Kisaan Infotech Limited - Enterprise Risk Management Policy

1.0 Introduction & Governance Framework

1.1 Purpose & Philosophy

This Enterprise Risk Management (ERM) Policy establishes the framework for identifying, assessing, managing, and monitoring material risks faced by Kisaan Infotech Limited ("the Company"), an AgriTech platform empowering farmers through precision farming, digital marketplace services, and agricultural innovation. The policy ensures strategic objectives — including farmer empowerment, platform scalability, and sustainable agriculture — are pursued with disciplined awareness of uncertainties. It operationalizes our internal risk stewardship commitment and complements the public Risk Factors Disclosure.

1.2 Governance Structure

Board of Directors: Ultimate responsibility for risk oversight; ensures alignment with AgriTech strategy and farmer-centric culture.
Risk Management Committee (RMC): Board committee; reviews ERM framework quarterly, evaluates top risks (including agronomic, cyber, and climate-related), oversees implementation.
Chief Risk Officer (CRO) / Designated Officer: Leads day-to-day ERM administration; reports directly to RMC.
Business/Function Heads: Identify and mitigate risks in their domains (e.g., platform operations, agronomy advisory, data services).
All Employees & Field Partners: Required to follow risk controls and promptly report emerging threats (including field-level disruptions).

2.0 The Risk Management Process

The Company adopts a continuous, six-stage cyclical ERM process aligned with global best practices.

Risk Identification
Structured methods include strategic reviews, operational workshops, agritech benchmarking, incident post-mortems, farmer feedback loops, and external horizon scanning. Material risks from the official Risk Factors Disclosure serve as the baseline.
Risk Assessment
Risks evaluated on Likelihood and Impact using a 5×5 Risk Matrix; prioritized relative to the Company's defined Risk Appetite.
Risk Evaluation
Comparison against Risk Appetite determines treatment priority — especially critical for data security, agronomic reliability, and platform availability in rural contexts.
Risk Response
Strategies include Mitigate (preferred), Accept, Avoid, or Transfer (insurance, partnerships, hedging instruments where applicable).
Implementation & Control
Risk Owners implement actions; controls embedded into processes (e.g., platform dev-ops, farmer onboarding, data pipelines) and communicated effectively.
Monitor, Review & Report
Ongoing monitoring by Risk Owners; quarterly RMC review of risk register; standardized top-risk dashboard presented to RMC and Board.

3.0 Policy for Key Risk Categories

Specific approaches for categories aligned with the Risk Factors Disclosure and AgriTech context.

3.1 Regulatory & Compliance Risks

Policy: Dedicated Legal & Compliance function monitors evolving regulations (Data Protection, DPDP Act, agri-input laws, export controls). Mandatory compliance review for all new platform features, data flows, and farmer services.

Ownership: Head of Legal & Compliance.

3.2 Market, Competition & Reputational Risks

Policy: Formal competitive intelligence program. Reputation Risk Protocol ensures rapid, coordinated response (Legal, PR, Agri Advisory, Management) to misinformation, platform criticism, or farmer grievances on social/field channels.

Ownership: Chief Marketing Officer + CRO support.

3.3 Operational & Strategic Risks

Key Personnel Dependence: Robust Key Person Succession Plan and retention programs (especially agronomists, data scientists, platform engineers).

Technology & Cyber Security: Mandatory adherence to Cyber Security Framework based on ISO/IEC 27001:2022; annual third-party audits; emphasis on data sovereignty, farmer data privacy, IoT/precision farming device security.

Growth & Diversification: All new initiatives (exports, retail, logistics verticals) require formal Risk-Benefit Analysis and Board approval.

Ownership: Head of HR (Personnel), CTO (Cyber & Tech), Chief Strategy Officer (Growth).

3.4 Financial Risks

Policy: Scenario-based funding modeling; diversified banking relationships; structured capital allocation policy guiding dividend/investment decisions; monitoring of agri-commodity cycles impacting platform economics.

Ownership: Chief Financial Officer.

4.0 Roles & Responsibilities

Role	Primary Responsibility
Board of Directors	Approve ERM policy & Risk Appetite; oversee material exposures (incl. AgriTech-specific risks).
Risk Management Committee (RMC)	Quarterly review of risk reports; guide CRO; monitor policy effectiveness.
Chief Risk Officer (CRO)	Lead ERM execution; maintain risk register; prepare reports for RMC/Board.
Business/Function Heads	Identify, assess & manage risks in their areas; implement & monitor controls.
Internal Audit	Independent assurance on control design & operating effectiveness.

5.0 Review & Policy Amendment

This policy is a living document and shall be reviewed:

Annually during strategic planning.
Trigger-based: After material risk events, major business changes (e.g., new verticals), significant regulatory updates, or material cyber/agri-climate incidents.

Amendments require Risk Management Committee approval and Board ratification.