This document outlines Sun Pharmaceutical Industries Limited's Enterprise Risk Management policy. It defines key aspects of the company's ERM framework, including the following:
1. It establishes an ERM framework in accordance with international risk management standards to proactively manage risks across the company.
2. Key components of the framework include risk identification, assessment, treatment, monitoring, and accountability. Risk owners are responsible for managing risks in their areas.
3. The policy defines roles for the board, risk management committee, internal audit team, function heads, risk coordinators, and risk owners in implementing and maintaining the ERM system.
4. Risk appetite statements define thresholds for financial impacts and qualitative parameters to guide
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
Investors in Risk Management provides expert-driven risk maturity assessment services to assess and improve the risk management maturity using our Risk Management Maturity Model (RMMM) to mitigate the impact of uncertainty on business objectives.
This document outlines 8 key drivers of effective enterprise risk management: 1) having a clear risk management strategy, 2) properly assigning risk ownership, 3) ensuring all roles have the proper competencies, 4) applying risk management to strategic decision making, 5) establishing processes for day-to-day operations, 6) ongoing monitoring, 7) periodic internal audits, and 8) establishing a strong risk culture with proper board oversight. Effective risk management requires addressing all these aspects and aligning them with the organization's objectives.
Practical approach to Risk Based Internal AuditManoj Agarwal
The document provides an overview of risk based internal auditing. It discusses key concepts like the definition of risk, COSO ERM framework, three lines of defense model, definition of internal audit, and risk based internal audit approach. The approach involves identifying the audit universe and processes, risk identification and assessment, risk scoring and heat mapping, developing the risk based internal audit plan, and executing the plan. Various tools for risk based auditing like the audit tracker, audit report templates, and resources are also outlined.
Enterprise risk management (ERM) is a process that helps organizations identify, assess, and manage risks to achieving their objectives. It involves identifying risks across strategic, operational, reporting and compliance categories and developing a portfolio view of risks from a business unit and entity level. The ERM process also includes establishing risk management philosophies, setting risk appetites, identifying and assessing risks, developing risk responses, monitoring risks, and oversight from management.
This document summarizes a presentation on the new APRA Prudential Standard CPS 220 on risk management. Key points include:
- CPS 220 requires banks and insurers to implement a risk management framework with clear roles, policies, and oversight by the Board.
- The framework must include risk appetite, a risk management strategy, and identify material risks.
- APRA introduced these new standards following the global financial crisis to strengthen risk governance and culture in the financial sector.
The document discusses implementing an enterprise risk management (ERM) methodology and tools. It proposes assessing business risks, developing risk response strategies, and monitoring risk management processes. Key activities include identifying risks, measuring impact and likelihood, developing risk action plans, and monitoring risk responses. The goal is to gain consensus on an ERM approach that aligns enterprise and IT risks with the organization's strategy and risk appetite.
1. COSO Enterprise Risk Management (ERM) is a framework that helps companies consistently define and manage risks across the organization. It involves identifying, assessing, and responding to risks in a way that helps the company achieve its objectives.
2. The COSO ERM framework is represented as a cube with four columns of strategic objectives, eight rows of risk components, and multiple levels to describe the enterprise. It includes components like internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring.
3. Control activities are policies and procedures that ensure risks are mitigated, such as separating duties and documentation. Information & communication ensures relevant information is shared to allow people
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
Investors in Risk Management provides expert-driven risk maturity assessment services to assess and improve the risk management maturity using our Risk Management Maturity Model (RMMM) to mitigate the impact of uncertainty on business objectives.
This document outlines 8 key drivers of effective enterprise risk management: 1) having a clear risk management strategy, 2) properly assigning risk ownership, 3) ensuring all roles have the proper competencies, 4) applying risk management to strategic decision making, 5) establishing processes for day-to-day operations, 6) ongoing monitoring, 7) periodic internal audits, and 8) establishing a strong risk culture with proper board oversight. Effective risk management requires addressing all these aspects and aligning them with the organization's objectives.
Practical approach to Risk Based Internal AuditManoj Agarwal
The document provides an overview of risk based internal auditing. It discusses key concepts like the definition of risk, COSO ERM framework, three lines of defense model, definition of internal audit, and risk based internal audit approach. The approach involves identifying the audit universe and processes, risk identification and assessment, risk scoring and heat mapping, developing the risk based internal audit plan, and executing the plan. Various tools for risk based auditing like the audit tracker, audit report templates, and resources are also outlined.
Enterprise risk management (ERM) is a process that helps organizations identify, assess, and manage risks to achieving their objectives. It involves identifying risks across strategic, operational, reporting and compliance categories and developing a portfolio view of risks from a business unit and entity level. The ERM process also includes establishing risk management philosophies, setting risk appetites, identifying and assessing risks, developing risk responses, monitoring risks, and oversight from management.
This document summarizes a presentation on the new APRA Prudential Standard CPS 220 on risk management. Key points include:
- CPS 220 requires banks and insurers to implement a risk management framework with clear roles, policies, and oversight by the Board.
- The framework must include risk appetite, a risk management strategy, and identify material risks.
- APRA introduced these new standards following the global financial crisis to strengthen risk governance and culture in the financial sector.
The document discusses implementing an enterprise risk management (ERM) methodology and tools. It proposes assessing business risks, developing risk response strategies, and monitoring risk management processes. Key activities include identifying risks, measuring impact and likelihood, developing risk action plans, and monitoring risk responses. The goal is to gain consensus on an ERM approach that aligns enterprise and IT risks with the organization's strategy and risk appetite.
1. COSO Enterprise Risk Management (ERM) is a framework that helps companies consistently define and manage risks across the organization. It involves identifying, assessing, and responding to risks in a way that helps the company achieve its objectives.
2. The COSO ERM framework is represented as a cube with four columns of strategic objectives, eight rows of risk components, and multiple levels to describe the enterprise. It includes components like internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring.
3. Control activities are policies and procedures that ensure risks are mitigated, such as separating duties and documentation. Information & communication ensures relevant information is shared to allow people
The document discusses COSO's Enterprise Risk Management framework. It defines ERM and explains why it is important for managing risks and uncertainties to achieve organizational objectives. The framework establishes eight components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It provides guidance on implementing ERM.
Risk management is an increasingly important
business driver and stakeholders have become
much more concerned about risk. Risk may be a
driver of strategic decisions, it may be a cause of
uncertainty in the organisation or it may simply be
embedded in the activities of the organisation. An
enterprise-wide approach to risk management
enables an organisation to consider the potential
impact of all types of risks on all processes,
activities, stakeholders, products and services.
Implementing a comprehensive approach will
result in an organisation benefiting from what is
often referred to as the ‘upside of risk’.
This document discusses COSO's Enterprise Risk Management (ERM) framework. It defines ERM and explains its importance in supporting value creation. The framework consists of 8 components - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It emphasizes taking a portfolio view of risk and considering risks at the entity, division, and business unit levels. The roles of management, the board, risk officers, and internal auditors in ERM are also outlined.
This document discusses COSO's Enterprise Risk Management framework. It defines ERM as a process designed to identify potential events that may affect an entity and manage risks within its risk appetite. The framework consists of 8 components: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It is designed to help an organization achieve its objectives and create value for stakeholders. Internal auditors play an important role in monitoring and evaluating the effectiveness of an organization's ERM.
Risk Management Guidelines for Islamic Banking Institutions Mazhar Ali
This document provides draft risk management guidelines for Islamic banking institutions in Pakistan. It was created by the Islamic Banking Department of the State Bank of Pakistan.
The document outlines seven categories of risk that Islamic banks need to manage: credit risk, equity investment risk, market risk, liquidity risk, rate of return risk, and operational risk. For each risk category, it provides definitions and high-level principles for risk management.
It emphasizes the need for strong board and senior management oversight of risk management. It also stresses the importance of having comprehensive risk identification, measurement, monitoring and control processes in place. The overall aim is to establish best practices for managing the unique risks involved in Islamic banking.
This document provides draft risk management guidelines for Islamic banking institutions in Pakistan. It was created by the Islamic Banking Department of the State Bank of Pakistan.
The document outlines seven categories of risk that Islamic banks should manage: credit risk, equity investment risk, market risk, liquidity risk, rate of return risk, and operational risk. For each risk category, it provides definitions and high-level principles for risk management.
It emphasizes the importance of board and senior management oversight of risk management. It also stresses the need to separately assess risks for different Islamic financing contracts, which have varying risk profiles depending on their stage. Overall, the guidelines aim to establish comprehensive risk management practices for Islamic banks operating in Pakistan.
The document discusses enterprise risk management (ERM) and outlines its importance for public companies. It notes that ERM processes have been mandated by regulators to enhance oversight of financial reporting risk and to improve risk-related disclosures. Proper ERM implementation requires identifying risks, assessing their likelihood and impact, prioritizing them, mitigating major risks, and regularly reporting to management and boards. Frameworks like COSO provide guidance on establishing comprehensive ERM programs.
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
The document provides an overview of risk management and enterprise risk management (ERM). It discusses how ERM involves a comprehensive framework for identifying, prioritizing, mitigating, and monitoring risks across an entire organization. The key steps in developing an ERM program include choosing a risk management framework, identifying risks, prioritizing them based on likelihood and impact, developing risk mitigation strategies, implementing controls, and ongoing monitoring and reporting of risks. Popular frameworks mentioned are COSO and ISO 31000. Benefits of implementing a formal ERM program include improved risk awareness and decision making, a standardized approach to managing risks, and potential cost savings.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
The document outlines Peter Moore's presentation on creating value through enterprise risk management. It discusses barriers to success like poor frameworks and engagement. It also covers risk management frameworks, focusing on simplicity and intuitiveness. Other sections explain risk appetite and tolerance, integrating risk management into business processes, and using key risk indicators to monitor risks. The goal is to establish a clear risk framework that creates value by better informing decision-making and resource allocation.
This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management (IRM).
Furthermore, the group looked for the perspectives and assessments of a large number of other expert bodies with interests in risk the executives, during a broad time of meeting.
The document provides guidelines for insurance companies in Ethiopia to manage inherent risks as the National Bank of Ethiopia transitions to a risk-based supervision model. It defines eight significant inherent risks for insurers, including credit, market, liquidity, underwriting, technical reserves, operational, contagion, and reinsurance risks. The guidelines outline roles and responsibilities for boards of directors, management, and other parties in developing risk management programs and policies to monitor and control these risks on an ongoing basis. The aim is to help insurers safely and soundly manage risks to support Ethiopia's economic development.
Welcome to Bank Gaborone Limited. What makes us a particularly interesting company is not that we are owned by Capricorn Group but that we are the first green field operation in the history of the diversified Capricorn Group of companies.
This document provides an overview of operational risk management frameworks and control self-assessment processes. It defines risk management and outlines common risk management frameworks. It then describes a control self-assessment framework that includes setting objectives, assessing risks and controls, analyzing results, and monitoring risks on an ongoing basis. The framework is intended to help managers assess risks and controls in a transparent way and provide regular reporting to senior management.
This Risk Management Standard is the
result of work by a team drawn from the
major risk management organisations in
the UK - The Institute of Risk
Management (IRM),The Association of
Insurance and Risk Managers (AIRMIC)
and ALARM The National Forum for
Risk Management in the Public Sector.
In addition, the team sought the views and
opinions of a wide range of other
professional bodies with interests in risk
management, during an extensive period
of consultation.
Relevance of ISO 31000 for risk professionals.pptxCaptSameerSharma
We live in a complex and dynamic world, and the demands on physical security have increased dramatically.
As the world is constantly changing, the challenges faced by security leaders change as well.
Risk management is now at the forefront of discussion and risk analysis has become the basis for strategic security planning in most organizations.
Historical and current security-related data is fundamental.
Capturing current, complete and insightful data from regional, local, and open sources and blending it with data sourced from the organization’s internal security systems aids in designing an effective security operations framework in effective manner.
Experienced security experts who have had meaningful experience in the area of threat and risk assessment for a decade or more recognize the power of harnessing big data to risk analysis and are bringing solutions that do just that in innovative and ground-breaking ways.
Data models have to be built and designed in such a way that can help to derive and produce better intelligence of what is available today. Patterns and behaviors can help understand, manage, or predict the forces that drive them.
Even predictable patterns and behavior can still be challenging to identify consistently. Designing an adequate data model to manage this risk type is a challenge the security industry has long faced.
Now there exist "The Phantom Menace" that are risks that are already materializing but with losses that haven’t been recognized yet, so they are not captured within the ambit of the security operation data model that is being devised.
The nature of a loss can usually be credited to the specific type of risk that has materialized.
If the operational risk data model captures only losses that have arisen in the past, the model will not reflect the current risk exposure of the institution and potential future loss.
So what is the solution? We might have to revisit the foundation of the operational risk data model, including the data we collect to identify patterns and behaviors.
A case in point is marketing research, what does it involve? Collection and assimilation of potential customer’s data which includes basic or identity Data, engagement, behavioral and attitudinal data, for new product or service launch.
In security operations risk management, we should emulate the similar success and begin to collect wide-ranging data through systems, applications, processes, and human interactions, then derive meaningful patterns and behaviors in line with the unique security risk challenges of organizations and lines of business.
Only through the collection of this data at the broadest level can we identify patterns and behaviors and thus determine which data is truly risk-sensitive. We should look beyond losses if we hope to accurately determine the operational risk exp
Enterprise Risk Management (ERM); From theory to practiceSegun Ogunwale
This document outlines the theory and practice of enterprise risk management (ERM). It discusses how ERM works differently in private versus public sector organizations due to differences in goals and risk tolerance. The document proposes a framework for implementing ERM with five phases: risk governance, risk assessment, risk quantification, risk monitoring and reporting, and risk optimization. It also describes steps to implement ERM such as obtaining buy-in, building an ERM foundation, conducting risk assessments, ongoing monitoring, and developing reporting. Roadblocks to implementation like resistance to change are also addressed.
8.4 PERFORMANCE QUALIFICATION PROTOCOL FOR DISPENSING BOOTH (1).pdfabdo badr
The document provides a performance qualification protocol for a dispensing booth supplied by Pharma Engineers in Hyderabad, India. It outlines five tests to be conducted: 1) filter integrity, 2) air velocity, 3) airflow visualization, 4) particle counting, and 5) certification of results. The objective is to qualify and certify the performance of the dispensing booth according to specifications. Key details provided include equipment dimensions, test methods, acceptance criteria, and test result tables.
The document discusses three proposals:
1. The first proposal is for 8 people to share airline tickets.
2. The second proposal suggests 4 people share half of the airline tickets.
3. The third proposal discusses sending staff from Hansella Bearing to Germany and Portugal, including the total number of staff and tickets that would be provided.
The proposals aim to save on accommodation costs for 3 people over 2 weeks due to current economic conditions.
More Related Content
Similar to Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
The document discusses COSO's Enterprise Risk Management framework. It defines ERM and explains why it is important for managing risks and uncertainties to achieve organizational objectives. The framework establishes eight components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It provides guidance on implementing ERM.
Risk management is an increasingly important
business driver and stakeholders have become
much more concerned about risk. Risk may be a
driver of strategic decisions, it may be a cause of
uncertainty in the organisation or it may simply be
embedded in the activities of the organisation. An
enterprise-wide approach to risk management
enables an organisation to consider the potential
impact of all types of risks on all processes,
activities, stakeholders, products and services.
Implementing a comprehensive approach will
result in an organisation benefiting from what is
often referred to as the ‘upside of risk’.
This document discusses COSO's Enterprise Risk Management (ERM) framework. It defines ERM and explains its importance in supporting value creation. The framework consists of 8 components - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It emphasizes taking a portfolio view of risk and considering risks at the entity, division, and business unit levels. The roles of management, the board, risk officers, and internal auditors in ERM are also outlined.
This document discusses COSO's Enterprise Risk Management framework. It defines ERM as a process designed to identify potential events that may affect an entity and manage risks within its risk appetite. The framework consists of 8 components: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It is designed to help an organization achieve its objectives and create value for stakeholders. Internal auditors play an important role in monitoring and evaluating the effectiveness of an organization's ERM.
Risk Management Guidelines for Islamic Banking Institutions Mazhar Ali
This document provides draft risk management guidelines for Islamic banking institutions in Pakistan. It was created by the Islamic Banking Department of the State Bank of Pakistan.
The document outlines seven categories of risk that Islamic banks need to manage: credit risk, equity investment risk, market risk, liquidity risk, rate of return risk, and operational risk. For each risk category, it provides definitions and high-level principles for risk management.
It emphasizes the need for strong board and senior management oversight of risk management. It also stresses the importance of having comprehensive risk identification, measurement, monitoring and control processes in place. The overall aim is to establish best practices for managing the unique risks involved in Islamic banking.
This document provides draft risk management guidelines for Islamic banking institutions in Pakistan. It was created by the Islamic Banking Department of the State Bank of Pakistan.
The document outlines seven categories of risk that Islamic banks should manage: credit risk, equity investment risk, market risk, liquidity risk, rate of return risk, and operational risk. For each risk category, it provides definitions and high-level principles for risk management.
It emphasizes the importance of board and senior management oversight of risk management. It also stresses the need to separately assess risks for different Islamic financing contracts, which have varying risk profiles depending on their stage. Overall, the guidelines aim to establish comprehensive risk management practices for Islamic banks operating in Pakistan.
The document discusses enterprise risk management (ERM) and outlines its importance for public companies. It notes that ERM processes have been mandated by regulators to enhance oversight of financial reporting risk and to improve risk-related disclosures. Proper ERM implementation requires identifying risks, assessing their likelihood and impact, prioritizing them, mitigating major risks, and regularly reporting to management and boards. Frameworks like COSO provide guidance on establishing comprehensive ERM programs.
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
The document provides an overview of risk management and enterprise risk management (ERM). It discusses how ERM involves a comprehensive framework for identifying, prioritizing, mitigating, and monitoring risks across an entire organization. The key steps in developing an ERM program include choosing a risk management framework, identifying risks, prioritizing them based on likelihood and impact, developing risk mitigation strategies, implementing controls, and ongoing monitoring and reporting of risks. Popular frameworks mentioned are COSO and ISO 31000. Benefits of implementing a formal ERM program include improved risk awareness and decision making, a standardized approach to managing risks, and potential cost savings.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
The document outlines Peter Moore's presentation on creating value through enterprise risk management. It discusses barriers to success like poor frameworks and engagement. It also covers risk management frameworks, focusing on simplicity and intuitiveness. Other sections explain risk appetite and tolerance, integrating risk management into business processes, and using key risk indicators to monitor risks. The goal is to establish a clear risk framework that creates value by better informing decision-making and resource allocation.
This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management (IRM).
Furthermore, the group looked for the perspectives and assessments of a large number of other expert bodies with interests in risk the executives, during a broad time of meeting.
The document provides guidelines for insurance companies in Ethiopia to manage inherent risks as the National Bank of Ethiopia transitions to a risk-based supervision model. It defines eight significant inherent risks for insurers, including credit, market, liquidity, underwriting, technical reserves, operational, contagion, and reinsurance risks. The guidelines outline roles and responsibilities for boards of directors, management, and other parties in developing risk management programs and policies to monitor and control these risks on an ongoing basis. The aim is to help insurers safely and soundly manage risks to support Ethiopia's economic development.
Welcome to Bank Gaborone Limited. What makes us a particularly interesting company is not that we are owned by Capricorn Group but that we are the first green field operation in the history of the diversified Capricorn Group of companies.
This document provides an overview of operational risk management frameworks and control self-assessment processes. It defines risk management and outlines common risk management frameworks. It then describes a control self-assessment framework that includes setting objectives, assessing risks and controls, analyzing results, and monitoring risks on an ongoing basis. The framework is intended to help managers assess risks and controls in a transparent way and provide regular reporting to senior management.
This Risk Management Standard is the
result of work by a team drawn from the
major risk management organisations in
the UK - The Institute of Risk
Management (IRM),The Association of
Insurance and Risk Managers (AIRMIC)
and ALARM The National Forum for
Risk Management in the Public Sector.
In addition, the team sought the views and
opinions of a wide range of other
professional bodies with interests in risk
management, during an extensive period
of consultation.
Relevance of ISO 31000 for risk professionals.pptxCaptSameerSharma
We live in a complex and dynamic world, and the demands on physical security have increased dramatically.
As the world is constantly changing, the challenges faced by security leaders change as well.
Risk management is now at the forefront of discussion and risk analysis has become the basis for strategic security planning in most organizations.
Historical and current security-related data is fundamental.
Capturing current, complete and insightful data from regional, local, and open sources and blending it with data sourced from the organization’s internal security systems aids in designing an effective security operations framework in effective manner.
Experienced security experts who have had meaningful experience in the area of threat and risk assessment for a decade or more recognize the power of harnessing big data to risk analysis and are bringing solutions that do just that in innovative and ground-breaking ways.
Data models have to be built and designed in such a way that can help to derive and produce better intelligence of what is available today. Patterns and behaviors can help understand, manage, or predict the forces that drive them.
Even predictable patterns and behavior can still be challenging to identify consistently. Designing an adequate data model to manage this risk type is a challenge the security industry has long faced.
Now there exist "The Phantom Menace" that are risks that are already materializing but with losses that haven’t been recognized yet, so they are not captured within the ambit of the security operation data model that is being devised.
The nature of a loss can usually be credited to the specific type of risk that has materialized.
If the operational risk data model captures only losses that have arisen in the past, the model will not reflect the current risk exposure of the institution and potential future loss.
So what is the solution? We might have to revisit the foundation of the operational risk data model, including the data we collect to identify patterns and behaviors.
A case in point is marketing research, what does it involve? Collection and assimilation of potential customer’s data which includes basic or identity Data, engagement, behavioral and attitudinal data, for new product or service launch.
In security operations risk management, we should emulate the similar success and begin to collect wide-ranging data through systems, applications, processes, and human interactions, then derive meaningful patterns and behaviors in line with the unique security risk challenges of organizations and lines of business.
Only through the collection of this data at the broadest level can we identify patterns and behaviors and thus determine which data is truly risk-sensitive. We should look beyond losses if we hope to accurately determine the operational risk exp
Enterprise Risk Management (ERM); From theory to practiceSegun Ogunwale
This document outlines the theory and practice of enterprise risk management (ERM). It discusses how ERM works differently in private versus public sector organizations due to differences in goals and risk tolerance. The document proposes a framework for implementing ERM with five phases: risk governance, risk assessment, risk quantification, risk monitoring and reporting, and risk optimization. It also describes steps to implement ERM such as obtaining buy-in, building an ERM foundation, conducting risk assessments, ongoing monitoring, and developing reporting. Roadblocks to implementation like resistance to change are also addressed.
Similar to Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf (20)
8.4 PERFORMANCE QUALIFICATION PROTOCOL FOR DISPENSING BOOTH (1).pdfabdo badr
The document provides a performance qualification protocol for a dispensing booth supplied by Pharma Engineers in Hyderabad, India. It outlines five tests to be conducted: 1) filter integrity, 2) air velocity, 3) airflow visualization, 4) particle counting, and 5) certification of results. The objective is to qualify and certify the performance of the dispensing booth according to specifications. Key details provided include equipment dimensions, test methods, acceptance criteria, and test result tables.
The document discusses three proposals:
1. The first proposal is for 8 people to share airline tickets.
2. The second proposal suggests 4 people share half of the airline tickets.
3. The third proposal discusses sending staff from Hansella Bearing to Germany and Portugal, including the total number of staff and tickets that would be provided.
The proposals aim to save on accommodation costs for 3 people over 2 weeks due to current economic conditions.
The Validation Master Plan (VMP) outlines the company's approach to validation. It defines responsibilities, schedules, and documentation requirements for qualification of facilities, equipment, and processes. The VMP ensures management understands validation needs and the validation team understands their tasks. Key elements include qualification protocols for equipment operational performance and process validation protocols to demonstrate processes consistently meet requirements. The VMP is a living document that is updated with changes to facilities, equipment, or processes.
The document discusses various aspects of cleaning validation including selecting a cleaning method, establishing acceptance criteria, selecting worst case scenarios for equipment and products, determining storage periods, and sampling methods. It provides details on calculating maximum allowable residue limits based on therapeutic doses and batch sizes. For their facilities, the company selected a manual cleaning method and swab sampling due to product diversity, validation of automated equipment, and trained staff. Contamination limits are below 10 ppm or based on visual detection of 4 micrograms per square centimeter.
This document summarizes ISPE's guides on cleaning and cleaning validation. It discusses ISPE's Risk-MaPP guide and how it introduces health-based limits for residues that are applied to cleaning. It also provides an overview of the status of ISPE's Cleaning Baseline Guide, explaining that it did not receive sufficient regulatory review to be published as a Baseline Guide. Finally, it announces that ISPE is forming a team to develop a new Good Practice Guide on cleaning that will provide specific guidance and examples on cleaning practices and validation.
This document discusses filling capsules and blisters with powder for inhalation. It describes various dosing systems like dosators, vacuum drums, and membrane fillers. Dosators are a flexible and established technology but can have issues like sticking and limited accuracy. Vacuum drums and membrane fillers allow for more precise microdosing of low amounts down to 0.5mg. 100% in-line verification of dosed mass is desirable for quality and avoids underfilled units from issues like bridging. A capacitive VisioAMV sensor allows real-time mass verification during the filling process for process control. Machine integration can scale these systems from development to high-speed commercial production.
The document provides details on developing a validation master plan, including definitions of key terms like validation, qualification, and protocols. It discusses the importance and types of validation as well as the key elements, format, and content of a validation master plan. The content includes facilities, equipment, utilities, processes to be validated, responsibilities, schedules, documentation requirements, and protocols for qualification stages.
The document discusses the history and development of chocolate over centuries. It details how chocolate originated from cacao beans in South and Central America that were used as currency by early civilizations like the Mayans and Aztecs. The Spanish introduced chocolate to Europe in the 16th century, where it became popular as a drink among the elite. Chocolate production methods were refined over the following centuries to create chocolate candy and other products that are widely enjoyed around the world today.
This document contains a list of 178 tasks related to fire alarm, fire fighting, smoke and ventilation systems for 17 buildings. It includes the task name, duration, required manpower, and start and end dates for each task. The tasks involve installing conduits, cables, panels, detectors, pipes, sprinklers, and other equipment and components. Testing and commissioning is included for each system.
1) The document discusses validation of water systems for pharmaceutical use, including water quality specifications, purification methods, and commissioning, qualification, operation and maintenance of the systems.
2) It outlines various water grades including drinking water, purified water, highly purified water, and water for injections, and describes methods for producing each grade including distillation, ion exchange, ultrafiltration and reverse osmosis.
3) Validation of water systems aims to demonstrate the capability of the systems to consistently supply water meeting predetermined quality criteria through qualification testing over extended periods and under varying conditions.
This document describes the development and validation of an HPLC method for the simultaneous determination of impurities and degradation products in Cardiazol. The method utilizes gradient elution on a C18 column with UV detection at 240nm. The method was validated according to ICH guidelines and found to be specific, sensitive, linear, precise and accurate for quantifying two known impurities (Impurities A and B) and unknown degradation products. The method can also distinguish Cardiazol from degradation products formed under various stress conditions like acid/base hydrolysis and oxidation.
End-tidal carbon dioxide (ETCO2) is the level of carbon dioxide that is released at the end of an exhaled breath. ETCO2 levels reflect the adequacy with which carbon dioxide (CO2) is carried in the blood back to the lungs and exhaled.
Non-invasive methods for ETCO2 measurement include capnometry and capnography. Capnometry provides a numerical value for ETCO2. In contrast, capnography delivers a more comprehensive measurement that is displayed in both graphical (waveform) and numerical form.
Sidestream devices can monitor both intubated and non-intubated patients, while mainstream devices are most often limited to intubated patients.
Joker Wigs has been a one-stop-shop for hair products for over 26 years. We provide high-quality hair wigs, hair extensions, hair toppers, hair patch, and more for both men and women.
Michigan HealthTech Market Map 2024. Includes 7 categories: Policy Makers, Academic Innovation Centers, Digital Health Providers, Healthcare Providers, Payers / Insurance, Device Companies, Life Science Companies, Innovation Accelerators. Developed by the Michigan-Israel Business Accelerator
R3 Stem Cell Therapy: A New Hope for Women with Ovarian FailureR3 Stem Cell
Discover the groundbreaking advancements in stem cell therapy by R3 Stem Cell, offering new hope for women with ovarian failure. This innovative treatment aims to restore ovarian function, improve fertility, and enhance overall well-being, revolutionizing reproductive health for women worldwide.
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPTblessyjannu21
Prepared by Prof. BLESSY THOMAS, VICE PRINCIPAL, FNCON, SPN.
Emphysema is a disease condition of respiratory system.
Emphysema is an abnormal permanent enlargement of the air spaces distal to terminal bronchioles, accompanied by destruction of their walls and without obvious fibrosis.
Emphysema of lung is defined as hyper inflation of the lung ais spaces due to obstruction of non respiratory bronchioles as due to loss of elasticity of alveoli.
It is a type of chronic obstructive
pulmonary disease.
It is a progressive disease of lungs.
The Importance of Black Women Understanding the Chemicals in Their Personal C...bkling
Certain chemicals, such as phthalates and parabens, can disrupt the body's hormones and have significant effects on health. According to data, hormone-related health issues such as uterine fibroids, infertility, early puberty and more aggressive forms of breast and endometrial cancers disproportionately affect Black women. Our guest speaker, Jasmine A. McDonald, PhD, an Assistant Professor in the Department of Epidemiology at Columbia University in New York City, discusses the scientific reasons why Black women should pay attention to specific chemicals in their personal care products, like hair care, and ways to minimize their exposure.
This particular slides consist of- what is hypotension,what are it's causes and it's effect on body, risk factors, symptoms,complications, diagnosis and role of physiotherapy in it.
This slide is very helpful for physiotherapy students and also for other medical and healthcare students.
Here is the summary of hypotension:
Hypotension, or low blood pressure, is when the pressure of blood circulating in the body is lower than normal or expected. It's only a problem if it negatively impacts the body and causes symptoms. Normal blood pressure is usually between 90/60 mmHg and 120/80 mmHg, but pressures below 90/60 are generally considered hypotensive.
Emotional and Behavioural Problems in Children - Counselling and Family Thera...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Mental Health and well-being Presentation. Exploring innovative approaches and strategies for enhancing mental well-being. Discover cutting-edge research, effective strategies, and practical methods for fostering mental well-being.
2. ERM Policy – Synopsis
2
1. Introduction
Risk, as defined by ISO 31000:2018 (Risk Management - Principles and Guidelines), “is the effect of
uncertainty on objectives”. Enterprise Risk Management (ERM) is an integrated approach to
proactively managing risks which affect the achievement ofSun Pharmaceutical India Limited (herein
referred to as “SPIL”) vision, mission and objectives. ERM is aimed at protecting and enhancing
stakeholder value by establishing a suitable balance between harnessing opportunities and
containing risks.
SPIL is exposed to a various risk from strategic, regulatory, alliance, operational and financial
perspectives. The Board of Directors of SPIL (hereinafter referred to as the ‘Board’) are
responsible for developing an Enterprise Risk Management framework within the organization
that enables proactive identification, management, monitoring and reporting of various risks that
the organization may need to deal with. This is a requirement as per the Securities and Exchange
Board of India (Listing Obligations and Disclosure Requirements), 2015. SPIL is also required to have
an Enterprise Risk Management (hereafter ERM) framework on account of the following regulatory
requirements:
Companies Act 2013 requires that:
o Section 134: The board of directors’ report must include a statement indicating
development and implementation of a risk management policy for the company including
identification of elements of risk, if any, which in the opinion of the board may threaten
the existence of the company.
o Section 177: The audit committee shall act in accordance with the terms of reference
specified in writing by the board, which shall, inter alia, include evaluation of risk
management systems
o Schedule IV: Independent directors should satisfy themselves that systems of risk
management are robust and defensible
Applicability
ERM framework is applicable across SPIL and extends to all its business units, subsidiaries and
functions. This policy underpins our efforts to remain a competitive and sustainable company,
enhancing our operational effectiveness and creating wealth for our employees, shareholders and
stakeholders. It describes the organization’s risk management processes and sets out management
requirements in generating risk managementaction.
Whilethe risk management framework isdesignedto help the organization meet itsobjectives, there
can be no assurance that risk management activities will mitigate or prevent these, or other, risks
from occurring.
The policy will be reviewed at periodic intervals. However, updates may be made earlier if there are
any changes in the risk management regulations / standards or as may be deemed appropriate by
the management.
3. ERM Policy – Synopsis
3
2. Enterprise Risk Management Framework
The Enterprise Risk Management framework (ERM framework) refers to a set of components that
provide the foundation for designing, implementing, monitoring, reviewing and continually
improving risk management throughout the organization. The ERM framework for the organization
has been developed keeping in mind the needs of internal and external stakeholders. The
organization’s ERM framework is based on the ‘Risk Management – Principles and Guidelines’
developed by the International organization for Standardization (ISO 31000:2018 - Risk
Management Principles and Guidelines). In addition, several good practices recommended by the
Committee of Sponsoring Organizations (COSO) for ERM have also been incorporated to further the
organization’s endeavor to build world class ERM framework andprocesses.
Figure 1.1:ERM framework
Componentsof theERMFramework
The ERM framework at SPIL consists of the following components/phases:
1. Risk Identification: Function heads identify internal and external events that may have an
adverse impact on the achievement of our Company’s objectives. These risks are captured in
the form of a risk register with all the relevant information such as risk description, root cause
and any existing mitigation plans.
4. ERM Policy – Synopsis
4
2. Risk Assessment: Risks identified are assessed/ rated on likelihood and impact based on
the risk appetite defined for SPIL by senior management members. Based on the risk rating,
top risks for the organization are prioritized for developing the risk mitigation plan.
3. Risk Treatment: Mitigation plans are developed by respective risk owners for risks owned by
them. Well defined action plans are agreed upon with timelines for implementation. Mitigation
plans are discussed with the senior management to seek buy-in and approval
4. Risk Monitoring: Management defines a periodic process for reviewing risks and their mitigation
plans. It also defines the Risk Management roles and responsibilities across the organization. The
Risk management committee reviews the status against the action plans agreed with the risk
owners. Periodically an update is provided to the Board and Audit committee on the risks.
Similarly, there is a defined process to ensure that new risks are escalated appropriately and
existing risks are reviewed periodically considering the change in the business environment. In case
of adverse events, management shall apprise all relevant stakeholders of the same. Based on the
materiality of the event, management may also share updates with the Board. In any case, every
six months, the Board shall be apprised of any new risks that may have emerged during the period
Accountability
Individual Functional heads are responsible for managing risks owned by them. They are
responsible to identify and implement risk mitigation plans in line with leading industry
practices/trends or as adopted / agreed by senior management to bring those risks within tolerable
limits. Select risk management teams are listed below along with the areas of risk for which they
may have responsibility.
5. ERM Policy – Synopsis
5
3. Risk Management organization structure
The Risk Management Organization structure (RMO) defines the roles and responsibilities of key
internal stakeholders for developing, implementing and maintain the ERM initiative on an ongoing
basis. The RMO aligns individuals, teams and functions with the intent of establishing responsibility
and accountability with regard to:
1. Monitoringeffective implementation of the ERM framework
2. Update the ERM framework and its components on an ongoing basis based on business needs
3. Embedding ERM into the organization’s culture
The overall structure and roles for the ERM framework is summarized below:
Figure 1.2:Risk Management Organization Structure
6. ERM Policy – Synopsis
6
4. Roles and Responsibilities of key stakeholders
Summarized roles and responsibilities of key stakeholders are enumerated below.
Stakeholder Summarized Roles and Responsibilities
Board of
Directors /
Audit
Committee
• Review the risk management related inputs basis framework
periodically and provide feedback for improvements if any
• Evaluate effectiveness of the ERM framework adopted by the
management
• Provide necessary guidance to Risk Management Committee for
effective monitoring of risks
• Approve the risk management framework and policy for SPIL in
coordination with the Risk Management Committee
• Provide overall oversight and direction to the risk management process
including inputs and oversight on key strategic risks
Risk
Management
Committee
(RMC)
• Formulate a detailed Risk Management Policy that includes
• A framework to identify the internal and external risks covering
financial, operational, sectoral, sustainability, information or cyber
security related risks or other risks determined by the Risk
Management Committee
• Measures for risk mitigation including systems and processes for
internal control of identified risks
• Business Continuity Plan
• Ensure that appropriate methodology, process and systems are in
place to monitor and assess the company’s business risks
• Monitor and oversee the implementation of risk management policy;
evaluate the adequacy of ERM systems
• Review the risk management policy at least once in two years,
including by considering the changing industry dynamics and evolving
complexity
• Keep the board of directors informed about the nature and content of
its discussions, recommendations and actions to be taken
• Review status of treatment plans implemented for prioritized risks.
• Provide inputs and support in performing risk management activities
in coordination with the Audit Committee. Establish procedures and
timelines for various risk management activities
7. ERM Policy – Synopsis
7
Stakeholder Summarized Roles and Responsibilities
Global
Internal
Audit
• Maintain the risk register for all functions, business units,
subsidiaries and countries
• Review the risk registers to ensure adequacy of risk management
• Monitor the trends and factors impacting the risk profile of the
organization, communicate the information internally and document
updates to risk register.
• Work closely with respective risk coordinators and risk owners as
well as function heads to ensure action items against each risk area
are in place.
• Facilitate implementation of the ERM framework (in liaison with the
risk coordinators) within the organization and its underlying business
units, subsidiaries and functions.
• Track progress of implementation of risk treatment plans for
significant risks
• Co-ordinate in preparation and submission of risk reports to the Risk
Management Committee and Audit Committee. Highlight any
differences of opinion
• Share feedback from Audit Committee and Risk Management
Committee to the relevant function heads, risk owners and
coordinators
• Align the Audit plan with the risk register
• Validate the effectiveness of mitigation plans
Function
Heads
• Assume primary responsibility for identifying, assessing and
managing business, operational and compliance risks within their
area of responsibility.
• Conduct periodic function meetings/ brainstorming sessions with the
below objectives:
a. Review updated risk registers for the business unit / function and
evaluates need for inclusion of new / emerging risks
b. Check status of implementation measures and effectiveness of
existing controls. Implement additional measures to reduce risk
exposures to an acceptable level
c. Identify reasons for any risks that may have materialized and
implement action plans to strengthen the mitigating steps
d. Assist with implementation of procedures for proactive review of
risks for projects, transactions, new businesses, etc.
e. Review the potential of any risk materializing in the near future
which has a major impact for the Company
Risk
coordinator
• Coordinate risk management activities
• Facilitate and support respective functions in collaboration with the
ERM team in identifying, assessing, evaluating, prioritizing,
monitoring and reporting of risks
8. ERM Policy – Synopsis
8
Stakeholder Summarized Roles and Responsibilities
Risk Owners • Take overall responsibility for managing individual risks in line with
ERM framework.
• Coordinate with the Function heads in deciding appropriate risk
treatment plans for risks assigned
• Identify new or emerging risks and propose treatment plans on an
ongoing basis should be within the risk owner’s area of operation
• Monitor the progress of risk treatment plans on a monthly basis and
review risks on a quarterly basis and provide periodic reports to the
Function heads.
Team
members
• Work closely with the risk owner and risk coordinator in taking steps
to mitigate / reduce the risk
9. ERM Policy – Synopsis
9
5. Risk Appetite
Risk appetite is the amount of risk that the organization is willing to pursue or retain in pursuit of
its objectives. In other words, the organization will take risks which do not result in the breach of
its appetite. The risk appetite statements are articulated under three key parameters
Financial parameters which provide the threshold in terms of
1. Impact on targeted annual sales
2. Impact on annual budgeted profit (EBITDA)
Other qualitative/reputational parameters have been articulated that set out the appetite with
regard to
1. Environment, Health and Safety
2. Businessdisruption
3. Legal and Regulatory matters
4. Media/ general public
Risk appetite shall form an integral part of the risk management framework to demonstrate
common understanding of the same, and to consistently measure risks across the organization.