Risk Management at Wipro is an enterprise wide function backed by a qualified team of specialists with deep industry experience who develop frameworks and methodologies for assessing and mitigating risks. Enterprise Risk Management (ERM) works in close co-ordination with Business teams, Legal, Finance, Human Resources, Quality, office of the CIO, Delivery, Internal Audit and other Functional teams.
Enterprise Risk Management (ERM) enables and supports business objectives through risk-intelligent assessment and mitigation mechanisms while providing reassurance to all stake holders including Customers, Shareholders and Employees. This is done by identifying, assessing and mitigating risks within key business and functional processes through a collaborative approach. As part of this, the leveraging of technology and tools for continuous monitoring and reporting of risks is crucial.
The risk landscape in the current business environment is changing dynamically with the dimensions of Cyber security, Information Security & Business Continuity, Data Privacy and Large Deal Execution figuring prominently in the risk charts of most organizations. To effectively mitigate these risks, we have deployed a risk management framework which helps proactively identify, prioritize and mitigate risks. The framework is based on principles laid out in the four globally recognized standards.
Refer to pages 35 – 36 in our Annual Report 2015 – 16 for more details on our risk management model and risk analysis.
Major Risk Management and Risk Mitigation Initiatives
|Major Risks||Mitigation Plan|
|Information Security & Cyber Security breaches that could result in systemic failures, loss, disclosure of confidential information.||Strong counter measures implemented and programs to continuously monitor the effectiveness of the controls have been implemented. Focus on sustaining controls and continuous improvement of solutions.|
|Intellectual Property violating or misusing our clients’ intellectual property rights or for breaches of third-party intellectual property rights or confidential information in connection with services to our clients.||Elaborate program has been rolled out in the past years to assess and mitigate the risks on account of intellectual property both customer and Wipro owned. The same assist in identification, monitoring and creating awareness across the teams. The program has also been enhanced to address risks arising out of access provided to social media & collaboration platforms.|
|Data Privacy regulations relating to personal and health information dealt with both by and on behalf of Wipro increases the risk of non-compliance.||Data Privacy programs have been augmented by the creation of a dedicated Data Privacy team with specific emphasis to revalidate all existing frameworks, policies and processes that can be leveraged across by the respective teams, covering all applicable geographies and areas of operations.|
|Regulatory Compliances covering various federal, state, local and foreign laws relating to various aspects of the business operations are complex and non-compliances can result in substantial fines, sanctions etc.||A program on statutory compliance is in place with the objective to track all applicable regulations, obligation arising out the same and corresponding actions items that requires to be adhered to ensure compliance along with necessary workflows enabled. The program is monitored for compliances and regularly reviewed to ensure compliances are in place. Additional programs exist to cover specific regulations relating to immigration, anti-bribery etc.|
|Service Delivery risks relating to complex programs providing end-to-end business solutions for our clients.||Risk Management framework has been deployed for large value deals to assess solution fitness, credit risks, financial risks, technology risks among other risk factors. Additionally contract compliance programs are in place with regular reviews, early warning systems as well as customer satisfaction surveys to assess the effectiveness of the service delivery risks and preempt any risks arising from the same.|
|Functional & Operational risks arising out of various operational processes||Appropriate risk and control matrix have been designed for all critical business processes and both design and effectiveness tested under the SOX & Internal Financial Control Programs.|
The Board Committee on Audit, Risk and Compliance consisting of non-executive independent directors has the responsibility of periodically reviewing the company’s policies for risk assessment and risk management and assess the steps taken to control such risks. The committee also reviews and approves the Strategic and Operating Plan of Enterprise Risk Management function of the Company. Concomitantly, the internal Audit function at Wipro also plays a key role in identifying and highlighting potential risks to Board Committee. High risks including concerns related to Ombudsprocess, sexual harassment prevention and critical security incidents are tracked and reviewed periodically. They are reported to the Audit committee of the board every quarter. Customer related issues and key employee engagement developments are also reviewed by the board.