KRYP MEDIA PRIVATE LIMITED
RISK MANAGEMENT POLICY
The main objective of this Risk Management Policy (“Policy”) is to ensure sustainable business growth with stability and to promote a pro-active approach in reporting, evaluating and resolving risks associated with the business. In order to achieve the key objective, the Policy establishes a structured and disciplined approach to Risk Management in order to guide decisions on risk evaluating & mitigation related issues. The Policy is in compliance with the provisions of Companies Act, 2013, as amended which requires the Company to lay down procedures about risk assessment and risk minimization.
- 1.1. Applicability
This Policy applies to every part of Kryp Media Private Limited (the “Company”) business and functions.
- 2. Definitions
2.1. “Company” means Kryp Media Private Limited.
2.2 “Risk” means a probability or threat of damage, injury, liability, loss, or any other negative occurrence that may be caused by internal or external vulnerabilities; that may or may not be avoidable by pre-emptive action.
2.3. “Risk Management” is the process of systematically identifying, quantifying, and managing all Risks and opportunities that can affect achievement of a corporation’s strategic and financial goals.
2.4. “Risk Management Committee” means the Committee formed by the Board.
2.5. “Risk Assessment” means the overall process of risk analysis and evaluation.
- 3. Risk Management
Principles of Risk Management
3.1. The Risk Management shall provide reasonable assurance in protection of business value from uncertainties and consequent losses.
3.2. All concerned process owners of the company shall be responsible for identifying & mitigating key Risks in their respective domain.
3.3. The occurrence of Risk, progress of mitigation plan and its status will be monitored on periodic basis.
- 4. Risk Management Procedures
- 4.1. General
Risk management process includes four activities: Framework for Risk Identification, Risk Assessment, Measures for Risk Mitigation and Monitoring & Reporting.
- 4.2. Framework for Risk Identification
The purpose of framework of Risk identification is to identify the events that can have an adverse impact on the achievement of the business objectives. All Risks identified are documented and shall include internal and external risks including financial, operational, sectoral, sustainability (particularly ESG related risks), information, cybersecurity risks or any other risks as may be determined. Risk documentation shall include risk description, category, classification, mitigation plan, responsible function / department.
- 4.3 Risk Assessment
Assessment involves quantification of the impact of Risks to determine potential severity and probability of occurrence. Each identified Risk is assessed on two factors which determine the Risk exposure:
A. Impact if the event occurs
B. Likelihood of event occurrence
Risk Categories: It is necessary that Risks are assessed after taking into account the existing controls, so as to ascertain the current level of Risk. Based on the above assessments, each of the Risks can be categorized as – low, medium and high.
- 4.4 Measures for Risk Mitigation
The following framework shall be used for implementation of Risk Mitigation:
All identified Risks should be mitigated using any of the following Risk mitigation plan:
a) Risk avoidance: By not performing an activity that could carry Risk. Avoidance may seem the answer to all Risks but avoiding Risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed.
b) Risk transfer: Mitigation by having another party to accept the Risk, either partial or total, typically by contract or by hedging / Insurance.
c) Risk reduction: Employing methods/solutions that reduce the severity of the loss e.g. concreting being done for preventing landslide from occurring.
d) Risk retention: Accepting the loss when it occurs. Risk retention is a viable strategy for small Risks where the cost of insuring against the Risk would be greater than the total losses sustained. All Risks that are not avoided or transferred are retained by default.
e) Develop systems and processes for internal control of identified risks.
f) Business continuity plan
- 5. Monitoring and reviewing Risks
The Company shall record the framework and processes for effective identification, monitoring, mitigation of the Risks.
Risk Management Committee to reviews the Risks at least once a year and add any new material Risk identified to the existing list considering changing industry dynamics and evolving complexity. These will be taken up with respective functional head for its mitigation.
Existing process of Risk Assessment of identified Risks and its mitigation plan will be appraised by the Risk Management Committee to Board on an annual basis including recommendations made by the Committee and actions taken on it.
The Risk Management Committee shall coordinate its activities with other committees in instances where there is any overlap with activities of such committees as per the framework laid down by the Board of Directors. Further, the Committee shall review appointment, removal and terms of remuneration of Chief Risk Officer, if any.
- 6. Amendment
Any change in the Policy shall be approved by the board of directors (“Board”) of the Company. The Board shall have the right to withdraw and / or amend any part of this Policy or the entire Policy, at any time, as it deems fit, or from time to time, and the decision of the Board in this respect shall be final and binding. Any subsequent amendment/modification in the Companies Act, 2013 or the Rules framed thereunder or the Listing Regulations and/or any other laws in this regard shall automatically apply to this Policy.
- 7. Communication of this Policy
This Policy shall be posted on the website of the Company i.e. www.experientialetc.com