×
Our Enterprise Risk Management Framework periodically evaluates and monitors key risks and business processes, thereby suggesting suitable mitigation plans across different locations to maintain the robustness of our systems.
Loss of reputation/market share/margin erosion due to inadequate process framework and monitoring of risks during the project lifecycle.
Deployment of robust project management structures across business divisions to monitor and control project execution risks during project lifecycle
Multiple controls from proposal to execution stage enable the Company to take timely measures and mitigate potential risks
SO1, SO2, SO3
Inability to identify, classify, document, digitise and archive business-critical knowledge/information to ensure complete, consistent, reliable, and secure corporate data.
Adverse impact on Company’s operations due to cyber attacks and lack of firewalls, encryption, remote access controls, leading to compromise of confidential data and intellectual property.
Inability to continue/recover business operations during any crisis, and/or disaster, with minimal disruption or loss of business.
Security awareness is created through training on regular basis. Archiving and purging of unused information is carried out as per the time frame mentioned in the Data Retention Policy
Auto-classification of data is being implemented to ensure that every data is classified and treated accordingly, and the same will be completed by June 2022
Identify and access management tool with multi-factor authentication, advanced end-to-end protection, dark-web monitoring, and network DDoS protection implemented. Network isolation / segmentation and air-gap backup of data is underway
Servers and databases of all hosted applications are being upgraded, with high availability. Disaster recovery for critical applications is tested. Software compliances with software OEMs are underway Replacement of unsupported softwares are to be completed by the next financial year
SO1, SO2, SO3
There was a cyber attack on Thermax in November 2021. The ransomware attack affected some of the IT systems; however, the business-critical systems were safe due to their extra secure architecture. Systems were made live in around three days in a phased manner, after containing and isolating the infected systems; and upon ensuring corrective and preventive actions at networks, servers and end user computers. This ensured continuity of the business. Simultaneously, the IT team of Thermax also worked on restoring the data of affected systems from the backup.
Certain new security technologies were implemented to prevent any further possible attacks or loss of business information. The users are kept informed about the facts, status and precautionary measures regarding such incidents.
Impact on the entity’s financial performance / profitability due to fluctuations in the prices of commodities, arising due to various reasons such as geopolitical tension.
Negotiation with customers for passing the impact of rising commodity prices by increase in price and change in contract terms is under process
Input material is being ordered immediately on finalising the contracts with customers
Strategic investment in the ordering of raw material in anticipation of price rise
Expanding services and digital portfolio
Implementation of cost optimisation project - Agile
SO1, SO2, SO3
Impact on business dynamics due to restrictions and increase in compliances on conventional energy.
In order to mitigate the effects of climate change in the short, medium, and long term, we are developing products based on renewable energy, acquiring new technologies, and complying with statutory standards
SO1, SO2, SO3
Inability to attract talent and plan succession of people for key positions.
Leadership programmes for various positions are being implemented
Introduced ESOPs for senior executives
Successors for critical roles have been identified, and a flexible ownership-based work environment is created
Talent development journey programme for top talents is underway
Salary corrections for high performers and bringing them up to the market average are being considered
SO1, SO2, SO3
Project Execution Risk
Data Governance and Cyber Security Risk
Rise in Commodity Price - Impact to Business
Risk of Climate Change
People Risk Including Skills and Competencies