in terms of its effect on the capitals? 7. Outlook What challenges and uncertainties might the organization face in pursuing its strategy, and what could be the implications for its business model and future performance? 8. Basis of Presentation How does the organization determine what matters to include in the report, and how are such matters quantified or evaluated? Benefits of Integrated Reporting 1. Comprehensive Information Integrated Reporting (IR) provides a complete view of an organization’s strategy, governance, performance, and future prospects. It focuses on driving meaningful, authentic reporting on all aspects of performance, which benefits both internal and external stakeholders. 2. Clear Value Creation Story IR links financial and non-financial performance, including sustainability, giving stakeholders a concise understanding of an organization's value creation story. 3. Holistic Overview It brings together governance, financial capital, intellectual capital, social capital, and environmental capital, enhancing transparency and accountability. 4. Efficient Reporting IR eliminates the need for separate reports for different stakeholders, reducing confusion and cost, especially for small and medium-sized companies. 5. Cost Savings By combining multiple reports into one, IR helps companies save on publication and press conference costs. 6. Clarity and Reduced Risk IR provides greater clarity in reporting, reducing reputational risks and improving stakeholder trust. 7. Internal Benefits It improves internal resource allocation, decision-making, and stakeholder engagement. 8. Enhanced Reputation Organizations using IR boost their brand and reputation, showing their commitment to environmental, social, and governance (ESG) principles. 9. Ethical Value Implementation The benefits of IR depend on a company’s adherence to ethical values like honesty, fairness, and integrity. Challenges in Implementing Integrated Reporting Framework 1. Traditional Reporting Shift A major challenge is transitioning from traditional reports, which focus solely on financial terms, to a broader perspective that includes non-financial elements like sustainability and governance. 2. Conciseness vs. Detail Integrated reporting is meant to be concise, but making a long report more succinct while maintaining crucial information can be difficult. Additionally, it is a compliance-based report, which can be challenging to prepare for many organizations. 3. Time-Consuming Preparation The inclusion of both financial and non-financial information makes integrated reporting more time-consuming, as it demands comprehensive data and analysis. 4. Need for Expertise The framework requires high levels of expertise to prepare, as it involves summarizing complex information in a clear and concise manner. 5. Business Model Explanation One of the hardest aspects to implement is describing a company's business model, particularly due to the capitals-based approach emphasized in the integrated reporting framework. 6. Balancing Conciseness and Context Striking the right balance between being concise and providing sufficient context to explain the organization’s value creation process is a challenge, especially when new information needs to be included to meet regulatory requirements or enhance the report. 7. Additional Challenges o Lack of standardization in reporting practices. o Reluctance to disclose sensitive information. o Underestimation of the importance of non-financial data. o High costs associated with reporting and difficulties in measuring and linking sustainability performance. Global Reporting Initiative Framework Introduction 1. GRI Overview: The Global Reporting Initiative (GRI) provides a framework for sustainability reporting, applicable to all types of organizations. Its guidelines are widely recognized and used. 2. Mission: GRI is an independent international organization that supports businesses and organizations in taking responsibility for their impacts by offering a global common language for communicating these impacts. 3. Objective: GRI’s mission is to make sustainability reporting standard practice by providing guidance and support to enable transparent and accountable reporting, helping drive the transition to a sustainable global economy. 4. Expansion of Scope: As GRI developed, its reporting system expanded to include not only environmental issues but also social, economic, and governance matters. GRI Standards for Reporting The GRI Standards form a modular system designed for transparent public reporting of an organization’s sustainability impacts. These standards are interconnected and help organizations report their impacts in a structured and transparent way. 1. GRI Universal Standards o GRI 1: Foundation 2021: This standard outlines the purpose of the GRI Standards, clarifying concepts and detailing how to use the standards. It sets the requirements organizations must follow to report according to the GRI framework and defines principles such as accuracy, balance, and verifiability that are essential for high-quality reporting. o GRI 2: General Disclosures 2021: This standard covers disclosures about an organization’s structure, governance, activities, workers, strategies, policies, practices, and stakeholder engagement. It provides insight into the organization’s profile and scale, offering context for understanding its impacts. o GRI 3: Material Topics 2021: This standard explains how organizations determine their material topics—those most relevant to their impacts. It provides a process for identifying material topics and outlines how they should be managed. The standard also guides the use of Sector Standards in identifying material topics. 2. GRI Sector Standards o These standards are designed to enhance the quality, consistency, and completeness of reporting for organizations in specific sectors. Initially developed for 40 sectors, starting with high-impact industries like oil and gas, agriculture, and fishing, these standards focus on identifying sector-specific material topics and relevant disclosures. o Sector-Specific Requirements: If a Sector Standard exists, an organization must use it in its reporting. The standards include an overview of the sector’s characteristics and list likely material topics, along with disclosures to report on each topic. They also identify any additional disclosures not covered by the Topic Standards. 3. GRI Topic Standards o The Topic Standards provide disclosures related to specific topics, such as waste, occupational health and safety, and tax. These standards offer an overview of the topic and details on how an organization should report on its associated impacts. o Usage: Organizations select the Topic Standards that correspond to their identified material topics and use them for reporting. The GRI framework helps organizations transparently report their sustainability impacts, providing stakeholders with clear and comparable information. Understanding the GRI Framework The GRI framework helps organizations report on various environmental, social, and governance (ESG) issues. Key areas of focus include: 1. Materials: Tracking raw materials, chemicals, packaging, and recycled content. 2. Energy: Measuring direct and indirect energy use, and renewable energy usage like solar or wind. 3. Water: Reporting water usage, recycling, and impact on water sources. 4. Biodiversity: Understanding how the company affects local ecosystems and biodiversity. 5. Emissions, Waste, and Effluents: Reporting on greenhouse gas emissions, waste generation, and hazardous waste. 6. Products and Services: Tracking recycled products and packaging. 7. Compliance: Reporting fines and penalties for non-compliance. 8. Transport: Measuring the environmental impact of transporting materials and goods. Identifying and Assessing Impacts 1. Identifying and assessing impacts is a daily task that varies for each organization. 2. Sector Standards help identify key impacts in different industries. 3. Understanding the company’s context is crucial for assessing impact significance. 4. GRI 2 provides detailed guidance on organizational practices and governance. 5. GRI 3 outlines steps to assess and prioritize impacts, helping organizations focus on the most relevant topics. 6. Material topics are grouped by areas like water, waste, or child labor, and should be prioritized based on their relevance. 7. Organizations must document how they identify and select material topics for reporting. 8. Using Sector Standards helps ensure all key impacts for the sector are considered. Reporting Disclosures 1. After identifying material topics, an organization collects data to report on each topic using GRI Standards. 2. Sector-specific disclosures may be added, and if some information can’t be reported, a valid reason must be provided. 3. There are also recommendations to improve report quality and transparency. Reporting in Accordance with GRI Standards Organizations can report on all significant impacts or focus on specific topics like climate change or child labor. GRI recommends reporting on all material topics and impacts, but organizations can also report on specific issues or use only parts of the GRI Standards for certain purposes. Navigating a Report 1. Reports can be in different formats (electronic or paper) and must include a GRI content index for transparency. 2. The index helps users find reported information and shows which GRI Standards were used. 3. If information is omitted, the reason must be listed. 4. If Sector Standards are used, each disclosure will have a reference number for easy identification. GRI Reporting Process 1. Prepare: Set a vision, create a team, and plan the report. 2. Connect: Meet with key stakeholders to decide what to report. 3. Define: Select issues and decide the report content. 4. Monitor: Track progress, check data quality, and follow up. 5. Report: Finalize and publish the report. Business Responsibility and Sustainability Reporting (BRSR) – Overview Introduction 1. Sustainability Reporting: A sustainability report describes a company's economic, environmental, and social impacts, showing how its activities align with its values and governance. It also demonstrates how the company’s strategy supports a sustainable global economy. 2. Importance: Companies are now incorporating Environmental, Social, and Governance (ESG) factors into their business strategies, as reporting these efforts is increasingly valued by investors and the market. 3. ESG Disclosure: Sustainability reporting, or non-financial reporting, is the process of communicating how a company’s activities affect the environment and society. The push for such disclosures has increased with the global focus on sustainable development and climate change. 4. Global Standards: Several frameworks like the Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), and ISO 26000 guide companies in measuring and reporting on ESG performance. 5. BRSR: The Business Responsibility and Sustainability Reporting (BRSR) framework has been designed to provide standardized, quantitative ESG disclosures that enable comparison across sectors and companies, helping investors make better decisions. BRR to BRSR – A Comparison 1. BRR (Business Responsibility Report): Introduced in 2012, the BRR was based on the Ministry of Corporate Affairs' (MCA) ESG guidelines but had limited depth in ESG data, primarily using simple Yes/No answers. It was not very well received as it lacked detailed and meaningful ESG data. 2. BRSR: Replacing the BRR, BRSR offers more comprehensive disclosures with both qualitative and quantitative data. It is aligned with international frameworks like GRI and is more detailed, covering broader ESG parameters. Overview and Applicability of BRSR 1. SEBI Regulations: The Securities and Exchange Board of India (SEBI) promoted sustainability reporting by mandating the top 1000 listed companies to file the BRR, starting in 2015. From FY 2022-23, these companies were required to submit the BRSR instead. 2. BRSR Mandatory for Top 1000 Companies: BRSR became mandatory for the top 1000 listed companies based on market capitalization from FY 2022-23, replacing the BRR. The BRSR is designed to keep pace with the growing focus on responsible corporate governance and ESG investing. 3. Purpose of BRSR: BRSR helps companies communicate their sustainability performance, challenges, and opportunities. It increases transparency and aligns with global concerns about climate change, social inequality, and environmental degradation. 4. Key Disclosures: BRSR includes disclosures on various ESG parameters, such as environmental impact, social contributions, governance practices, and economic performance. Key Features of BRSR 1. Focus on ESG Compliance: BRSR emphasizes compliance with the National Guidelines on Responsible Business Conduct (NGRBC) and requires companies to disclose their ESG-related policies and mechanisms. 2. Quantifiable Metrics: The BRSR introduces key performance indicators (KPIs) that are measurable, allowing for easy comparison across sectors and time periods. For example, "gross wages by gender" is one of the metrics to track gender diversity in the workforce. 3. Essential vs. Leadership Indicators: The report distinguishes between "essential" (mandatory) and "leadership" (optional but valuable) indicators. The leadership indicators cover advanced aspects like the company’s value chain and its efforts to go beyond basic compliance. 4. Climate and Social Issues: BRSR emphasizes detailed disclosures related to climate change and social responsibility, encouraging companies to address pressing ESG challenges. BRSR Structure 1. Quantifiable Metrics: BRSR provides clear, measurable metrics, such as intensity ratios for greenhouse gas emissions, water consumption, and waste generation. This enables comparison even between companies of different sizes. 2. Relevance to Indian Context: The BRSR Core contains factors applicable to both manufacturing and service sectors, ensuring its relevance in India. 3. Comparability: By using standardized KPIs, BRSR ensures that companies can be compared based on their ESG performance, no matter their size or sector. Business Responsibility and Sustainability Reporting (BRSR) – Structure and Key Sections The BRSR framework is divided into three main sections: SECTION A: GENERAL DISCLOSURES This section provides the foundational details of the company, its operations, and compliance information. Key points include: 1. Company Details: Information such as company name, CIN, registered office, contact details, and paid-up capital. 2. Key Person for BRSR: Contact details of the person responsible for BRSR within the organization. 3. Operations Overview: Basic details about the company's operations, production, and turnover. 4. Employee Information: Data on the gender ratio of employees, representation of women in top management, turnover rates, and other relevant employee statistics. This section helps provide a comprehensive snapshot of the company, focusing on transparency and compliance. SECTION B: MANAGEMENT AND PROCESS DISCLOSURES This section focuses on governance and management processes, outlining how the company adopts and implements policies related to sustainability. Key areas include: 1. Policy Preparation: Details on the preparation and identification of policies aligned with the National Guidelines on Responsible Business Conduct (NGRBC). 2. Sustainability Governance: Information about the company’s sustainability governance structure, and how decisions related to sustainability are benchmarked, implemented, and monitored. SECTION C: PRINCIPLE-WISE PERFORMANCE DISCLOSURES In this section, companies report their performance against the nine principles of the NGRBC. The Key Performance Indicators (KPIs) are divided into: 1. Essential Indicators (Mandatory): These include disclosures on environmental impact (e.g., energy consumption, water usage), social impact, and company efforts in promoting sustainability. 2. Leadership Indicators (Voluntary): These are additional disclosures to improve accountability, such as life cycle assessments (LCAs), biodiversity data, and energy consumption breakdown. Nine Principles of the NGRBC The NGRBC framework consists of nine principles designed to guide businesses in conducting responsible operations. Below are the principles along with key reporting requirements: Principle 1: Integrity and Accountability Businesses should operate with integrity, ethics, and transparency. Key Disclosures: Number of training programs on these principles, fines/penalties, complaints received, and anti-corruption measures. Principle 2: Sustainable and Safe Products/Services Companies should provide sustainable and safe products/services. Key Disclosures: Percentage of investment in R&D and sustainable sourcing, Life Cycle Assessment (LCA) procedures, and extended producer responsibility details. Principle 3: Employee Well-being Businesses should promote the well-being of employees. Key Disclosures: Employee welfare measures, retirement benefits, and employee- related policies. Principle 4: Stakeholder Responsiveness Businesses should respect and respond to stakeholder interests. Key Disclosures: Processes for identifying key stakeholders and how their interests are addressed. Principle 5: Respect for Human Rights Businesses should respect and promote human rights. Key Disclosures: Training on human rights, details of minimum wages paid, and human rights policies. Principle 6: Environmental Responsibility Businesses should work towards protecting and restoring the environment. Key Disclosures: Water usage, air emissions, waste management, and environmental impact assessments. Principle 7: Responsible Influence on Public Policy Businesses should influence public and regulatory policies responsibly and transparently. Key Disclosures: Engagement in trade and industry chambers, anti-competitive conduct, and corrective actions. Principle 8: Inclusive Growth and Equitable Development Businesses should promote inclusive growth and equitable development. Key Disclosures: Social impact assessments (SIA) of projects, preferential procurement policies, and efforts to promote social equality. Principle 9: Responsible Consumer Engagement Businesses should engage with consumers in a responsible manner. Key Disclosures: Consumer complaints, policies on advertising, cybersecurity, and data privacy, as well as mechanisms for handling cyber risks and unfair trade practices. The BRSR encourages businesses to disclose both essential and leadership indicators, helping create a more transparent and responsible corporate environment. Benefits of BRSR Reporting 1. Improved ESG Performance: BRSR reporting helps companies track their environmental, social, and governance (ESG) performance. It allows them to identify their sustainability gaps and make informed decisions to improve their practices, ultimately contributing to better overall ESG performance. 2. Competitive Advantage: Transparent reporting on sustainability differentiates companies from their competitors. It can attract eco-conscious investors and consumers who value sustainability, thus giving the company a market edge. 3. Compliance with Regulations: BRSR reporting ensures compliance with various regulations, including SEBI guidelines and the National Voluntary Guidelines on Social, Environmental, and Economic Responsibilities. This demonstrates that the company is adhering to relevant sustainability norms and regulations. 4. Improved Stakeholder Engagement: Reporting on ESG performance builds trust with key stakeholders like investors, customers, and employees. It shows the company’s commitment to sustainability, which can foster positive relationships, collaboration, and long-term partnerships. 5. Risk Management: Through BRSR, companies can identify and manage ESG-related risks, such as environmental damage or social issues, before they escalate. This proactive approach helps mitigate risks that could negatively impact the company’s reputation or financial standing. 6. Cost Savings: BRSR reporting helps identify areas where sustainability practices can lead to cost savings, such as reducing energy consumption, waste, or improving operational efficiency. This contributes to financial savings in the long term. 7. Innovation: BRSR reporting encourages companies to innovate. Tracking sustainability metrics like carbon emissions or water usage can drive the development of new, eco-friendly products and services, fostering innovation within the company. 8. Investor Confidence: Transparent ESG disclosures improve investor confidence by providing clear insights into the company’s sustainability efforts. It helps investors make informed decisions and attracts those who prioritize ESG factors in their investment strategy. 9. Improved Reputation: Reporting on sustainability strengthens a company’s reputation by showcasing its commitment to ethical business practices. A positive reputation can enhance customer loyalty, attract talent, and build trust, while a poor reputation can lead to lost business. 10. Long-Term Value Creation: By focusing on sustainable practices, BRSR reporting helps companies create long-term value. It promotes efficiency, cost reduction, and innovation while addressing ESG risks. Companies that integrate sustainability into their strategy are better positioned for long-term success. Challenges of BRSR Reporting 1. Diverse Views on Sustainability: Sustainability lacks a single, universally agreed- upon definition, which can make it challenging for companies to collate and present the vast amount of information required for a comprehensive report. 2. Multiple Reporting Standards: There are numerous sustainability reporting frameworks, such as CDP, GRI, SASB, and IIRC, each with different guidelines. This creates confusion and complicates the reporting process as companies must adapt to each framework’s requirements. 3. Time-Consuming Exercise: Gathering the extensive data needed for BRSR reporting can be time-consuming, especially for smaller companies with fewer resources. The process can overwhelm companies without dedicated teams for data collection and reporting. 4. Lack of Understanding within Management: For BRSR reporting to be effective, employees involved in data collection need proper training and coordination. A lack of understanding or communication between departments can lead to inaccurate reporting, affecting the company’s credibility. 5. No Clear Proof of Financial Return: While sustainable practices may improve a company’s public image and stakeholder relations, it is difficult to quantify the direct financial return on investment. Despite studies showing benefits, empirical evidence linking sustainability efforts to clear financial gains remains mixed. CHAPTER 18 – CASE STUDIES CASE STUDY 2- MARICO Strategic Risks 1. Key Mitigation Strategies: Marico learns from past projects, focuses on due diligence, and builds robust market research frameworks to handle joint ventures or acquisitions. 2. Application of Learnings: Lessons from previous projects are integrated into decision-making processes, improving future strategies and reducing risks. 3. Examples: Internal risks include poor planning or weak execution, while external risks involve market disruptions and regulatory changes. Financial Risks 4. Interest Rate Fluctuations: Marico diversifies funding sources and uses interest rate swaps to mitigate risks. 5. Foreign Currency Exposure: It uses forward contracts and currency hedging to reduce risks from fluctuating exchange rates. 6. Investment Policy: It ensures clear guidelines for safe investments, balancing returns with minimized risk exposure. Operational Risks 7. Primary Causes: System failures, supply chain disruptions, and poor employee oversight disrupt operations. 8. Challenges and Solutions: Limited monitoring resources; addressed through automation and outsourcing non-core activities. 9. Importance: Ensures efficient risk detection without overburdening staff with compliance tasks. Compliance and Governance Risks 10. Regulatory Compliance: Marico follows strict legal frameworks, audits, and periodic reviews to stay compliant. 11. Ethics Violations: It has a whistleblower mechanism and strict enforcement of ethical policies to address violations. 12. Communication Policies: Regular updates educate employees on compliance requirements and reduce violations. Environmental Risks 13. Examples: Pollution, extreme weather events, and climate change impact production and supply chains. 14. Improper Waste Management: Leads to regulatory penalties, brand damage, and environmental harm. 15. Mitigation Steps: Adopting sustainable practices, investing in eco-friendly technology, and meeting environmental standards. General Risk Management 16. Balancing Short and Long-Term Goals: Marico invests in brand building and innovation while maintaining profitability. 17. Social Media Trends: Monitoring consumer behavior online helps preempt reputational and demand-related risks. 18. Role of Brand Building: Differentiates products in a competitive market and builds consumer trust to counter competitors. CASE STUDY 3- Infosys Introduction 1. Why is Infosys particularly concerned about water scarcity in India? India faces growing water demand due to population growth, impacting Infosys’ large campuses. 2. How does water scarcity impact Infosys' operations? It disrupts cooking, cleaning, landscaping, cooling systems, and business continuity. 3. What factors contribute to water scarcity in India? Increasing population, overuse of water resources, and irregular rainfall patterns. Water Scarcity Risks 4. What are the key uses of water at Infosys facilities? Cooking, cleaning, drinking, bathrooms, landscaping, and cooling systems. 5. How can water shortages disrupt Infosys' ability to meet performance goals? It affects operations, delaying customer contracts and performance targets. 6. Why is water a critical resource for IT companies like Infosys? Essential for daily operations, employee welfare, and maintaining infrastructure. Response to Water Risks 7. How does Infosys' collaboration between risk management and sustainability teams benefit its water strategy? It ensures better risk assessment, mitigation planning, and sustainable solutions. 8. What are the five water risk response options used by Infosys? Accepting, avoiding, pursuing, reducing, and sharing risks. 9. In cases of high water scarcity, why does Infosys prioritize "reducing" risks over other options? Reducing risk minimizes disruption and ensures long-term sustainability. 10. How do water risk assessments and root cause analyses contribute to effective action plans? They identify and address underlying issues, enabling precise mitigation steps. 11. What measures has Infosys implemented to mitigate water risks at its facilities? Water conservation, rainwater harvesting, aquifer recharge, and underground reservoirs. 12. Why is root cause analysis important for addressing water scarcity? It solves the underlying problem rather than just managing the symptoms. Monitoring and Mitigation Measures 13. What tools and data does Infosys use to monitor water scarcity? Rainfall patterns, water tables, storage capacity, and freshwater sources. 14. How do underground reservoirs and rainwater harvesting support Infosys' water management strategy? They provide a backup water supply during shortages. 15. What role do sustainability teams play in monitoring water availability? They gather and analyze data to ensure adequate water resources are maintained. Business Outcomes 16. How does effective water risk management contribute to Infosys' operational flexibility? It allows operations in locations where competitors may struggle. 17. What advantages does Infosys gain over competitors through its water risk strategy? Continuous operations and the ability to expand even in water-scarce areas. 18. How does stored water during shortages ensure customer confidence and profitability? It prevents disruptions, maintaining client trust and consistent revenue. General and Strategic Questions 19. How does Infosys' organizational structure enable it to address water risks both locally and globally? It integrates sustainability and risk management teams at all levels. 20. What lessons can other companies learn from Infosys’ approach to water risk mitigation? Proactive planning, collaboration, and sustainable practices lead to resilience. Case Study 4: A Medical Practice is Hit with Ransomware 1. Why are medical practices a prime target for ransomware attacks? o They hold valuable personal and credit card data and often lack robust cybersecurity. 2. How did the ransomware virus enter the medical practice's system? o Through an email attachment disguised as an invoice. 3. What immediate steps did the practice take after receiving the ransomware demand? o Contacted IT, shut down the network, and switched to handwritten records. 4. Why was the IT support unable to resolve the ransomware attack on its own? o The issue required specialized cybersecurity expertise. 5. What measures were taken to recover data without paying the ransom? o Restored data from offsite backups after clearing the virus remnants. 6. What challenges did the practice face in restoring its data from backups? o Recovery took over a week and involved unexpected costs. 7. List the technical controls implemented by the cybersecurity team after the attack. o Email filters, antivirus updates, firewalls, local/cloud backups, and restricted access. 8. What employee awareness training was introduced to prevent similar incidents? o Training on recognizing phishing, suspicious downloads, and updated policies. 9. Why is it essential to test data backups and have a disaster recovery plan? o To ensure quick recovery and continuity during unexpected incidents. 10. What role does cyber insurance play in mitigating financial risks from data breaches? It covers data breach responses and liability costs. Case Study 5: Phishing Attack and Employee Password Compromise 1. What are phishing attacks, and how do they typically operate? o Social engineering attacks tricking users into sharing data via fake emails or links. 2. What suspicious details in the phishing email should the employee have noticed? o Lack of project details and an unexpected file-sharing request. 3. How did the phishing attack compromise the employee's login credentials? o The fake site captured credentials when the employee entered them. 4. What immediate actions did the cybersecurity team take after the phishing attack was reported? o Reset all passwords, checked security settings, and informed employees. 5. Why is two-factor authentication (2FA) an effective measure against phishing attacks? o It adds a second layer of verification, alerting users to unauthorized sign-ins. 6. How does employee training help prevent phishing attacks? o It teaches employees to spot phishing attempts and verify suspicious emails. 7. What lessons did the grocery retailer learn from this phishing attack? o The need for better cybersecurity measures and regular employee training. 8. Why is it critical to monitor and verify any unexpected emails, even from known senders? o To avoid falling for phishing attempts disguised as trusted communication. 9. What preventive steps can organizations take to reduce the risk of phishing incidents? o Use email filters, 2FA, training programs, and monitor user activity. 10. How did quick reporting by employees limit the potential damage of the phishing attack? It enabled immediate action, preventing data theft and further compromises. Summary: Risk Governance and Management at Tata Steel Tata Steel faces multiple risks due to its global operations, stringent regulations, and rapid technological changes. It has implemented an Enterprise Risk Management (ERM) framework to identify, assess, and mitigate risks, ensuring informed decision-making. Key Risks and Mitigation Strategies 1. Macroeconomic Risks: o Challenges: Global oversupply, slow domestic growth, and competition. o Mitigation: Diversified product portfolio, alternative markets, and industry consolidation. 2. Financial Risks: o Challenges: Currency fluctuations, high debt, and asset impairment. o Mitigation: Cashflow optimization, debt restructuring, and foreign exchange hedging. 3. Regulatory Risks: o Challenges: Stringent norms, mining lease renewals, and removal of trade measures. o Mitigation: Compliance focus, regulatory dialogue, and policy advocacy. 4. Operational Risks: o Challenges: Raw material price volatility, IT failures, and safety issues. o Mitigation: Alternative suppliers, logistics improvements, and safety initiatives. 5. Market Risks: o Challenges: Cyclical demand, competition from substitutes, and product liabilities. o Mitigation: Value-added products and stronger contracts. 6. Climate Change Risks: o Challenges: Stricter GHG regulations impacting operations. o Mitigation: Environmental investments and research collaborations. 7. People Risks: o Challenges: Labour disputes, social unrest, and talent retention. o Mitigation: Stakeholder engagement, succession planning, and employee policies. 8. Strategic Risks: o Challenges: Growth realization and JV-related uncertainties. o Mitigation: Strong project management, leveraging Tata Steel expertise, and stakeholder consultations. Risk Governance and Management at Tata Steel: Summary Tata Steel has implemented an Enterprise Risk Management (ERM) process to address various risks affecting its operations in a dynamic and challenging environment. The company aims to mitigate these risks through informed decision-making and strategic planning. Key Risks and Mitigation Strategies 1. Macroeconomic Risks: Overcapacity, global competition, and slow domestic growth impact profitability. o Mitigation: Diversify product portfolio, explore alternative markets, and participate in industry consolidation. 2. Financial Risks: Currency fluctuations, high debt, and asset impairment create financial challenges. o Mitigation: Maximize cash flow, refinance debt, hedge foreign exchange, and align cash flow with liquidity needs. 3. Regulatory Risks: Increasing regulations, dependency on leased mines, and changes in trade measures affect operations. o Mitigation: Focus on compliance, engage with regulators, and collaborate with industry associations. 4. Operational Risks: Volatile raw material prices, supply disruptions, IT failures, and safety issues hinder productivity. o Mitigation: Develop in-house expertise, secure alternate supply sources, and promote safety initiatives like "Committed to Zero." 5. Market-Related Risks: Cyclical industry trends, competition from substitutes, and product liability concerns threaten market position. o Mitigation: Focus on value-added products and reinforce contractual agreements.

Fraud Risk Management PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue