1

InformationBooklet

ENTERPRISE RISK MANAGEMENT

www.gpic.com

MANAGEMENT

2

First Version2009

3

In the last few months,the world financial marketshave seen tremendousturmoil, which has shakenthefoundationofthefinancialindustry,onceregardedasthemost regulated industries intheworld. No doubt this unexpectedupheaval has had an adverseeffectonmostglobalbusinessactivitiesandthepetrochemicaland fertilizer industries arebynomeansimmune. We at GPIC have alwaysbeen proactive in establishingsystems, procedures andeffective work practices toensure that allwork activitiesfallwithinagreedpoliciesandare in full compliance withapprovedlevelsofauthority.

In2007,weestablishedanEnterprise Risk ManagementCommittee (ERM) to workclosely with all departmentstofurtherenhancetheexistingsystemsdealingwithpotentialrisksandbringtheminlinewiththe recognised internationalstandards. This ERM booklet givesyoutheopportunitytorefreshyour understanding of thesystem currently in placeand encourages you to bringto the attention of the ERMCommitteeanyissuethatmaypose a potential risk to theorganization. Ilookforwardtoyourusualpositivecontributionand Iamconfidentthatwitheverybody’ssupportandvigilance,GPICwillcontinuetoeffectivelymanagerisks and enjoy a safe workenvironment.

General Manager’s Message

4

“Enterpriseriskmanagement(ERM)isaprocess,effectedby an entity’s Board ofDirectors,managementandother personnel, applied instrategy setting and acrossthe enterprise, designedto identify potential eventsthat may affect the entity,

We allmanage risks continuously throughout our lives,sometimesconsciouslyandsometimeswithout realising it.Butwhen itcomestoorganizations, riskmanagement isasystematic process by which companies identify, measureandmanagethevarioustypesofrisksinherentwithintheiroperations.

IntroductionDefinition of

ERM

andmanage risk tobewithinits risk appetite, to providereasonableassuranceregardingthe achievement of entityobjectives.”

Source: COSO: Committee of Sponsoring Organizations, Enterprise Risk Management – Integrated Framework, 2004

Portfolio Point of

View

Corporate Scandals

Advances in

Technology

More

Complicate

d

Risk

Best Practices

Regulat

ory

Actions

Industry Initiatives

Escalating Claims

Enterprise Risk Management

5

ERM Driving Forces

Recentyearshaveseenheightenedconcernandtheneedforarobustsystemtoeffectivelyidentify,assess,andmanagerisks.ThefollowingdiagramidentifiesfewofthedrivingforcesbehindtheEnterpriseRiskManagement.

6

Risk Response

ERM COSOFramework

Key Components of Effective Enterprise Risk Management

OObObObObOObbbbObObOOOO jejejejjejejejejj cctctctctcttiivivivivivvvvivvveee e eSSShShShhhhS arara ininininggggSSSShhShShhaararararininnnini ggggggg

jjj

EvEvEvEvEvEvEvEEvEvEvEvEvEvEvEvEEE enenenenenenenenenenenenenennnntttttttttttttttIdenentitiiititititi����c�c�c�caatatiionntiti�c�ca

InInInnInInIIIntettteteteterrnrnrnrnnaaalalalalalallalttEnEnnnEnEE viviviivivivivirorororororor nnmnmnmnmnmnmmeeeenennnentttttttton

MMMMoooninininiiininiiniitttototootootototorrriririnnnggg

InInnnInInnInfofofofoffoffoof rmrmmrmrmrmrmatatatattata iioioioiooioioonnnnn n nn &&&&&& && & nCCoCoCCoCC mmmmmmmmmmmununununniicicicicicicaatatattiioioioionnnnnnnnnmmmmununiici a

RiRiRiRiRiRiRiRiRiRiRiRiRRiRiRiRiR kkkkskskskskskskskskskskskskskkkkkkAssesessssmementsesesssssssmemeCoCoCoCoCoCoCoCoCooCoCoCoCoCoCCoCCCC tttntntntntntntntntntntntntnttrrrrorororororororororooroooolllllllllll

AcActiitititi iiivivititititieescctitivivititie

TheERM frameworkconsidersactivities at all levels of theorganization. i.e. Enterprise/Entity,Department,andProcesslevel. In the past GPIC wasmanagingrisksusingasiloorstandaloneapproachwherebyeach individual department/project was managing itsrisks separately. With theimplementation of ERM, GPICis now addressing risks in anintegrated and professional

ERM Framework

manner.Attheenterpriselevel,risks are currently addressedby appointing risk championswho pursue the identifiedrisks with the respective riskowners. In future,mechanismfor addressing risks at thedepartmental/businessprocesslevel will be formulated onsimilarlines,asalsostipulatedin the Company’s RiskManagement Policy (Ref: Pol/Risk/001)

7

Benefits of ERM

1 Minimize operational surprises and losses

2Improve ability to predict, identify and manage cross-enterprise risks

3Provide integrated responses to multiple risks

4 Improve information for decision making

5Improve service quality & Protect Reputation

6 Attain enterprise objectives

7Enhance good governance and transparency

8 Add and Create Shareholder value

9 Capture Opportunities

8

Inordertoprovideclearguidelinesandbroadlydescribethe RiskManagement Process at GPIC a comprehensivepolicydocument(Ref: POL/RISK/001)hasbeenpreparedand approved by the Board of Directors as per BoardResolutionNo:2/139/2008. Ref.Pol/Rev/001 Date:1March2008 Rev.:0

GPIC producesandmarketsMethanol,AmmoniaandGranularUrea. GPIC embraces the best practices and followsinternationalstandardsinconductingitsoperations. Tosafeguarditsbusinessandprotecttheinterestoftheshareholders against potential risks (categories such asstrategicrisks,financialandmarketrisks,geo-politicalrisks,operationalrisks,legalandregulatoryrisksandreputationrisks) associated with the nature of its core business,the company shall endeavour to obtain appropriateenvironmentandframeworkwhererisksattheenterpriselevel as well as at the business process and functionallevelareappropriatelyassessed,evaluatedandeffectivelymanaged. Themanagementwillprovidesupportaswellas theresourcesandtechnicalmeanstodevelopanunderstandingofbusinessriskandthemeasurestocombatandmanagetheserisksinacost-efficientmanner.Inthecaseofresidual

GPIC ERMPolicy and Guidelines

9

risks, themanagementwill establish the level towhichbusinessrisksareacceptedandborne/tolerated. The active participation of all employees in theimplementation of this policy will be sought and theworkforcewillbetrainedandfullyinformedoftheirrolesandresponsibilities,enablingthemtoeffectivelydischargetheseresponsibilities.

GPIC addresses the Risk Management process through a two tiered mechanism: 1. Enterprise Risk Management (ERM):

ERMImplementationTeamisresponsibleforidentifyingexposure,appraisalofmajorrisksattheenterpriseleveland compiling ERM Risk Profile based on the criteriaandguidelinesforriskappetiteandtolerancesetbytheManagement/ERMSteeringCommitteeandapprovedby the Managing Director / Board of Directors. AnupdatedERMRiskRegister listingtheseriskstogetherwiththerecommendationsformitigation/managementis forwarded to the General Manager who has theoverallresponsibilityforreportingannuallyontheriskmanagementframeworkandprofileofexposuretotheManagingDirectorandtheBoardofDirectorstoprovideconfidencetothemthatrisksaremanagedtothemostcost-efficientextent.

GPIC ERMPolicy and Guidelines

10

2. Business Process Risk Management (BPRM):

All Managers, Supervisors and Section Heads areresponsible for anticipating exposure and continuousappraisalofbusinessprocessrisksrelevanttotheirareaof responsibility. Business process-wise Risk Profilesarecompiledbasedon thecriteriaandguidelines forrisk appetite and tolerance set by the ERM SteeringCommittee.AnupdatedBusinessProcessRiskRegisterlistingtheseriskstogetherwiththerecommendationsfor risk mitigation/management at the most cost-efficientextentisforwardedtotheGeneralManageronaperiodicbasisforperusalandapproval.

Risk Review and MonitoringGPIC monitors its Risk Management frameworkthrough continuous improvement of its practices andactivitiesimplementedunderaregularlyreviewedsetof documented procedures. The ERM ImplementationTeam will be responsible for monitoring and annualreview of risks at the enterprise level. AllManagers,Supervisors and Section Heads will also conductcontinuousmonitoring and annual review of the riskprofiles relevant to their areas and implement therecommendationsmadetomanage/mitigatetherisks.

GPIC ERMPolicy and Guidelines

11

AccountabilityandReportingatalllevelsisrequiredtosupporttheERMprocess.Thefollowingchartgivesabriefinsight into the role of various entities in theGPIC ERMGovernanceModel.

Audit, Finance & Risk Committee:� Make policy and risk tolerance

decisions

� Approve strategies and guidelines to manage risk

Risk Owners | Risk Champions | Risk Auditors

Functional / Operating Units

� Implement strategies Im� ommunicate guidelines Co� sk Analysis & Reportin Ris� pdate Risk Catalogue Up

GPIC ERMGovernance Model

12

The GPIC ERMProcess Flow Chart

13

What is a Risk? Risk Identification

Techniques

Riskisbroadlydefinedas“anuncertaineventorconditionthat, if itoccurs,hasan impactonaproject’sorbusiness’objectives”.

The following chart shows some of the techniquesemployedtoidentifyrisks.

InInInInspspspsppecececectitititionononon

BrBraiainsnstotormrmSWSWSWSWSWWWWOOOTOTOTOTAAnAnAnAnAnAnnaalalallyyysysssisisis

CCCCCCCChhhhhhheeeeeccckkkliiiisssstttt

eeeeeeeerererererererererereeee

Questiononnanairri ee

InterrvviieewwwwIntternaalDDDooccumeennt

WoWoWooorkrkrkrkrkkkkinininininininggggggGrGrGrGrGrooouououououuuppppppp

14

STRATEGIC Risk that relates to doing the wrong thing.

OPERATIONAL Risk that relates to doing the right things in the wrong way.

BUSINESS(FINANCE/ MARKET)

Risk that relates to losing monetary resources or incurring unacceptable liability.

REPUTATION Risk that relates to the organization’s brand or image.

PEOPLE Risk associated with employees and management

INFORMATIONRisk that relates to loss or inaccuracy of data systems or reported information.

REGULATORY Risks related to regulatory environment.

GPIC Risk Categories

AllGPICEnterpriseRiskshavebeenclassifiedunderthefollowingsevenriskcategories.

15

The Risk Catalogue is the centralrepositoryforallGPIC’sEnterpriserisks.ItisamainregisterwhereallGPICrisksarecategorizedandprioritized.

TheRiskCatalogueisalivingdocumentupdatedonthebasisoffreshinputsi.e.whennewenterpriserisksareidentifiedbyanydepartmentintheorganization.Eachinputi.e.riskisassessedandanalyzedfullybygatheringallrelevantfactsanddatabefore includingintheRiskCatalogue.TheERMCommitteeisresponsibleforsafecustodyandupdatingtheERMRiskCatalogue.

ERM Risk Catalogue

16

Risk Management is everybody’s job. Everyonewhodoesanythinginthecompanyisariskmanagertosomeextent.RiskManagementisnotaonetimeprojectinfactit isacontinuousprocesswhichneedstobeseamlesslyembedded inourexistingbusinesssystemsandculture.It is therefore essential that we all develop a deeperunderstanding of the subject and exercise flexibilityand open-mindedness in our approach to adapting riskmanagementpractices.

TofurtherfacilitateandencourageparticipationintheRiskManagement process a broad system of capturingnewrisksandarchivingthemhasbeendevised,atGPIC.

Risk Management isEverybody’s Responsibility

17

Any employee in the organization can identify andsubmit a new risk by completing a short form entitled“Risk Identification and Assessment Form”(FR-ERM-01).

Process For Raising New Risks

���

��

18