Risk management
Mitigating risks, augmenting opportunities
As a large-scale integrated power player operating in a dynamic environment, we are
prone to externalities that can impact our value creation. To mitigate our imminent and
long-term risks, we follow Enterprise Risk Management (ERM), which supports an efficient
and risk-conscious business strategy, while laying ground to pursue opportunities.
Risk governance and management
We have devised an ever-improving and robust risk management policy, which considers our industry dynamics, emerging trends, and best-in-class risk mitigation measures. Last year, we implemented a new concept in our risk management system, termed ‘Risk Velocity’, which measures how fast a risk exposure can impact the organisation. We also ensure regular monitoring of the mitigation measures for high velocity risks. In FY22, to meet the future requirement of risk management and effective monitoring of the risk, we have upgraded to RMS 2.0, which is an advanced, fully automated online risk management system. The system will enable effective mitigation measures, monitoring, and management reporting.
We have adopted the Task Force
on Climate-related Financial
Disclosures (TCFD) framework and are
strengthening our strategy, internal
governance and risk management
while transitioning to a cleaner and
greener portfolio.
Risk identification and management process
Risks are identified across sector specific, technology, regulatory, commercial, financial, business, climate change and business continuity parameters
We designate a risk owner and champion responsible for structuring mitigation plans against identified risks
The outcomes of the first two stages are collectively mapped into our internal system with designated responsibilities and timelines to achieve risk-related targets
Our risk management system enables Cluster Risk Management Committees (CRMCs) to ensure seamless monitoring and review of current and future risk plans
A Risk Mitigation Completion Index (RMCI) is employed to determine and monitor the level of completion of mitigation actions
When the RMCI percentage is lower than the target, the deviation in mitigation action areas are reviewed for requisite intervention
Insights from the risk mitigation process are further incorporated in the risk plan to enable cross-functional learning across the organisation and enable efficacious risk management
Our risk register lays out concise and complete details of our identified risks and mitigation plans
Our risk management is governed by a Board-level Risk Management Committee (RMC), which comprises three Independent and two Non-Executive Directors (NED). In FY22, the RMC met three times to review critical risks and risk preparedness.
Risk compliance
Our risk management approach lends impetus to ensure compliance with relevant legislations. Additionally, we have an established proprietary software to run an effective Compliance Management System (CMS) that allows for keen monitoring of the compliance status, with regard to applicable laws and regulations. The CMS at Tata Power also provides a robust governance structure and a streamlined reporting system that ensure cohesive compliance reporting to the management. The regulatory compliance status report is presented to the Tata Power Board on a quarterly basis.
- Compliance reports are regularly updated by the Compliance Department and independently reviewed by senior management, allowing for efficacious oversight across compliance practices
- The CMS covers Tata Power and all material domestic subsidiaries
- The extensive benefits of the software capture alerts that inform us of changes in laws/regulations, while also updating the database. If any legislation is no longer applicable, they are accordingly disabled in the system
Our operating context and identified risks
We have in place a dedicated internal audit function, which reviews the sustained effectiveness of Internal Financial Controls (IFC) by adopting a systematic approach. To fulfil the requirements of the Companies Act, 2013, the internal audit team has integrated IFC controls into Risk Control Matrix (RCM) of enterprise processes. IFC controls are tested as part of the approved annual internal audit plan. Review of the internal audit observations and actions taken on audit observations indicate zero adverse observations having material impact on financials and no material non-compliances, which have not been acted upon.
As a process, we have also continued Control Self- Assessment (CSA) through an internally developed online tool, whereby responses of all process owners are used to assess the effectiveness of internal controls in each process. This supports CEO/CFO certifications for internal controls.
Key risks and their mitigation
Details of our identified risks, mitigation strategy and linkage to our strategic business objectives are provided below.
Risk category
Sectorspecific
Description
- Poor financial performance of state Discoms
- Creditworthiness and business continuity of the customers
Mitigation strategy
- Close monitoring of Discoms
- Sustained advocacy with authorities
- Diversification of renewable portfolio across various procurers, tariff structures and states
Strategic Linkage
Risk category
Technology
Description
- Cybersecurity risk having the potential to impede operational transactions
Mitigation strategy
- Automated detection and preventive solutions
- Reinforcement of security policies and procedures
- Enterprise-wide training and awareness programs on information security
- Inputs from Computer Emergency Response Team (CERT) and other private cyber intelligence agencies
- Periodic testing to validate effectiveness of controls through vulnerability assessment and penetration testing
- Regular internal and external audits
- Investment in cyber insurance
- ISO27001 certification for Digitalisations & Information Technology (D&IT). Currently, certification is done at Corporate level and in one of our subsidiaries
- Implementation of Security Operations Centre (SOC) as service
Strategic Linkage
Risk category
Regulatory
Description
- Mundra coal under-recovery
- Continuity of businesses, post expiry of PPAs
- Water securitisation of hydro plants: risk of reduced generation
- Risk of violating environment norms
- Non-cost-reflective tariff, leading to accumulation of regulatory assets
- Change in normative allowances - O&M cost and ROE
Mitigation strategy
- Advocacy with Mundra power procurers and the government at various levels
- Advocacy with the Ministry and regulatory bodies at various levels
- New avenues to utilise fly ash in ready mix concrete, slag cement, fertiliser etc. for 100% ash utilisations
- Implementation of flue gas desulphurisation plant (FGD)
Strategic Linkage
Risk category
Commercial
Description
- Non-compliance and renegotiations of PPAs
- Risk accumulation in large projects, EPC business and rooftop solar
- Moderation of solar and wind tariff putting pressure on margins in the renewable sector
- Meeting Aggregated Technical and Commercial (AT&C) losses for Odisha Discoms as per the vesting order
- Disallowance of costs / schemes in transmission
Mitigation strategy
- Policy advocacy at the central and state levels, and legal remedial action, selective bidding and avoiding specific identified states
- Credit risk assessment of private customers, advocacy for enforcement of payment security mechanism of letter of credit
- Mitigation through prudent operations management, resource optimisations and prudent bidding practices
- Focus on meter replacement, network strengthening, increasing efficiency in billing and collection and enforcement activities to avoid theft
- Advocacy with State Transmission Utility (STU)/ regulator for acceptance of schemes through cost-benefit analysis
Risk category
Financial
Description
- Availability of cost- effective capital, availability of debt
- High leverage: increased borrowings over the last few years primarily due to losses in Mundra
- Liquidation of regulatory assets
- Forex risk
Mitigation strategy
- Diversification of lenders base
- Monetisations of non-core assets
- Advocacy with relevant government authorities
- Advocacy with regulators and government for tariff increase
- Ensuring prior approval of capex schemes from the regulator
- Hedging for commodity and exchange variation
Strategic Linkage
Risk category
Business
Description
- Availability of fuel for thermal plant at optimal cost
Mitigation strategy
- Exploration of alternate coal sources
Strategic Linkage
Risk category
Climate change, water and Business Continuity Plan (BCP)
Description
- Climate change linked transitional risk: possibility of capping of carbon emissions
- Climate change linked physical risks:
- For operations located in coastal areas
- Rise in water temperature potentially affecting processes
- Extreme weather events, such as floods and droughts, fuel, and water scarcity
- Risk of pandemic and other natural disasters
Mitigation strategy
- Comprehensive, digitised GHG tracking through ESG platform and adoption of Science Based Targets
- Lowering of carbon intensity by focusing more on the renewable portfolio as well as venturing into energy efficient businesses like rooftop solar, EV charging, microgrids, etc
- Improvement in operational efficiency for thermal power plants
- Installation of pollution control and energy efficient equipment
- Adherence to stringent design parameters (to address climate risks) while developing new projects
- Establishment of robust Business Continuity and Disaster Management Plan (BCDMP) evidenced through recertification on ISO 2230: 2019 from the British Standards Institute (BSI)