First Edition

Risk Management
Manual

Total Quality Management

217, Nazrul Islam Avenue, Kolkata- 700059

Company Profile
Exide Industries Limited is the countrys largest manufacturer of lead acid
storage batteries and Power storage solutions provider. With seven batteries
manufacturing plant, two inverter plant & two smelting plant with international
standard factories spread across the nation for producing batteries, the
company offers one of the widest ranges of batteries for every conceivable
application in automotive as well as industrial segments. Exide also has
manufacturing facilities in Sri Lanka & Singapore and does business globally
through its subsidiaries and international affiliates.
Exides products are sold globally, particularly in developed markets like
Australia, Japan and Western Europe, under its own brand names.
Exides strong brand pull, established in India for more than hundred years, is
supplemented by its nationwide dealer network and a very strong R&D center.
With the help of its collaborators Shin Kobe and Furukawa of Japan and
East Penn of the US - Exide has consistently remained at the cutting edge of
international battery technology and introduced various pioneering products
and Power storage solutions in the Indian and global markets.
Exides vast product range, that includes everything from the smallest UPS
batteries to the giant submarine batteries, find applications in automotive, twowheelers, inverters, UPS, Power, telecom and railways, among others. Exide
is also present in the non-conventional energy business where it designs and
integrates solar and wind Power solutions for use in remote areas of the
country.
Exides customer list includes some of the top most international names in
industries as diverse as automotive, earth moving equipment, telecom and
UPS manufacturers.
Exide has recently branched out into the synergistic business of
manufacturing and marketing its own range of home UPS systems thereby
offering a total end to end solution to its customers.

-1-|Page

Total Quality Management

RISK MANAGEMENT POLICY

We at Exide Industries Limited in the pursuit of our vision to be recognised as Word
Class Company and be the customers preferred choice in energy storage system,
are subject to certain risks that affect our ability to operate, serve customer, protect
assets and implement strategies. These risks are integral part of our operations /
processes and present across the organisation. We are committed to minimizing/
eliminating these risks through effective risk management to
Achieve our business objectives
Control organization exposure to risks and
Strengthen corporate governance
Further, it is the policy of the company to:
Identify all risks in external and internal context of business as legal, regulatory,
social, cultural, political, operational strategic, technological, etc. and deploy effective
risk mitigation strategies to minimize/eliminate their adverse effects on our endeavour
to achieve organizational objective, mission and vision.

Establish. Implement and maintain effective Risk Management System across the
organization and insure identification, evaluation, analysis and mitigation of risks
through the standard process, metrics, monitoring, control and review mechanism.

Ensure that organisation experience and learning in risk management is

managed, sheared and utilized to improve our preparedness and ability to deal
with risks.
Continually improve the adequacy and effectiveness of Risk Management
System and deploy best of breed processes to minimize risks.
Comply with applicable legal, statutory requirements related to Risk
Management System.
Ensure review of Risk Management policy periodically or in response to
significant events or changes in circumstances.
The Risk Management Policy shall be made available to all stakeholders and
interested parties.

Paban Kr.Kataky
MD & CEO
10th April 2015
- 2 -| P a g e

Total Quality Management

- 2 - | Page

Total Quality Management

- 4 - | Page

Total Quality Management

Sl.No
1
2
3
4
4.1
4.2
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.4
4.4.1
4.4.2
4.5
4.6
5
5.1
5.2
5.3
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.4
5.4.1
5.4.2
5.4.3
5.4.4
5.5
5.5.1
5.5.2
5.5.3
5.6

Contents
Introduction
Principles
Terms And Definitions
Framework
General
Mandate And Commitment
Design Of Framework For Managing Risk
Understanding Of The Organization And Its Context
Establishing Risk Management Policy
Accountability
Integration Into Organizational Processes
Resources
Establishing Internal Communication And Reporting
Mechanisms
Establishing External Communication And Reporting
Mechanisms
Implementing Risk Management
Implementing The Framework For Managing Risk
Implementing The Risk Management Process
Monitoring And Review Of The Framework
Continual Improvement Of The Framework
Process
General
Communication And Consultation
Establishing The Context
General
Establishing The External Context
Establishing The Internal Context
Establishing The Context Of The Risk Management
Process
Defining Risk Criteria
Risk Assessment
General
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
General
Selection Of Risk Treatment Options
Preparing And Implementing Risk Treatment Plans
Monitoring And Review
Corporate Risk Register

-5-|Page

Page.No
7
9
12
14
1415
15
15
15
18
20
22
22
23
24
25
25
26
28
28
29
29
29
30
30
30
31
31
32
33
33
33
34
35
37
37
38
38
39
40

Total Quality Management

Sl.No
Annexure-1
Annexure-2
Annexure-3
Annexure-4
Annexure-5

-6-|Page

Contents
Company Level Goal & Critical Success Factor
Functional Level Goal & Critical Success Factor
Risk Register
Risk Treatment
Counter Measure (3W1H)

Page.No
41
42
43
44
45

Total Quality Management

Introduction To Risk Management

To improve the Companys ability to address the increasingly complex
internal and external legal issues and potential business, in 2015 Exide
Industries Limited (The Company) began to apply the concept of risk
management. Through risk management, the Company expects to
proactively identify potential critical problems for the Companys business
and is able to perform mitigation measures that are considered the most
optimal. To conduct these functions, the Company established the Risk
Management Executive committee.
As the framework for risk management, Exide Industries Limited. has
established the implementation of a risk management manual that is
prepared with reference to the rules and standards of the Executive
Committee of the Organization. The socialization phase has been
implemented for the managerial level staff through in-house training,
internal seminars, implementation mentoring, dissemination through the
media intranet, and other activities. To facilitate its application in the
field, a risk management handbook has been formulated and distributed
to the leadership ranks of Exide Industries Limited at the E Grade and
above, or to Key Persons that have been authorized to manage risk in
their respective processes. A risk is a potential event that negatively
affects the achievement of the vision, mission, goals and targets of the
Company or organizational unit. Risk Management is an attempt to
minimize the negative effects from the various sources of risks facing the
Companys business activities so that objectives can be achieved
optimally. The Risk Management Division is responsible for ensuring that
analysis and management of risk have been conducted for all units of the
organization and to ensure that the analysis and management of risk
have been implemented in an effective, efficient and consistent manner at
each process.
To ensure that the implementation of Risk Management in the Company
has been conducted audit according to the standards set by
ISO9001:2015,
To support the implementation of Risk Management in all processes, the
Executive committee has prepared the infrastructure as a means to
guide/train, socialize and mentor.
Risk factors have been identified, which are spread throughout almost all
processes, the risks identified are recorded in a Risk register of Exide
Industries Limited.

-7-|Page

Total Quality Management

The implementations of risk management in the Company, among others,

are done through the following activities:
o
o

o
o
o
o
o
o

The dissemination of risk management implementation internally in

the Company, including the EIL Executive committee
Risk analysis for processes and corporate risks are conducted as a
representation of the Company risk reporting and as a base for
strategic decisions by Management which is included in the annual
Business Plan.
Through mentoring the preparation of risk analysis by prioritizing
the main activities of the Company.
Though preparation of the Companys risk register.
Through risk analysis of strategic Company projects (Lead Acid
storage batteries).
Through spot risk analysis associated with the actual conditions
facing the Company.
Conducting risk analysis of environmental, health and occupational
health aspects.
Implementing different Management System (i.e, QMS, TS, EMS &
OHSAS)) by completing the Key Performance Indicators (KPI) for
the Unit Work Targets with Key Risk Indicators (KRI) in order to
mitigate the performance achievements.

The business risks faced by Exide Industries Limited as Lead acid storage
battery company are classified into four types of risk, these are:
1. Strategic risks (Business Risk), i.e. risks that are strategic for the
development of the company, such as technology development,
government policies, investment plans, new product development,
etc.
2. Operational Risk, the risk of loss due to the failure or inadequacy of
the quality control of business processes.
3. Support Processes Risk, risk that directly or indirectly lead to losses
i.e. financial risk, environmental risk (those impacts on
environmental
degradation,
environmental
pollution,
social
disruption, the companys reputation, etc.),

-8-|Page

Total Quality Management

Principles Of Risk Management

For risk management to be effective, an organization should at all levels
comply with the principles below.
a) Risk Management Creates And Protects Value.
Risk management contributes to the demonstrable achievement of objectives
and improvement of performance in, for example, human health and safety,
security, legal and regulatory compliance, public acceptance, environmental
protection, product quality, project management, efficiency in operations,
governance and reputation.
b) Risk Management Is An Integral Part Of All Organizational Processes.
Risk management is not a stand-alone activity that is separate from the main
activities and processes of the organization. Risk management is part of the
responsibilities of management and an integral part of all organizational
processes, including strategic planning and all project and change
management processes.
c) Risk Management Is Part Of Decision Making.
Risk management helps decision makers make informed choices, prioritize
actions and distinguish among alternative courses of action.
d) Risk Management Explicitly Addresses Uncertainty.
Risk management explicitly takes account of uncertainty, the nature of that
uncertainty, and how it can be addressed.
e) Risk Management Is Systematic, Structured And Timely.
A systematic, timely and structured approach to risk management contributes
to efficiency and to consistent, comparable and reliable results.
f) Risk Management Is Based On The Best Available Information.
The inputs to the process of managing risk are based on information sources
such as historical data, experience, stakeholder feedback, observation,
forecasts and expert judgement. However, decision makers should inform
themselves of, and should take into account, any limitations of the data or
modelling used or the possibility of divergence among experts.

-9-|Page

Total Quality Management

g) Risk Management Is Tailored.

Risk management is aligned with the organization's external and internal
context and risk profile.
h) Risk Management Takes Human And Cultural Factors Into Account.
Risk management recognizes the capabilities, perceptions and intentions of
external and internal people that can facilitate or hinder achievement of the
organization's objectives.
i) Risk Management Is Transparent And Inclusive.
Appropriate and timely involvement of stakeholders and, in particular, decision
makers at all levels of the organization, ensures that risk management
remains relevant and up-to-date. Involvement also allows stakeholders to be
properly represented and to have their views taken into account in determining
risk criteria.
j) Risk Management Is Dynamic, Iterative And Responsive To Change.
Risk management continually senses and responds to change. As external
and internal events occur, context and knowledge change, monitoring and
review of risks take place, new risks emerge, some change, and others
disappear.
k) Risk Management Facilitates Continual Improvement Of
Organization.

The

Organizations should develop and implement strategies to improve their risk

management maturity alongside all other aspects of their organization.

- 10 - | P a g e

Total Quality Management

Relationships Between Risk Management Principles, Framework &

Processes

- 11 - | P a g e

Total Quality Management

Term And Definition

Sr.no
1
2

Terms
Risk
Risk
management

Risk
management
framework

Risk
management
policy

Risk attitude

10
11

12

13
14
15

Definition
Effect of uncertainty on objectives
Coordinated activities to direct and control an
organization with regard to risk
Set of components that provide the foundations
and organizational arrangements for designing,
implementing, monitoring , reviewing and
continually improving risk management throughout
the organization
Statement of the overall intentions and direction of
an organization related to risk management

Organization's approach to assess and eventually

pursue, retain, take or turn away from risk
Scheme within the risk management framework
Risk
specifying the approach, the management
management
components and resources to be applied to the
plan
management of risk
Person or entity with the accountability and
Risk owner
authority to manage a risk
Systematic application of management policies,
Risk
procedures and practices to the activities of
management
communicating, consulting, establishing the
process
context, and identifying, analyzing, evaluating,
treating, monitoring and reviewing risk
Defining the external and internal parameters to be
Establishing
taken into account when managing risk, and
the context
setting the scope and risk criteria for the risk
management policy
External
External environment in which the organization
context
seeks to achieve its objectives
Internal environment in which the organization
Internal context
seeks to achieve its objectives
Continual and iterative processes that an
Communication
organization conducts to provide, share or obtain
and
information and to engage in dialogue with
consultation
stakeholders regarding the management of risk
Person or organization that can affect, be affected
Stakeholder
by, or perceive themselves to be affected by a
decision or activity
Risk
Overall process of risk identification, risk analysis
assessment
and risk evaluation
Risk
Process of finding, recognizing and describing
identification
risks

- 12 - | P a g e

Total Quality Management

16

Event

17
18
19

Consequence
Likelihood
Risk profile

20

Risk analysis

21

Risk criteria

22

Level of risk

23

Risk evaluation

24
25

Risk treatment
Residual risk

26

Monitoring

27

Review

- 13 - | P a g e

Occurrence or change of a particular set of

circumstances
Outcome of an event affecting objectives
Chance of something happening
Description of any set of risks
Process to comprehend the nature of risk and to
determine the level of risk
Terms of reference against which the significance
of a risk is evaluated
Magnitude of a risk or combination of risks,
expressed in terms of the combination of
consequences and their likelihood
Process of comparing the results of risk analysis
with risk criteria to determine whether the risk
and/or its magnitude is acceptable or tolerable
Process to modify risk
Risk remaining after risk treatment
Continual
checking,
supervising,
critically
observing or determining the status in order to
identify change from the performance level
required or expected
Activity undertaken to determine the suitability,
adequacy and effectiveness of the subject matter
to achieve established objectives

Total Quality Management

4. Framework
4.1 General
The success of risk management will depend on the effectiveness of the
management framework providing the foundations and arrangements that will
embed it throughout Exide at all levels. The framework assists in managing
risks effectively through the application of the risk management process (see
Clause 5) at varying levels and within specific contexts of Exide. The
framework ensures that information about risk derived from the risk
management process is adequately reported and used as a basis for decision
making and accountability at all relevant processes.
This clause describes the necessary components of the framework for
managing risk and the way in which they interrelate in an iterative manner, as
shown,

- 14 - | P a g e

Total Quality Management

4.2 Mandate And Commitment

Exides introduction of risk management and ensures its ongoing
effectiveness with strong and sustained commitment by management of the
organization, as well as strategic and rigorous planning to achieve
commitment from all levels. Management of Exide Industries Limited
o define and endorse the risk management policy;
o ensure that the organization's culture and risk management policy are
aligned;
o determine risk management performance indicators that align with
performance indicators of the organization;
o align risk management objectives with the objectives and strategies of
the organization;
o ensure legal and regulatory compliance;
o assign accountabilities and responsibilities at appropriate levels within
the organization;
o ensure that the necessary resources are allocated to risk management;
o communicate the benefits of risk management to all stakeholders; and
o ensure that the framework for managing risk continues to remain
appropriate.
4.3 Design Of Framework For Managing Risk
4.3.1 Understanding Of The Organisation And Its Context
Exide has identified its external and internal context to design and
implementation of framework for managing risk. Evaluating the external
context includes and is not limited to:
The social and cultural, political, legal, regulatory, financial, technological,
economic, natural and competitive environment, whether international,
national, regional or local;

External Risks

Economic Risk

The battery industry is an industry that produces solution for all type of
batteries related to Lead acid storage batteries to meet the needs of
automotive, Industrial, Defence etc . Therefore, the Company has taken
strategic steps to anticipate various scenarios of events that could adversely
affect the Companys business continuity.

- 15 - | P a g e

Total Quality Management

Raw Materials Scarcity Risks

Major raw materials of Exide namely Lead, still come from imports so that
there is the risk of shortages of raw materials for production. The efforts by the
Company to minimize the negative impact of the risk of scarcity of raw
materials, include among others:
o Encourage the establishment of a local Smelters to support the needs
of Lead raw materials.
o Working closely with R&D and collaborators in research to minimise the
wastage of raw materials.
o Expand the network of suppliers for Long term supply of raw materials.
o Improving the database and evaluating the performance of suppliers.

Energy Scarcity Risks (Gas And Electricity)

Energy is a major raw material requirement of the battery industry. In order to

minimize the negative impacts of the risk of energy shortages, the Company
has initiated the following:
o

Promote an internal program for energy efficiency through efficiency

programs in all operational areas.

Risk Of Damage And Loss Of Assets

To control the risk of damage and loss of assets, the Company has initiated
the following:
o Develop the inventory management as prevention and protection
against damage or loss of the Companys assets.
o Insure all assets and property of the Company, which are exposed to
the risk of loss due to damage, fire, loss and other possible causes are
insured.
o Insure all goods (cargo) that are in transit (transport) with respect to the
agreed terms of delivery by the seller or buyer.
o Insure all possible losses that might occur to the assets themselves and
third parties who are located at the office and factory areas owned by
the Company.

Risk of Exchange Rate Fluctuations

The floating exchange rate system that is implemented by the Government ,

the Rupiah exchange rate movements against foreign currencies, including
U.S. dollars, difficult to predict. The possibility of the Rupiah depreciating
against the dollar or other hard foreign currencies is very real. For the
- 16 - | P a g e

Total Quality Management

Company, the depreciation of the rupiah will greatly affect the cost structure,
given its substantial dependence on imported raw materials. To control this
risk, the Company initiated the following efforts:
o Established sale prices adjusted for exchange rate changes.

Business Competition Risk

Lead Acid storage Battery industry is relatively open. Demand does not make
significant restrictions on market shear. To control this risk, the Company
initiated the following:
o
o
o
o
o

Improve cost competitiveness in all areas.

Ensure accuracy and speed in handling consumer claims.
Meet on time delivery and quality demands.
Establish a network of distributors.
Analyse annual customer feedback to strengthen the Companys
relationships with customers, while also enhancing customer loyalty.
o Conduct annual customer satisfaction surveys to determine the level of
customer satisfaction with the Companys products, and to determine
aspects that need to be improved on an on-going basis.

International Regulatory Risk

Globalization, among others, is marked by an increasing role of the World

Trade Organization (WTO), giving birth to a variety of new regulations, which
makes business competition in the entire production chain, from raw materials
procurement to distribution and sale of products increasingly stringent. To
minimize the adverse effects of market liberalization, the Company initiated
the following efforts:
o Regularly assessing the impact of international regulations on the
Company.
o Propose solutions to the minister and the ministries concerned to protect
the interests of the industry.

Risk of Government Policy

Trends in world trade, together with domestic influence government policy, As

a precaution against possible negative impacts, the Company initiated a
variety of efforts including:
- 17 - | P a g e

Total Quality Management

o Studying the impact of government policies against the Company and

act follow up on these studies.
o Propose solutions to the minister and the relevant Technical
Department to protect the interests of the national industry.
Internal Risk
Evaluating the internal context includes and is not limited to:

Operation Risk Factory

To control the risk of possible disruption of plant operations, the Company has
conducted the following actions:
o
o

Implemented predictive programs and preventive maintenance

consistently.
Conducting daily, weekly and monthly studies on the operating
performance of its production facilities to increase efficiency and
profitability.
Assess and implement the revitalization program to ensure reliable
operation of production facilities.
Employee Risk

Risks associated with personnel issues are very broad, including accidents,
health, pension plans, retirement, termination of employment, and more. To
minimize such risks, the Company has initiated the following steps:
o Involve all employees in the Workers Social program (Social Security)
which includes insurance for Accidents, Death Benefits, and Pension
Plans, through the Body for the Implementation of the Labor Social
Security Program in accordance with the legislations in force.
o Providing health care to employees and their families.
o Organizing Pension Plans and Old Age Retirement Programs.
o Provide and grant the rights of employees in accordance with the
Collective Labor agreement between the Company and Labor Unions.

Environmental Impact Risk

Environmental pollution, for any reason, can have a negative impact on the
work environment, employee health, and safety of workplace equipment and
also create lawsuits. As evidence of the Companys commitment to
environmental protection, the Company has commissioned a unit specifically
tasked with managing Safety, Health and Environment. The Company has
- 18 - | P a g e

Total Quality Management

consistently and dutifully also implemented rules and regulations, including

those set out in the Environmental Management System (ISO 14000) and
Occupational Health Safety Management system (OHSAS).
4.3.2 Establishing Risk Management Policy
Exide has defined his risk management policy and clearly states the
organization objective for and commitment to risk management

As defined in page number 2 of Risk management manual Edition 1

- 19 - | P a g e

Total Quality Management

4.3.3. Accountability
Exide has ensure that there is accountability, authority and appropriate
competence for managing risk, including implementing and maintaining the
risk management process and ensuring the adequacy, effectiveness and
efficiency of any controls.
Organisation chart:
MD & CEO

Chief TQM & MR

Chief VD

Dir-Finance

MRR-Hsr
Chief-Commercial
MRR-Chn

GM-IT

Jt. MD.

Dir-Indl.

MRR-Tlj
Chief R&D-Auto

VP-Sub

Chief R&DIndl

MRR-Shm

MRR-Hal

MRR-Bwl

Dir- HR,
Personnel
&Administrat
ion
Com. Sec &
Sr. VP Legal

MRR-Ahm

MRR-R&D

VP Projects

EVP-FMIB-Business

Mktg,
Sales &
Service
Orgn

ChiefManufacturing
Automotive

Dy COMCML

COM-Hsr

Dy COMCAIL

COM-Chn

EVPInfra,
Mktg. &
Sales
ChiefManufacturing
Industrial

COM-Tlj
MRR-CPSSL
EVP Special
Projects

COM-Shm

MRR-CML
Dy. COM-Hal
MRR-CAIL
COM-Bwl
MRR-Haridwar

MRR-Roorkee

COM-Ahm

Dy COMHaridwar

Dy COMRoorkee

- 20 - | P a g e

Total Quality Management

Roles And Responsibilities

Management Board
o Annual review of the risk register and mitigation of risks, ensuring that
the risk management process works effectively .
o Identification of additional corporate risks and their mitigation plan.

Executive Committee
o Identification of corporate risks, their mitigation plan, and effective
deployment of risk management process.
o Half yearly Review of corporate risks and mitigating actions., their
effectiveness.
o Ensure evaluation of risk while making decisions, ensure preparedness
& control.

Process Heads
o To identify risks to the achievement of their units business plan which
might also be corporate risks to compliance officer of such risks.
o To identify relevant mitigating actions, to include these within their units
business plan, and to ensure the business plan is achieved.
o Implement the mitigating actions, monitor & ensure control for
effectiveness.

Compliances Officer
To manage the risk management process ensuring that:
o The Corporate Risk Register is presented to board as appropriate;
o The risk register is access able, and employees are encouraged to
contribute, towards mitigation action.

- 21 - | P a g e

Total Quality Management

o Inconsistencies, gaps and process deviations, in the Corporate Risk

Register are identified & addressed.
o To ensure that the Corporate Risk Management Policy is kept up to
date
o Ensure that applicable regulatory & statutory requirements pertaining to
risk management are fully addressed.
o Ensure timely reporting / response to any query
statutory authorities.

to regulatory &

4.3.4 Integration Into Organisational Process

Exide has embedded in all the processes in a way that risk management is
relevant, effective and efficient. The risk management process should become
part of, and not separate from, those organizational processes. In particular,
risk management has embedded into the policy development, business and
strategic planning and review, and change management processes.
Exide ensure that the risk management policy is implemented and that risk
management is embedded in all of the processes.
4.3.5 Resources
Exide has allocated appropriate resources for risk management where major
consideration has been given to the following:
o People, skills, experience and competence;
o Resources needed for each step of the risk management process;
o The organization's processes, methods and tools to be used for
managing risk;
o Documented processes and procedures;
o Information and knowledge management systems; and
o Training programmes.

- 22 - | P a g e

Total Quality Management

4.3.6 Establishing Internal Communication And Reporting Mechanisms

Exide
o
o
o

has identified the process for internal communication system

Individual process owner will identify the risk within the process
The risk will be communicated to process Head
Team of process head within the process will review the risk
assessment
o The team will forward the risk to executive committee

- 23 - | P a g e

Total Quality Management

o Executive committee will review the risk assessment and give its report
to process head if its found not satisfactory.
o If the assessment found satisfactory the same will be forwarded to
managing board.
o Board will finally give its decision based on business / policy
requirement.
4.3.7 Establish External Communication And Reporting Mechanisms
Exide Industries Limited has developed and implements a plan to
communicate with external stakeholders. This has involved:
o Engaging external stakeholders and ensuring an effective exchange of
information in board meeting.
o Reporting to comply with legal, regulatory, and governance
requirements;
o Providing feedback and reporting on communication and consultation;
o Using communication to build confidence in the organization; and
o Communicating with stakeholders in the event of a crisis or
contingency.
These mechanisms have or where appropriate, include processes to
consolidate risk information from a variety of sources.

- 24 - | P a g e

Total Quality Management

4.4 Implementing Risk Management

4.4.1 Implementation The framework Of Managing Risk
Exide has developed and implement a plan as to how it will communicate with
external stakeholders.
This should involve:
o engaging appropriate external stakeholders and ensuring an effective
exchange of information;
o external reporting to comply with legal, regulatory, and governance
requirements;
o providing feedback and reporting on communication and consultation;
o using communication to build confidence in the organization; and
o Communicating with stakeholders in the event of a crisis or
contingency.
These mechanisms should, where appropriate, include processes to
consolidate risk information from a variety of sources, and may need to
consider the sensitivity of the information.
Following framework will be used for identifying and recording the risks
identified with the organisation.

- 25 - | P a g e

Total Quality Management

Risk Identification: The Process of finding, recognizing and describing a Risk

associated with an event that might.

Delay
Degra
de

Create
Achieveme
nt of
objectives

Enhanc
e

Acceler
ate
Preven
t

4.4.2 Implementation Of Risk Management Process

Risk management should be implemented by ensuring that the risk
management process outlined in Clause 5 is applied through a risk
management plan at all relevant levels and functions of the organization as
part of its practices and processes.
Risk Management Process

- 26 - | P a g e

Total Quality Management

Risk Management process

1
Risk identification

Risk assessment

Risk treatment

Monitoring

Counter measure

- 27 - | P a g e

Create
risk
management
infrastructure for the organization.
Define business risk management.
Review stated business goals.
Identify
and
define
customer/stakeholders/interested
parties and their association it goals.
Identify
and
define
implied
expectations.
Identify potential risks in the
business.
Transform risk data into decisionmaking information.
For each risk, describe likely impacts
and the effect on business goals.
Estimate risk probabilities.
Identify risks to be escalated /
delegated within the organization.
Identify risks to be transferred outside
the organization.
Rank the retained risks based on
their probability /impact scores.
Identify owners for retained risks.
Translate
risk
information
into
decisions and present and future
mitigating actions.
Plan controlling actions for the most
significant risks.
Prioritize controlling actions based on
the impact on reducing risks.
Integrate risk planning with technical,
commercial and financial proposals.
Monitor business risk indicators.
Correct for deviations from the plans.
Implement
selected
controlling
actions.
Monitor effectiveness of controlling
actions.
Report on retained risks.
Monitor effectiveness of controlling
actions.
Capture results of risk management
program.
Use information to learn from
experience.
Total Quality Management

4.5 Monitoring And Review Of The Framework

In order to ensure that risk management is effective and continues to support
organizational performance, Exide has
o Measure risk management performance against indicators, which are
periodically reviewed by executive committee and the managing board.
o Executives committee will periodic review in Quarterly basis and
managing board in Half yearly basis to check effectiveness,
o Periodically review whether the risk management framework, policy and
plan are still appropriate, given the organizations' external and internal
context;
o Report in form of audit report and VCS on risk, progress with the risk
management plan and how well the risk management policy is being
followed; and
o Review the effectiveness of the risk management framework.

4.6 Continual Improvement Of The Framework

Based on results of monitoring and reviews, managing board will take
decisions on how the risk management framework, policy and plan can be
improved. These decisions will lead to improvements in the organization's
management of risk and its risk management culture.

- 28 - | P a g e

Total Quality Management

5. Process
5.1 General
Exide has identified its risk management process as:
o An integral part of management,
o Embedded in the culture and practices, and
o Tailored to the business processes of the organization.
It comprises the activities described in 5.2 to 5.6. The risk management
process is shown in Figure 3.

5.2 Communication And Consultation

Exide has identified a process of communication and consultation with
external and internal stakeholders during all stages of the risk management
process.
Plans for communication and consultation have been developed at an early
stage. These plan address issues relating to the risk itself, its causes, its
consequences, and the action being taken to treat it. Effective external and
internal communication and consultation are in place to ensure that those
accountable for implementing the risk management process and stakeholders
understand the basis on which decisions are made.

- 29 - | P a g e

Total Quality Management

The Executive committee approach will:

o Help establish the context appropriately;
o Ensure that the interests of stakeholders are understood and
considered;
o Help ensure that risks are adequately identified;
o Bring different areas of expertise together for analyzing risks;
o Ensure that different views are appropriately considered when defining
risk criteria and in evaluating risks;
o Secure endorsement and support for a treatment plan;
o Enhance appropriate change management during the risk management
process; and
o Develop an appropriate external and internal communication and
consultation plan.
Exide has developed activity for effective communication and consultation with
stakeholders to make judgements about risk based on their perceptions of
risk. The decision will vary due to differences in values, needs, assumptions,
concepts and concerns of stakeholders. As their views can have a significant
impact on the decisions made, the stakeholders' perceptions will be identified,
recorded, and taken into account in the decision making process.
Communication and consultation will facilitate truthful, relevant, accurate and
understandable exchanges of information, taking into account confidential and
personal integrity aspects.
5.3 Establishing The Context
5.3.1 General
By establishing the context, the organization articulates its objectives, defines
the external and internal parameters to be taken into account when managing
risk, and sets the scope and risk criteria for the remaining process. While
many of these parameters are similar to those considered in the design of the
risk management framework (see 4.3.1).
5.3.2 Establishing The External Context
Exide has external context in which the organization seeks to achieve its
objectives. Exide understands important in order to ensure that the objectives
and concerns of external stakeholders are considered when developing risk
criteria. It is based on the organization-wide context, but with specific details of
legal and regulatory requirements, stakeholder perceptions and other aspects
of risks specific to the scope of the risk management process.
Exide has identified external context but is not limited to:
o The social and cultural, political, legal, regulatory, financial,
technological, economic, natural and competitive environment, whether
international, national, regional or local;

- 30 - | P a g e

Total Quality Management

o Key drivers and trends having impact on the objectives of the

organization; and
o Relationships with, perceptions and values of external stakeholders.

5.3.3 Establishing The Internal Context

The internal context is the internal environment in which the Exide seeks to
achieve its objectives. The risk management process had been aligned with
the Exide culture, processes, structure and strategy. Internal context is
considered that can influence the way in which an organization will manage
risk.
It has been established concerning:
risk management in the context of the objectives of the organization;
Objectives and criteria of a particular project, process or activity are inlined with the objectives of the organization.
Exide has identified its internal context but is not limited to:
o Governance, organizational structure, roles and accountabilities;
o Policies, objectives, and the strategies that are in place to achieve
them;
o Capabilities, understood in terms of resources and knowledge (e.g.
capital, time, people, processes, systems and technologies);
o The relationships with and perceptions and values of internal
stakeholders;
o The organization's culture;
o Information systems, information flows and decision making processes
(both formal and informal);
o Standards, guidelines and models adopted by the organization; and
o Form and extent of contractual relationships.
5.3.4 Establishing The Context Of The Risk Management Process
Exide has identified objectives, strategies, scope and parameters of the
processes, where the risk management process is being applied. The
management of risk will be undertaken with full consideration of the need to
justify the resources used in carrying out risk management. The resource
defines responsibilities and authorities, and the records to be kept in a risk
management register. The contexts of the risk management process are
defined as follows.

- 31 - | P a g e

Total Quality Management

Risk Register

Risk Treatment
Method

Current Controls

Risk Level-L.M.H

Risk Ranking

Risk Score

Impact

Probability

Consequence

Risk Assessment

Cause

Risk Description

Critical Success
Factor

Date Identified

Risk Number

Risk Identification

It has involve following aspects:

o Defining the goals and objectives of the risk management activities;
o Defining responsibilities for and within the risk management process;
o Defining the activity, process, function, project, product, service or asset
in terms of time and location;
o Defining the risk assessment methodologies;
o Defining the way performance and effectiveness is evaluated in the
management of risk (As defined above in risk analysis);
o Identifying and specifying the decisions that have to be made; and
o Identifying, scoping or framing studies needed, their extent and
objectives, and the resources required for such studies.
Attention to these and other relevant factors should help ensure that the risk
management approach adopted is appropriate to the circumstances, to the
organization and to the risks affecting the achievement of its objectives.

5.3.5 Defining Risk Criteria

Exide has define criteria to be used to evaluate the significance of risk. The
criteria will reflect the organization's values, objectives and resources. Some
of the criteria are imposed by, or derived from, legal and regulatory
requirements and other requirements to which the organization subscribes.
Risk criteria are in-lined with the organization's risk management policy (see
4.3.2), be defined at the beginning of any risk management process and be
continually reviewed.
When defining risk criteria (Refer 4.4.1), factors to be considered should
include the following:

- 32 - | P a g e

Total Quality Management

Risk Analysis
The Process to comprehend the nature and level of risk, this involves
consideration of Causes & Sources of Risk, their impact/consequences, and
likelihood.

5.4.1 General
Risk assessment is the overall process of risk identification, risk analysis and
risk evaluation.
5.4.2 Risk Identification
Exide
o
o
o
o

will identify:
sources of risk,
areas of impacts,
events (including changes in circumstances) and
their causes and their potential consequences.

The aim of this step is to generate a comprehensive list of risks based on

those events that will create, enhance, prevent, degrade, accelerate or delay
the achievement of objectives. It is important to identify the risks associated
with not pursuing an opportunity. Comprehensive identification is critical,
because a risk that is not identified at this stage will not be included in further
analysis.
o Identification will include risks whether or not their source is under the
control of the organization, even though the risk source or cause may
not be evident.
o Risk identification will include examination of the knock-on effects of
particular consequences, including cascade and cumulative effects.
o It will also consider a wide range of consequences even if the risk
source or cause may not be evident.
o As well as identifying what might happen, it is necessary to consider
possible causes and scenarios that show what consequences can
occur.
o All significant causes and consequences will be considered and
recorded into risk register.

- 33 - | P a g e

Total Quality Management

5.4.3 Risk Analysis

o Risk analysis involves developing an understanding of the risk.
o Risk analysis provides an input to risk evaluation and to decisions on
whether risks need to be treated, and on the most appropriate risk
treatment strategies and methods.
o Risk analysis will also provide an input into making decisions where
choices must be made and the options involve different types and levels
of risk.
o Risk analysis involves consideration of the causes and sources of risk,
their positive and negative consequences, and the likelihood that those
consequences will occur.
o Factors that affect consequences and likelihood should be identified.
o Risk is analyzed by determining consequences and their likelihood, and
other attributes of the risk.
o A project will have multiple consequences and can affect multiple
objectives. Existing controls and their effectiveness and efficiency
should also be taken into account.
o The activity in which consequences and likelihood are expressed and
the process in which they are combined to determine a level of risk
must reflect the type of risk, the information available and the purpose
for which the risk assessment output is to be used.
o It is also important to consider the interdependence of different risks
and their sources.
o The confidence in determination of the level of risk and its sensitivity to
preconditions and assumptions should be considered in the analysis,
and communicated effectively to decision makers and stakeholders.
o Factors such as divergence of opinion among experts, uncertainty,
availability, quality, quantity and ongoing relevance of information, or
limitations on modelling should be stated and can be highlighted.
o Risk analysis must be undertaken with varying degrees of detail,
depending on the risk, the purpose of the analysis, and the information,
data and resources available.
o Consequences and their likelihood can be determined by modelling the
outcomes of an event or set of events, or by extrapolation from
experimental studies or from available data.
o Consequences will be expressed in terms of tangible and intangible
impacts. More than one numerical value or descriptor is required to
specify consequences and their likelihood for different times, places,
groups or situations.

- 34 - | P a g e

Total Quality Management

Risk Assessment- Impact

The impact of a risk shall be assessed, as per criteria given below
Impact

Rating

Criteria

Very Low

Likely to have very minor impact in one area

Low

Likely to have minor impact in many areas

Medium

Likely to have major impact in one area

High

Likely to have major impact in many areas

Very High

Likely to have major impact in whole Exide

Risk Assessment- Probability

The identified risks shall be assessed, for their likelihood (Probability) as per
given criteria in table
Probability

Rating

Assessment Criteria

Very Low

Extremely unlikely, virtually impossible (0-5% chance)

Low

Low but not impossible ( 6-20% chance)

Medium

Fairly likely to occur ( 21-50% chance)

High

Most likely to occur (51-80% chance)

Very High

Almost certain, will occur ( 81-100% chance)

5.4.4 Risk Evaluation

o Exide has identified a process of risk evaluation is to assist in making
decisions, based on the outcomes of risk analysis, about which risks
need treatment and the priority for treatment implementation.
o Risk evaluation involves comparing the level of risk found during the
analysis process with risk criteria established when the context was
considered. Based on this comparison, the need for treatment can be
considered.
o Decisions will take account of the wider context of the risk and include
consideration of the tolerance.
- 35 - | P a g e

Total Quality Management

o The risk evaluation can lead to a decision to undertake further analysis.

o The risk evaluation can also lead to a decision not to treat the risk in
any way other than maintaining existing controls.
o This decision will be influenced by the organization's risk attitude and
the risk criteria that have been established.
Risk Evaluation Matrix
Probability
Low (
2)

Medium
( 3)

High
(4)

Very
(5)

10

15

20

25

Very High
(5)

12

16

20

High (4)

12

15

Medium
(3)

10

Low (2)

Very Low
(1)

Criteria
Very High
High
Medium
Low
Very Low

- 36 - | P a g e

High

Impact

Very Low
( 1)

Condition
Major Impact at organization level posing direct threat to business
Major impact due to disruption of processes in many areas
Major impact due to disruption of site specific process
Minor impact due to disruption of activities at multiple sites
Minor impact due to disruption of activities at multiple sites

Total Quality Management

Corporate Risk Register

The Exide has appointed a competent person to comprehensively review the
risks identified by process heads, review its comprehensiveness, interactions,
linkages and identify the critical risks that company is exposed to. This is
documented as Corporate Risk Register.
Following steps have been followed to prepare the corporate risk register
o Training, understanding of framework to all the process heads
o The identification of risks along with process heads following analysis &
evaluation criteria established
o Filtration of high impact risks as an input to corporate risk register
o Additional risks which might have not been covered, inter functional
nature of risks
o Preparation of draft corporate risk register
o Review of draft corporate risk register by EXCOM and identification of
additional risks in half yearly basis.
o Incorporation of EXCOM input and concluding final risk register.
o Taking input for risk criticality rating ( Scale 1- 5, 5 being highly critical)
from EXCOM and key leadership positions having insight to external
and internal business environment.
o Declaration of Final Corporate Risk Register .
o EXCOM will decide wither the risk has to be discussed in board meeting
based on the criticality of risk.
o Repeat this cycle on annual frequency.
5.5 Risk Treatment
5.5.1 General
Risk treatment involves selecting one or more options for modifying risks, and
implementing those options. Once implemented, treatments provide or modify
the controls.
Risk treatment involves a cyclical process of:
o Assessing a risk treatment;
o Deciding whether residual risk levels are tolerable;
o If not tolerable, generating a new risk treatment; and
o Assessing the effectiveness of that treatment.
Risk treatment options are not necessarily mutually exclusive or appropriate in
all circumstances. The options can include the following:
o Avoiding the risk by deciding not to start or continue with the activity that
gives rise to the risk;
- 37 - | P a g e

Total Quality Management

o
o
o
o
o

Taking or increasing the risk in order to pursue an opportunity;

Removing the risk source;
Changing the likelihood;
Changing the consequences;
Sharing the risk with another party or parties (including contracts and
risk financing); and
o Retaining the risk by informed decision.
5.5.3 Preparing And Implementing Risk Treatment Plans
Exide has identified as risk treatment plans is to 5W1H & 3W1H record.
The information provided in treatment plan includes:
o The reasons for selection of treatment options, including expected
objective to be gained;
o Proposed actions;
o Resource requirements including contingencies;
o Performance measures and constraints;
o Reporting and monitoring requirements; and
o Timing and schedule.
Action plans will be integrated with the management processes of the
organization and discussed with appropriate stakeholders. Decision makers
and other stakeholders will be aware of the nature and extent of the residual
risk after risk treatment in. The residual risk will be documented and subjected
to monitoring, review and, where appropriate, further treatment.
Corporate risk treatment plan will be prepared by cross functional team
depending on the scope of risks. Following steps shall be followed for
treatment of corporate risks. The CFT shall be appointed by EXCOM.
o Risk treatment planning shall be done by appointed CFTs. The CFT
shall be doing the necessary preparatory action towards this planning,
including availability of relevant information, estimation etc.
o The CFT shall present the planned treatment action to Executive
Committee for necessary input towards comprehensiveness of plan.
o The necessary resource approval shall be done for treatment actions.
o The each planned action shall have clearly defined responsibility with
time line as per 5W1H format.
o The CFT shall meet on monthly frequency, and review the progress of
plan. The gap shall be identified in 3W1H formats.
o The CFT shall monitor the respective KPIs against plan.
o Monthly MIS shall be prepared and communicated to compliance
officer.
- 38 - | P a g e

Total Quality Management

5.6 Monitoring And Review

Both monitoring and review will be a planned part of the risk management
process and involve regular checked in for of audit (Frequency: half yearly).
And Risk management System audit in annual basis.
It will be reviewed every quarter by the executive committee. The monitoring
and review processes will encompass all aspects of the risk management
process for the purposes of:
o ensuring that controls are effective and efficient in both design and
operation;
o obtaining further information to improve risk assessment;
o analyzing and learning lessons from events (including near-misses),
changes, trends, successes and failures;
o detecting changes in the external and internal context, including
changes to risk criteria and the risk itself which will be require revision
of risk treatments and priorities; and
o Identifying emerging risks.
Progress in implementing risk treatment plans provides a performance
measure. The results will be incorporated into the organization's overall
performance management, measurement and external and internal reporting
activities in for of audit.
The results of monitoring and review will be recorded and internally reported
to executive committee, and will also be used as an input to the review of the
risk management framework (see 4.5).

5.7 Recording The Risk Management Process

o Record of risk management will be maintained in for of risk register &
corporate risk register for the retention period of 3 years. The custody of
the record will be with compliance officer.
o MIS for KPIs will be retained for 12months trend.

- 39 - | P a g e

Total Quality Management

- 40 - | P a g e

Total Quality Management

41 | P a g e
Total Quality Management

Remarks

Target for 2017-18

Target for 2016-17

Target for 2015-16

Bench
mark
Name of Bench Mark
Organisation

Industry best

2014-15
Actual

2013-14
Actual

2012-13 Actual

Unit of Measurement

Key Performance
Indicator

Critical Success Factor

SBU Level Goal

Strategic /Operational

Company level Goal

Company Level Goal & Critical Success Factors

42 | P a g e

Total Quality Management

43 | P a g e
Total Quality Management

Risk Treatment Method

Current Controls

Risk Level-L.M.H

Risk Ranking

Risk Identification

Risk Score

Impact

Probability

Consequence

Cause

Risk Description

Critical Success Factor

Date Identified

Risk No.

Risk Register
Risk Assessment

RISK TREATMENT
Dept.
Critical Success
Factor
KPI
Risk Description
Project Leader
Team members
Current State
Target
Problem definition
Root causes

Risk No.

Risk Rank.

5W1H

S. No.

44 | P a g e

What

When
Start Date
End Date

Total Quality Management

Where

Who

Why

How

Counter Measure/ 3W1H

S. No.

45 | P a g e

What

When

Who

How

Total Quality Management