Risk Management Policy

RISK MANAGEMENT POLICY

ODYSSEY TECHNOLOGIES LIMITED

1|Page
Risk Management Policy

ODYSSEY TECHNOLOGIES LIMITED

RISK MANAGEMENT POLICY

INDEX

Sl.No. Particulars Page No.’s

1. Introduction 3
2. Policy Overview 3
3. Risk Management Framework
3.1 Risk Management Structure 3
3.2 Risk Management Program 3
3.3 Risk Categories & Mitigation Measures 4
4. Oversight and Key Risk Management Practices
A. Board 6
B. Audit Committee 6
C. Senior Management 7
D. Employees 7
5. Review of Risk Management Program 7

2|Page
Risk Management Policy

RISK MANAGEMENT POLICY

1. Introduction:
This Policy is in compliance with SEBI (Listing Obligations & Disclosure
Requirements), Regulations, 2015 and provisions of Companies Act, 2013 read
with Rules made thereunder which requires the Company to lay down
procedures about the risk assessment and risk minimization.

Odyssey Technologies Limited (the “Company”) recognizes that enterprise risk

management is an integral part of good management practice. Risk
management is an essential element in achieving business goals and deriving
benefits from market opportunities.

2. Policy Overview:
The Company’s risk management policy relates to identification, assessment,
monitoring and mitigation of various risks to our business. The policy seeks to
minimize adverse impact on our business objectives and enhance stakeholder
value. Further, our risk management practices seek to sustain and enhance
long–term competitive advantage of the Company.

3. Risk Management Framework:

3.1 Risk Management Structure:

The Audit Committee of Directors shall periodically review the risk management
policy of the Company and evaluate the risk management systems so that
management controls the risk through a properly defined network.

Head of Departments shall be responsible for implementation of the risk

management system as may be applicable to their respective areas of
functioning.

3.2 Risk Management Program:

The Company’s risk management program comprises a series of processes,
structures and guidelines which assist the Company to identify, assess, monitor
and manage its business risk including any material changes to its risk profile.

To achieve this, the Company has clearly defined the responsibility and authority
of its Board of Directors to oversee and manage the risk management program,
while conferring responsibility and authority on the Company’s senior
management to develop and maintain the risk management program in the light
3|Page
Risk Management Policy
of the day-to-day needs of the Company. Regular communication and review of
the risk management practice provides the Company with important checks and
balances to ensure the efficacy of its risk management program.

3.3 Risk categories & Mitigation Measures:

The following broad categories of risks have been considered in the risk
management framework:

 Technology Risk: Unforeseen changes in regulations, standards and technology

are the biggest risks, though by their very nature, such risks are difficult to
quantify. Changes in the regulations pertaining to PKI and e-security may render
some of the products irrelevant to the customer and can cause a dent in future
revenue.

Mitigation: While compliance is a major selling point for our products, almost all
of our products also address very important security needs for the customer. The
management also plays an active role in monitoring e-security regulations and
making appropriate changes to the product base to keep them relevant.

Major technological breakthroughs that render current cryptographic techniques

for protecting information obsolete are another concern for long-term business
continuity. However, the senior management are constantly on guard for such
indicators.

 Cyber threats: As our products are used to protect transactions and sensitive
customer data, the associated risks due to evolving cyber threats will always be a
concern.

Mitigation: However, this risk is mitigated by constantly reengineering the

products in response to such threats.

 Company size and resource risk: Certain problems are faced by the Company in
taking advantage of large opportunities due to Company size and resource
limitations.

Mitigation: Such problems are addressed through active partnership with large
vendors and system integrators. Leveraging such opportunities through our
partners keeps us relevant in the market and provides brand visibility.

4|Page
Risk Management Policy

 Receivables Risk: Since the Company is engaged in the supply of software

products, risks associated with timely collection of payments from the customers
will always be a concern. The Company enters into Service Agreement with its
customers, where terms of payment and the payment process adopted by the
customer is clearly defined. Any deviation from the terms of agreement or delay
in receiving payments from customers owing to some delivery/product issues is
a major risk.

Mitigation: The management takes stock of the receivables, exceeding beyond

120 days and takes necessary measures to recover payments from customers.
Sending regular intimations to the customers for recovery of dues or
discontinuing services are some measures adopted by the Company depending
upon situation. An efficient receivables collection process has helped minimize
this risk to a large extent.

 Human Resource Risk: Employability risk, viz., attracting the right talent for the
right role and attrition risk are two human resource risks faced by the Company.
The attrition risk is not just restricted to losing talent (after providing them all
the necessary training for the job) but additionally the Company has to absorb
the attrition cost as well.

Mitigation: The staff compensation levels are almost on par with the best in the
domestic industry. All efforts are made to ensure an innovative work
environment to all our employees. The senior management strives to keep the
attrition levels under reasonable control.

The Company has been continuously strengthening its internal HR processes to

hold on to the critical employees and create a reserve of abundant talent.

 Legal Risks associated with Contracts

The Company enters into agreements with its customers for licensing its
products, performing maintenance services etc. In the course of business, it may
be exposed to legal risks arising out of non-performance of contractual
obligations, infringement of IP rights, exposure to sensitive data of the
customers and maintaining confidentiality of such data.

Mitigation: The Company has assigned roles and responsibilities to employees in

relation to information assets and security. Accesses to applications,
programmes and source codes are restricted to authorized personnel on a need
5|Page
Risk Management Policy
to know basis only. Employees are obligated to maintain confidentiality by
signing Non Disclosure Agreements with the Company for working on sensitive
projects and for safeguarding data received from customers. Utility programs
capable of potentially overriding system, object, network, virtual machine and
application controls are access restricted by the Company.

The Company has a systematic approach towards vetting agreements and limits
its obligations to the extent minimally necessary under each contract. The
Company is also adequately covered by Professional Indemnity Insurance Policy
to mitigate risks stated above.

4. Oversight and Key Risk Management Practices:

A. Board
The Board is responsible for framing, implementing and monitoring the risk
management plan for the Company. The audit committee or management may
also refer particular risk management issues to the Board for final consideration
and direction.

B. Audit Committee
The audit committee is responsible for ensuring that the Company maintains
effective risk management and internal control systems and processes, and
provides regular reports to the Board on the effectiveness of the risk
management program in identifying and addressing material business risks. To
achieve this, the audit committee is responsible for:

 managing and monitoring the implementation of action plans developed to

address material business risks within the Company and its business units,
and regularly reviewing the progress of action plans;

 setting up internal processes and systems to control the implementation of

action plans;

 regularly monitoring and evaluating the performance of management in

managing risk;

 providing management and employees with the necessary tools and

resources to identify and manage risks;

 regularly reviewing and updating the current list of material business risks;

6|Page
Risk Management Policy
 regularly reporting to the Board on the status of material business risks; and

 ensuring compliance with regulatory requirements and best practices with

respect to risk management.

C. Senior management
The Company’s senior management is responsible for designing and
implementing risk management and internal control systems which identify
material risks for the Company and aim to provide the Company with
warnings of risks before they escalate. Senior management must implement
the action plans developed to address material business risks across the
Company.

Senior management should regularly monitor and evaluate the effectiveness

of the action plans and the performance of employees in implementing the
action plans, as appropriate. In addition, senior management should promote
and monitor the culture of risk management within the Company and
compliance with the internal risk control systems and processes by
employees. Senior management should report regularly to the Board
regarding the status and effectiveness of the risk management program.

D. Employees
All employees are responsible for implementing, managing and monitoring
action plans with respect to material business risks, as appropriate.

5. Review of risk management program

The Company regularly evaluates the effectiveness of its risk management
program to ensure that its internal control systems and processes are monitored
and updated on an ongoing basis. The division of responsibility between the
Board, audit committee and senior management aims to ensure that specific
responsibilities for risk management are clearly communicated and understood.
The reporting obligations of senior management and audit committee ensures
that the Board is regularly informed of material risk management issues and
actions. This is supplemented by the evaluation of the performance of the risk
management program and audit committee, senior management and employees
responsible for its implementation.

(Approved by the Board of Directors at the Meeting

held on January 28, 2021)
****

7|Page