Amal Ltd | Annual Report 2023-24 the Company has developed and implemented a comprehensive risk management system to ensure that risks to the continued existence of the Company as a going concern and to its growth are identified and remedied on a timely basis. While defining and developing the formalised risk management system, leading standards and practices have been considered. The risk management system is relevant to the business reality, is pragmatic and simple and involves the following: a) Risk identification and definition - Focuses on identifying relevant risks, creating | updating clear definitions to ensure undisputed understanding along with details of the underlying root causes | contributing factors. b) Risk classification - Focuses on understanding the various impacts of risks and the level of influence on their root causes. This involves identifying various processes, generating the root causes and a clear understanding of risk inter-relationships. c) Risk assessment and prioritisation - Focuses on determining risk priority and risk ownership for critical risks. This involves the assessment of the various impacts taking into consideration the risk appetite and the existing mitigation controls. d) Risk mitigation - Focuses on addressing critical risks to restrict their impact(s) to an acceptable level (within the defined risk appetite). This involves a clear definition of actions, responsibilities and milestones. e) Risk reporting and monitoring - Focuses on providing to the Audit Committee and the Board, periodic information on risk profile evolution and mitigation plans. Roles and responsibilities Governance The Board has approved the Risk Management Policy of the Company. The Company has laid down procedures to inform the Board on a) to d) listed above. The Audit Committee periodically reviews the risk management system and gives its recommendations, if any, to the Board. The Board reviews and guides the Risk Management Policy. Implementation Implementation of the Risk Management Policy is the responsibility of the Management. It ensures the functioning of the risk management system as per the guidance of the Audit Committee. The Company has a risk management oversight structure in which each sub-segment has a Chief Risk and Compliance Officer. The Management at various levels takes accountability for risk identification, appropriateness of risk analysis and timeliness as well as the adequacy of risk mitigation decisions at both individual and aggregate levels. It is also responsible for the implementation, tracking and reporting of defined mitigation plans, including periodic reporting to the Audit Committee and the Board. As per the requirements of Rule 3(1) of the Companies (Accounts) Rules 2014, the Company uses only such accounting software for maintaining its books of account that records the audit trail of all the transactions, creates an edit log of all the changes made in the books of account along with when such changes are made and by whom. This feature of recording the audit trail has operated throughout the year and was not tampered with during the year. In respect of the aforesaid accounting software, after thorough testing and validation, the audit trail was not enabled for direct data changes at the database level in view of the possible impact on the efficient performance of the system. In respect of audit trail at the database level, the Company has established and maintained an adequate internal control framework over its financial reporting and based on its assessment, concluded that the internal controls for the year ended on March 31, 2024, were effective. It is
RkJQdWJsaXNoZXIy MjA2MDI2