Mitigating the Risks We Face

Being an integrated power company, we acknowledge the influence of external factors on our operations and long-term growth. To effectively address the challenges presented by our dynamic environment, we adopt Enterprise Risk Management (ERM) to maximise value, mitigate risks, and capitalise on opportunities. ERM ensures that our business strategy remains efficient and risk-aware.

Risk Governance and Management

We have created a comprehensive, robust, and continuously improving risk-management policy, considering our industry's dynamics, emerging trends, and best-in-class risk-mitigation measures.

In FY21, we implemented a new concept in our Risk Management System©, termed ‘Risk Velocity’, which measures how fast a risk exposure can impact the organisation. To meet the future requirements of risk management and effective monitoring of the risk, we have upgraded to RMS 2.0 which is advanced, fully automated Online Risk Management System. The system has enabled effective real time management reporting through smart dashboards which give business segment wise summarised results at a glance. The system supports in determining the Risk Mitigation Completion Index (RMCI) which measures the completion of mitigation actions against the defined target dates.

Risks are identified across sector specific, technology, regulatory, commercial, financial, business, climate change and business continuity parameters

We designate a risk owner and champion responsible for structuring mitigation plans against identified risks

The outcomes of the first two stages are collectively mapped into our internal system with designated responsibilities and timelines to achieve riskrelated targets

Our risk management system enables Cluster Risk Management Committees (CRMCs) to ensure seamless monitoring and review of current and future risk plans

A Risk Mitigation Completion Index (RMCI) is employed to determine and monitor the level of completion of mitigation actions

When the RMCI percentage is lower than the target, the deviation in mitigation action areas are reviewed for requisite intervention

Insights from the risk mitigation process are further incorporated in the risk plan to enable cross-functional learning across the organisation and enable efficacious risk management

Our risk register lays out concise and complete details of our identified risks and mitigation plans

Risk Compliance

We prioritise compliance with relevant legislation through our risk-management approach. To this end, we have developed a proprietary Compliance Management System (CMS) software that monitors compliance status with applicable laws and regulations. The CMS facilitates effective governance and reporting to management, and we present regulatory compliance status reports to the Board every quarter. Our dedicated internal audit function reviews the sustained effectiveness of our Internal Financial Controls (IFC) through a systematic approach. We have also integrated IFC controls into our Risk Control Matrix (RCM) of enterprise processes to meet the requirements of the Companies Act, 2013. Additionally, we continue to employ Control Self-Assessment (CSA) through an internally developed online tool to assess the effectiveness of internal controls in each process. The responses of all process owners support CEO/CFO certifications for internal controls.

Other key points include

  • Our Compliance Department regularly updates compliance reports, which are independently reviewed by senior management, for effective oversight across compliance practices
  • Our CMS covers Tata Power and all material domestic subsidiaries
  • The software benefits from capturing alerts that inform us of changes in laws/regulations, while updating the database. If any legislation is no longer applicable, they are accordingly disabled in the system

Key Risks and Their Mitigation

Details of our identified risks, mitigation strategy and linkage to our strategic business objectives are provided below.

Sector-specific risk
  • Poor financial performance of state Discoms
  • Creditworthiness and business continuity of the customers


  • Close monitoring of Distribution Companies (Discoms)
  • Sustained advocacy authorities
  • Diversification of renewable portfolio across various procurers, tariff structures and states


Technology risk
  • Cybersecurity risk having the potential to impede operational transactions


  • Automated detection and preventive solutions with managed detection and response
  • Secure access to internet and applications on need-to-know basis
  • Reinforcement of security policies and procedures
  • Enterprise-wide training and awareness programmes on information security
  • Vulnerability Management Programme to proactively detect vulnerabilities
  • Inputs from Computer Emergency Response Team (CERT) and other private cyber intelligence agencies
  • Periodic testing to validate effectiveness of controls through vulnerability assessment and penetration testing
  • Regular internal and external audits
  • Investment in cyber insurance
  • ISO 27001 certification for Digitalisation & Information Technology (D&IT) and one generation unit
  • Three cycles of phishing simulation exercise carried out followed by e-learning module on the same to increase awareness
  • Introduced e-learning module on Information system management system (ISMS)
  • Implementation of Security Operations Centre (SOC) as service


Regulatory risk
  • Mundra coal under-recovery
  • Water securitisation of hydro plants: Risk of reduced generation
  • Risk of violating environment norms
  • Non-cost-reflective tariff leading to accumulation of regulatory assets
  • Change in normative allowances- O&M cost & ROE


  • Advocacy with Mundra Power procurers and government at various levels
  • New avenues to utilise fly ash in ready mix concrete, slag cement, fertiliser among others for 100% ash utilisation, implementation of flue gas desulphurisation plant (FGD)


Commercial risk
  • Non-compliance and renegotiations of PPAs
  • Risk accumulation in large projects, EPC business and rooftop solar
  • Moderation of solar and wind tariff putting pressure on margin in renewable sector
  • Meeting set aggregated technical and commercial (AT&C) losses in initial years for Odisha Discoms
  • Disallowance of costs / schemes in transmission


  • Policy advocacy at the central and state level and legal remedial action, selective bidding and avoiding specific identified states
  • Credit risk assessment of private customers, advocacy for enforcement of payment security mechanism of Letter of credit
  • Mitigation through prudent operations management, resource optimisation and prudent bidding practices
  • Focus on installation of new and replacement of faulty meters, increasing efficiency in billing through network improvement and deployment of dedicated resources for identification of consumers and recovery of old arrears
  • Advocacy with State Transmission Utility (STU)/ regulator for acceptance of schemes through cost-benefit analysis


Financial risk
  • Availability of cost- effective capital: Availability of debt
  • Renewal of operating license of investments
  • Liquidation of regulatory assets
  • Forex risk


  • Diversification of lenders base
  • KPC received IUPK (extension of CCoW) being valid for ten years
  • Advocacy with regulators and government for tariff increase
  • Ensuring prior approval of capex schemes from the Regulator
  • Hedging for commodity & exchange variation


Business risk
  • Availability of fuel for thermal plant at optimal cost


  • Exploration of alternate coal sources


Climate change, water and Business Continuity Plan (BCP)
  • Climate change linked transitional risk: Possibility of capping of carbon emissions
  • Climate change linked physical risks:
    • For operations located in coastal area
    • Rise in water temperature potentially affecting processes
    • Extreme weather events such as floods and droughts, fuel, and water scarcity
  • Risk of pandemic and other natural disasters


  • Comprehensive, digitised GHG tracking through ESG platform and adoption of Science Based Targets
  • Lowering of carbon intensity by focusing more on the renewable portfolio as well as venturing into energy efficient businesses like rooftop solar, EV charging, microgrids, etc.
  • Improvement in operational efficiency for thermal power plants
  • Installation of pollution control and energy efficient equipment
  • Adherence to stringent design parameters (to address climate risks) while developing new projects
    • Protection measures against extreme weather, flooding, etc.
    • All new projects will address climate change in equipment specifications to withstand extreme weather
    • Design changes/upgrades to accommodate higher operating temperature ranges
  • Establishment of robust Business Continuity and Disaster Management Plan (BCDMP) evidenced through recertification on ISO 22301:2012 from the British Standards Institute (BSI)