Risk Management at Wipro is an enterprise wide function that aims at assessing threats to business sustainability and mitigating those threats. The function is backed by a qualified team of specialists with deep industry experience who develop frameworks and methodologies for assessing and mitigating risks. Enterprise Risk Management (ERM) works in close co-ordination with Business teams, Legal, Finance, Human Resources, Quality, office of the CIO, Delivery, Internal Audit and other Functional teams.
Enterprise Risk Management (ERM) enables and supports business objectives through risk-intelligent assessment and mitigation mechanisms while providing reassurance to all stake holders including Customers, Shareholders and Employees. This is done by identifying, assessing and mitigating risks within key business and functional processes through a collaborative approach. As part of this, the leveraging of technology and tools for continuous monitoring and reporting of risks is crucial.
The risk landscape in the current business environment is changing dynamically with the dimensions of Cyber security, Information Security & Business Continuity, Data Privacy and Large Deal Execution figuring prominently in the risk charts of most organizations. To effectively mitigate these risks, we have employed a risk management framework which helps proactively identify, prioritize and mitigate risks. The framework is based on principles laid out in the four globally recognized standards.
- Orange Book by UK Government Treasury
- COSO; Enterprise Risk Management – Integrated. Framework by Treadway Commission
- AS/NS 4360:2004 by AUS/NZ Standards board
- ISO/FDIS 31000:2009 by ISO
Major Risk Management and Risk Mitigation Initiatives
|Major Risks||Mitigation Plan|
|Information Security & Cyber Security breaches that could result in systemic failures, loss, disclosure of confidential information.||Effective security controls implemented to detect, prevent and remediate threats. Program to continuously monitor the effectiveness of the controls have been implemented. Focus is on sustaining controls and continuous improvement of efficacy of the solutions.|
|Intellectual Property violating or misusing our clients’ intellectual property rights or for breaches of third-party intellectual property rights or confidential information in connection with services to our clients.||Elaborate program has been rolled out in the past years to assess and mitigate the risks on account of intellectual property, both customer and Wipro-owned. The program assists in identification, monitoring and creating awareness across the teams. The program has also been enhanced to address risks arising out of access provided to social media & collaboration platforms.|
|Data Privacy regulations relating to personal and health information dealt with both by and on behalf of Wipro increases the risk of non-compliance.||The Data Privacy program has been augmented keeping into consideration privacy regulatory requirements, with specific emphasis to revalidate all existing frameworks, policies and processes that can be leveraged by respective support function and delivery teams, covering all applicable geographies and areas of operations.|
|Regulatory Compliances covering various federal, state, local and foreign laws relating to various aspects of the business operations are complex and non-compliances can result in substantial fines, sanctions etc.||A program on statutory compliance is in place with the objective to track all applicable regulations, obligation arising out of the same and corresponding action items that requires to be adhered to ensure compliance along with necessary workflows enabled. The program is monitored and regularly reviewed to ensure compliances. Additional programs exist to cover specific regulations relating to immigration, anti-bribery etc.|
|Functional and Operational risks arising out of various operational processes||Appropriate risk and control matrices have been designed for all critical business processes and both design and effectiveness is tested under the SOX and Internal Financial Control Programs and theme based assessments.|
|Service Delivery risks relating to complex programs providing end-to-end business solutions for our clients.||Risk Management framework has been deployed for large value deals to assess solution fitness, credit risks, financial risks, technology risks among other risk factors. Additionally contract compliance programs are in place with regular reviews, early warning systems as well as customer satisfaction surveys to assess the effectiveness of the service delivery and early detection of any risks arising from the service delivery.|
|Work place environment and Safety||Strong Control measures have been put in place to ensure employee health and safety. Awareness is created about various issues and are communicated on regular basis to employees. Wipro maintains Zero Tolerance for violators of code of business conduct. Also employees are provided with an online web portal to log in concerns relating to various subjects including environment and safety in the work place.|
|Business Continuity management risks arising out of global operations like IT outages, Cyber, natural disasters, pandemic, terror and unrest, power disruptions etc. which will bring down the availability of People, Technology and Facility||Effective implementation of Business Continuity Management System (BCMS) framework aligned to ISO 22301 across accounts, service functions and various locations. The system will have a comprehensive and integrated readiness of the BCMS requirements that will help plan, coordinate and execute the strategies effectively.|
|Geo political risk arising out of entering into contracts in a new country.||An assessment of doing business in a new country is done in order to analyze the feasibility of doing business based on the country’s economic stability, corruption index, investment opportunities, ease of doing business and physical safety.|
|Risk of protectionism policies impacting the business||Appropriate measures are being taken to provide uninterrupted high quality services to the clients at all geographies.|
The Board Committee on Audit, Risk and Compliance consisting of non-executive independent directors has the responsibility of periodically reviewing the company’s policies for risk assessment and risk management and assess the steps taken to control such risks. The committee also reviews and approves the Strategic and Operating Plan of Enterprise Risk Management function of the Company. Concomitantly, the internal Audit function at Wipro also plays a key role in identifying and highlighting potential risks to Board Committee. High risks including concerns related to Ombudsprocess, sexual harassment prevention and critical security incidents are tracked and reviewed periodically. They are reported to the Audit committee of the board every quarter. Customer related issues and key employee engagement developments are also reviewed by the board.