Integrated Annual Report 2021-22
Risk management
Mitigating risks, augmenting opportunities

As a large-scale integrated power player operating in a dynamic environment, we are prone to externalities that can impact our value creation. To mitigate our imminent and long-term risks, we follow Enterprise Risk Management (ERM), which supports an efficient and risk-conscious business strategy, while laying ground to pursue opportunities.

Risk governance and management

We have devised an ever-improving and robust risk management policy, which considers our industry dynamics, emerging trends, and best-in-class risk mitigation measures. Last year, we implemented a new concept in our risk management system, termed ‘Risk Velocity’, which measures how fast a risk exposure can impact the organisation. We also ensure regular monitoring of the mitigation measures for high velocity risks. In FY22, to meet the future requirement of risk management and effective monitoring of the risk, we have upgraded to RMS 2.0, which is an advanced, fully automated online risk management system. The system will enable effective mitigation measures, monitoring, and management reporting.

We have adopted the Task Force on Climate-related Financial Disclosures (TCFD) framework and are strengthening our strategy, internal governance and risk management while transitioning to a cleaner and greener portfolio.

Risk identification and management process

Risks are identified across sector specific, technology, regulatory, commercial, financial, business, climate change and business continuity parameters

We designate a risk owner and champion responsible for structuring mitigation plans against identified risks

The outcomes of the first two stages are collectively mapped into our internal system with designated responsibilities and timelines to achieve risk-related targets

Our risk management system enables Cluster Risk Management Committees (CRMCs) to ensure seamless monitoring and review of current and future risk plans

A Risk Mitigation Completion Index (RMCI) is employed to determine and monitor the level of completion of mitigation actions

When the RMCI percentage is lower than the target, the deviation in mitigation action areas are reviewed for requisite intervention

Insights from the risk mitigation process are further incorporated in the risk plan to enable cross-functional learning across the organisation and enable efficacious risk management

Our risk register lays out concise and complete details of our identified risks and mitigation plans

Our risk management is governed by a Board-level Risk Management Committee (RMC), which comprises three Independent and two Non-Executive Directors (NED). In FY22, the RMC met three times to review critical risks and risk preparedness.

Risk compliance

Our risk management approach lends impetus to ensure compliance with relevant legislations. Additionally, we have an established proprietary software to run an effective Compliance Management System (CMS) that allows for keen monitoring of the compliance status, with regard to applicable laws and regulations. The CMS at Tata Power also provides a robust governance structure and a streamlined reporting system that ensure cohesive compliance reporting to the management. The regulatory compliance status report is presented to the Tata Power Board on a quarterly basis.

  • Compliance reports are regularly updated by the Compliance Department and independently reviewed by senior management, allowing for efficacious oversight across compliance practices
  • The CMS covers Tata Power and all material domestic subsidiaries
  • The extensive benefits of the software capture alerts that inform us of changes in laws/regulations, while also updating the database. If any legislation is no longer applicable, they are accordingly disabled in the system

Our operating context and identified risks

We have in place a dedicated internal audit function, which reviews the sustained effectiveness of Internal Financial Controls (IFC) by adopting a systematic approach. To fulfil the requirements of the Companies Act, 2013, the internal audit team has integrated IFC controls into Risk Control Matrix (RCM) of enterprise processes. IFC controls are tested as part of the approved annual internal audit plan. Review of the internal audit observations and actions taken on audit observations indicate zero adverse observations having material impact on financials and no material non-compliances, which have not been acted upon.

As a process, we have also continued Control Self- Assessment (CSA) through an internally developed online tool, whereby responses of all process owners are used to assess the effectiveness of internal controls in each process. This supports CEO/CFO certifications for internal controls.

Key risks and their mitigation

Details of our identified risks, mitigation strategy and linkage to our strategic business objectives are provided below.

Risk category

Description

Mitigation strategy

Strategic Linkage

Risk category

Sectorspecific

Description

  • Poor financial performance of state Discoms
  • Creditworthiness and business continuity of the customers

Mitigation strategy

  • Close monitoring of Discoms
  • Sustained advocacy with authorities
  • Diversification of renewable portfolio across various procurers, tariff structures and states

Strategic Linkage


Risk category

Technology

Description

  • Cybersecurity risk having the potential to impede operational transactions

Mitigation strategy

  • Automated detection and preventive solutions
  • Reinforcement of security policies and procedures
  • Enterprise-wide training and awareness programs on information security
  • Inputs from Computer Emergency Response Team (CERT) and other private cyber intelligence agencies
  • Periodic testing to validate effectiveness of controls through vulnerability assessment and penetration testing
  • Regular internal and external audits
  • Investment in cyber insurance
  • ISO27001 certification for Digitalisations & Information Technology (D&IT). Currently, certification is done at Corporate level and in one of our subsidiaries
  • Implementation of Security Operations Centre (SOC) as service

Strategic Linkage


Risk category

Regulatory

Description

  • Mundra coal under-recovery
  • Continuity of businesses, post expiry of PPAs
  • Water securitisation of hydro plants: risk of reduced generation
  • Risk of violating environment norms
  • Non-cost-reflective tariff, leading to accumulation of regulatory assets
  • Change in normative allowances - O&M cost and ROE

Mitigation strategy

  • Advocacy with Mundra power procurers and the government at various levels
  • Advocacy with the Ministry and regulatory bodies at various levels
  • New avenues to utilise fly ash in ready mix concrete, slag cement, fertiliser etc. for 100% ash utilisations
  • Implementation of flue gas desulphurisation plant (FGD)

Strategic Linkage


Risk category

Commercial

Description

  • Non-compliance and renegotiations of PPAs
  • Risk accumulation in large projects, EPC business and rooftop solar
  • Moderation of solar and wind tariff putting pressure on margins in the renewable sector
  • Meeting Aggregated Technical and Commercial (AT&C) losses for Odisha Discoms as per the vesting order
  • Disallowance of costs / schemes in transmission

Mitigation strategy

  • Policy advocacy at the central and state levels, and legal remedial action, selective bidding and avoiding specific identified states
  • Credit risk assessment of private customers, advocacy for enforcement of payment security mechanism of letter of credit
  • Mitigation through prudent operations management, resource optimisations and prudent bidding practices
  • Focus on meter replacement, network strengthening, increasing efficiency in billing and collection and enforcement activities to avoid theft
  • Advocacy with State Transmission Utility (STU)/ regulator for acceptance of schemes through cost-benefit analysis

Strategic Linkage


Risk category

Financial

Description

  • Availability of cost- effective capital, availability of debt
  • High leverage: increased borrowings over the last few years primarily due to losses in Mundra
  • Liquidation of regulatory assets
  • Forex risk

Mitigation strategy

  • Diversification of lenders base
  • Monetisations of non-core assets
  • Advocacy with relevant government authorities
  • Advocacy with regulators and government for tariff increase
  • Ensuring prior approval of capex schemes from the regulator
  • Hedging for commodity and exchange variation

Strategic Linkage


Risk category

Business

Description

  • Availability of fuel for thermal plant at optimal cost

Mitigation strategy

  • Exploration of alternate coal sources

Strategic Linkage


Risk category

Climate change, water and Business Continuity Plan (BCP)

Description

  • Climate change linked transitional risk: possibility of capping of carbon emissions
  • Climate change linked physical risks:
    • For operations located in coastal areas
    • Rise in water temperature potentially affecting processes
    • Extreme weather events, such as floods and droughts, fuel, and water scarcity
  • Risk of pandemic and other natural disasters

Mitigation strategy

  • Comprehensive, digitised GHG tracking through ESG platform and adoption of Science Based Targets
  • Lowering of carbon intensity by focusing more on the renewable portfolio as well as venturing into energy efficient businesses like rooftop solar, EV charging, microgrids, etc
  • Improvement in operational efficiency for thermal power plants
  • Installation of pollution control and energy efficient equipment
  • Adherence to stringent design parameters (to address climate risks) while developing new projects
  • Establishment of robust Business Continuity and Disaster Management Plan (BCDMP) evidenced through recertification on ISO 2230: 2019 from the British Standards Institute (BSI)

Strategic Linkage