Entity : Greaves Cotton Limited

Division : Entity Level Controls

Financial Year : 2016-17
Process : Entity Level Controls
Control No

Fraud Risk
Type
Nature Type Nature
of
Sub - process Control Objective Risk of Entity Actual Control of of Frequency
Risk
Risk control control

EL.1 Self Assessments Internal control self-assessments are carried out in No Control environment needs to be Operational Non- IFC compliance testing are carried out on a yearly basis Manual Preventive Yearly
accordance with Board/ Audit Committee instructions. tested and reported at regular Critical and Self assessment through IA reviews are carried out
Internals as per the Audit Plan

EL.2 Delegation of Authority Approval limits, including sub-delegation of the No Unauthorised limits used by Financial Critical All authority limits are discussed on need basis during the Manual Preventive Yearly
approval limits, are periodically reviewed to reflect members of the firm APEX committee meetings and are validated for
organization changes and delegation authority is in relevance to the business needs
accordance with Greaves Cotton and BU Policies and
Procedures.

EL.3 Risk Assessments Enterprise Risk Assessment (ERA) is carried out in No Risk elements are not identified to Operational Non- Enterprise Risk Assessment is carried out periodically in Manual Detective Yearly
accordance with Business environment and are understand mitigating controls for Critical accordance with the ERM Policy by the GM of Corporate
updated during the year as the risk profile changes the same Strategy

EL.4 Record Retention Record retention is in accordance with business unit No Records are not retrievable as per Operational Non- 1. All Business records are maintained with either Manual Preventive Ongoing
and regulatory guidelines and record retention local laws and regulations Critical internally or with third party agency for archival
schedules are reviewed periodically to ensure retention 2. All legal records are kept in bank lockers for safe
periods are appropriate. keeping

EL.5 System Access System access is consistent with job responsibilities. Yes Access to carry out activities on Financial Non- 1. System access are provided as per roles and Automated Preventive Ongoing
the system without proper Critical responsibilities at the time of joining and any changes to
authorisations. the same are approved by the HOD.
2. Access is given through online tool which alos monitors
SOD conflicts.

EL.6 Segregation of Duties Segregation of duties (SOD) assessment is completed Yes Roles and responsibilities are Financial Critical A Segregation of duties review is carried out on a yearly Manual Detective Yearly
for all employees in the organization, including the conflicting to the users defined basis to highlight all conflicts and assign mitigating
identification of the specific SOD issue, the associated roles controls for the same
risk assessment and the relative compensating control
tests to mitigate the risk

EL.7 Legal Compliance Maintain a process to ensure that the entity is aware of No Non Adherence to existing laws Operational Non- All local laws and regulations are updated on the Manual Preventive Ongoing
local laws and regulations that affect the entity in order and regulations of the land Critical compliance checklist portal and the team gets updates
to monitor compliance. from Internal sources and from third party service
providers on any changes to the existing laws and
regulations

EL.8 Chops and Seals If the company uses seals or signature plates, their use No Unauthorised representations Operational Non- All Chops, Seals and Signature plates are stored securely Manual Preventive Ongoing
is logged, restricted and appropriately safeguarded . An made on behalf of the company Critical with the Company Secreatary and Legal officer.
inventory is taken to ensure all seals and signature
plates are accounted for
 Control No

Fraud Risk
Type
Nature Type Nature
of
Sub - process Control Objective Risk of Entity Actual Control of of Frequency
Risk
Risk control control

EL.9 Unilateral Rights Annual verification of the Managing Director’s (MD) No Unilateral rights would result in Operational Non- 1. MDs powers are derived by virtue of his position and Manual Preventive Yearly
corporate rights and responsibilities to ensure that giving unlimited control to an Critical are also defined by statute. In addition, he has a General
there is no unilateral rights. If mitigating controls exist individual. Power of Attorney. The powers mentioned in the PoA
for the unilateral rights, please attach the list. have been approved by the BoD.
2. The MD limits are defined in the SoA.
3. All approvals from the MD are recommended and
initiatied by the business/ function heads before they are
sent to the MD for approval.

EL.10 Confidential Information
Every employee who has access to confidential Yes Company sensitive information Operational Non- 1. Management category employees are communicated Automated Preventive Ongoing
information or export controlled data knows they are needs to be secure and protected Critical the importance of controlling Confidential Information
personally responsible for compliance with Company through letter of appointment.
policy and procedures established to safeguard it, 2. Management category employee at joining is required
including but not limited to, compliance with copyright to sign an Code of Conduct.
laws
 Control No

Fraud Risk
Type
Nature Type Nature
of
Sub - process Control Objective Risk of Entity Actual Control of of Frequency
Risk
Risk control control

EL.11 Corporate Governance- The Board comprises of the requisite number of No Non compliance to the companies Operational Non- The number of Independent directors are nominated as Manual Preventive Yearly
Listing Agreement Independent Directors as per the provisions of Clause act Critical per the requirements of Companies Act 2013
49 of the Listing Agreement and Companies Act.

EL.12 Corporate Governance- Annual self evaluation process of the Board, its No Non compliance to the companies Operational Non- Annual self Evaluation is carried out by the Board. Manual Preventive Yearly
Self Evaluation committees and Directors is carried out by Nomination act Critical
& Remuneration Committee.

EL.13 Corporate Governance-
Fraud Assessment
Management performs a high level fraud risk No Revenue loss due to Fraudulent Financial Critical IFC compliance testing are carried out on a yearly basis Manual Preventive Yearly
assessment for their business processes with regards activities and Self assessment through IA reviews are carried out
to financial reporting. Based on such assessment as per the Audit Plan based on self assessement results.
Management develops action plans to mitigate such
risks in an appropriate manner

EL.14 Corporate Governance- All related party transactions are adequately approved No Related party transactions are Operational Non- There is a Related Parties transactions policy for all Manual Preventive Yearly
Related Party in line with Clause 49 of the listing agreement and carried out without the consent of Critical transactions carried out by Related parties.
Transactions Companies Act 2013 the Board
EL.15 Corporate Governance- The company has set a CSR Committee in compliance No Non adherence to Companies act. Operational Non- There is a CSR committee formed as per the Manual Preventive Yearly
CSR with Section 135 of the Companies Act Critical requirements of the Companies Act 2013.

EL.16 Corporate Governance- To address the grievances of shareholders there is an No Non adherence to Companies act. Operational Non- There is a Stakeholder Relatonship Committee formed by Manual Preventive Yearly
Stake Holders Stakeholders Relationship Committee formed as per Critical the company as per the requirements of the Companies
Relationship Committee Section 178 of the Companies Act 2013 Act 2013.

EL.17 Code of Conduct
All new employees have been made aware of the Code No
of Conduct and are aware of the standards required.
Company must ensure compliance to SEBI (Listing
Obligations and Disclosure Requirements)
Regulations, 2015
1. Non compliance to SEBI (Listing Operational
Obligations and Disclosure
Requirements) Regulations, 2015.
2. Lack of training on policies on
companies Goals/ Vision
Non- 1. Employees are made aware of the code of conduct Manual Preventive Yearly
Critical during induction at the time of employee joining. The
same is attached with the Appointment letter.
2. All the member of BODs and senior management
personnel shall affirm compliance with the code of
conduct of BOD and senior management on an annual
basis. The listed entity shall display on its website the
code of conduct.
3. The CFO and CEO has to furnish the compliance
certificate to the best of thier knowledge and belief, no
transactions entered into by the listed entity during the
year which are fraudulent, illegal or violative of the listed
company's code of conduct.
4. Declaration signed by the CEO stating that the
members of BODs and senior management personnel
have affirmed compliance with the code of conduct of
BOD and senior management.
 Control No

Fraud Risk
Type
Nature Type Nature
of
Sub - process Control Objective Risk of Entity Actual Control of of Frequency
Risk
Risk control control

EL.18 Monthly Review Meetings Entity MD, CFO and Business CEOs / COOs meet at No All business performance related Financial Critical There are monthly review meetings (ABC) held between Manual Detective Monthly
least quarterly to discuss business practice issues issues needs to be discussed and the MD, CFO and Business CEOs / COOs. All such
have been reported to the Board/ Audit Committee highlighted for action issues are reported and discussed during the same.

EL.19 Whistle Blower Policy
The whistle blowers policy defines communication No There needs to be a formal Operational Non- The Whistle blower policy is made available to the Manual Preventive Yearly
channels channel to escalate and report all Critical employees and is also updated on the Intranet. There is a
Communication Channels (as per Whistle Blowers instances of frauds or risks to the process to escalate issues to members who are part of
Policy) are set up to facilitate individuals to report company the whistle blowers committee.
departures from policy and significant internal control
issues. These cases and action taken is also reported
to the Audit committee/ Board on a quarterly basis.

EL.20 Policy and Procedures
Greaves Cotton, BU and departmental policies and No Policies and procedures needs to Operational Non- Policies and procedures are uploaded on the Intranet and Manual Preventive Yearly
procedures are widely available to employees. (Note: be from an authorised source and Critical are sent to the IT team by the process owners for upload.
All employees should be made aware that the official stored in a secure location.
source for procedures is the Intranet site and that hard
copies are considered uncontrolled)