The Risk Management report discusses various dimensions of our enterprise risk management. The risk-related information outlined in this section may not be exhaustive. The discussion may contain statements that are forward-looking in nature. Our business is subject to uncertainties that could cause actual results to differ materially from those reflected in the forward-looking statements. Readers are advised to refer to the detailed discussion of risk factors and related disclosures in our regulatory filings, and exercise their own judgment in assessing risks associated with the Company.

A. Overview

Our Enterprise Risk Management (ERM) framework encompasses practices relating to the identification, analysis, evaluation, treatment, mitigation and monitoring of the strategic, external and operational controls risks to achieving our key business objectives. ERM at Infosys seeks to minimize the adverse impact of these risks, thus enabling the Company to leverage market opportunities effectively and enhance its long-term competitive advantage.

Several risks can impact the achievement of a particular business objective. Similarly, a single risk can impact the achievement of several business objectives. The focus of risk management is to assess risks and deploy mitigation measures. This is done through periodic review meetings of the risk and strategy committee of the Board.

Our core values and ethics provide the platform for our risk management practices.

B. Key components of the Infosys risk management framework

1. Risk governance structure

Our risk management framework works at various levels across the enterprise. The key roles and responsibilities regarding risk management in the Company are summarized as follows:


Key roles and responsibilities

Board of Directors (Board)

  • Approving key business objectives to be achieved by the Company. Ensuring that the executive management focuses on managing risks to key business objectives
  • Reviewing the performance of the risk and strategy committee

Risk and strategy committee (RSC)

  • Comprises five independent directors:
    • Ravi Venkatesan, Chairperson
    • R. Seshasayee
    • Kiran Mazumdar-Shaw
    • Roopa Kudva
    • Prof. John W. Etchemendy
  • Corporate governance oversight with regard to the identification, evaluation and mitigation of strategic, operational, and external environment risks
  • Monitoring and approving the risk management framework and associated practices of the Company
  • Reviewing and approving risk-related disclosures

Risk council (RC)

  • Comprising Chief Executive Officer, Chief Operating Officer and Chief Financial Officer
  • Oversight of risk management practices, including identification, impact assessment, monitoring, mitigation, and reporting
  • Reviewing enterprise risks to the achievement of business objectives periodically, initiating mitigation actions, identifying owners for mitigation actions, and reviewing progress of mitigation actions
  • Formulating and deploying risk management policies and procedures
  • Providing updates to the risk and strategy committee and the Board from time to time on the enterprise risks and actions taken

Office of Risk Management (ORM)

  • Headed by the Chief Risk Officer
  • Comprises a network of risk managers from business units and specialist groups
  • Facilitating the execution of risk management practices in the enterprise, in the areas of risk identification, impact assessment, monitoring, mitigation and reporting
  • Providing periodic updates to the risk council and quarterly updates to the risk and strategy committee on risks to key business objectives and their mitigation
  • Working closely with business units, business enabling functions and mitigation action owners in deploying mitigation measures and monitoring their effectiveness
  • Working closely with internal audit, business continuity management services, information security, intellectual property and quality audit teams for identifying, monitoring, and mitigating operational risks

Unit risk managers

  • Ensuring units are managed in accordance with the Company’s risk management practices
  • Ensuring compliance with risk management policies and procedures laid out by the Company in their respective business units
  • Managing risks concomitant to the business decisions relating to their unit, span of control or area of operations
  • Ensuring effectiveness of risk mitigation actions in their units
  • Reporting risk events and incidents relating to their unit in a timely manner

Project teams and individuals

  • Adhering to risk management policies and procedures
  • Implementing prescribed risk mitigation actions
  • Reporting risk events and incidents in a timely manner

2. Business objectives

The business objectives of the Company are articulated as a set of specific near-term goals, and long-term strategic goals in a corporate scorecard. These goals cover the dimensions of consistent financial performance, market penetration, differentiation in solutions, services and operational excellence, leveraging talent and long-term sustainability of the organization.

3. Risk categories

Our risk management framework considers the following broad categories of risks:


Risks arising out of the choices we have made in defining our strategy and the risks to the successful execution of these strategies are covered in this category – for example, risks inherent to our industry and competitiveness are analyzed and mitigated through strategic choices of target markets, the Company’s market offerings, business models and talent base. Details of the Company’s strategy are described in other sections of this document. Potential risks to the long-term scalability and sustainability of the organization are also analyzed and mitigated – for example, societal risks relating to the impact of our strategy on the environment, local communities, and conservation of essential resources.

We periodically assess risks to the successful execution of our strategy, such as the effectiveness of strategic programs that are being executed, the momentum in new initiatives, the impact of strategy on financial performance, leveraging of inorganic strategies, effectiveness of organization structure and processes, retention and development of high-performing talent and leadership.


Risks arising out of uncontrollable factors from outside the organization are covered in this category – for example, risks of adverse developments in the regulatory environment in which we operate, unfavorable trends in the macroeconomic environment including currency fluctuations, natural disasters and attacks on our physical and technology infrastructure.

Operational controls

Risks arising out of inefficiencies in the design, operations or systems of internal controls are covered in this category – for example, risks of non-compliance to policies, information security, data privacy, intellectual property, individuals engaging in unlawful or fraudulent activity or breaches of contractual obligations. These risks could typically result in penalties, financial loss, litigation and loss of reputation and are assessed primarily on dimensions such as business process effectiveness, segregation of duties, compliance with policies and procedures, and strength of underlying controls. These risks also include counterparty risks arising from our association with entities for conducting business, namely clients, vendors, alliance partners and their respective industries.

4. Risk management processes

The Company’s risk management practices are:

Risk identification, analysis, and evaluation

Mechanisms for identification of risks include annual risk surveys across the Company, industry benchmarking, periodic assessments of the business environment, incident analysis, findings of internal audits, discussions with the risk council and the risk and strategy committee and analysis of the Company’s performance relative to the corporate scorecard goals. Risk analysis and evaluation is carried out using scenario-based assessments to decide the potential impact, likelihood of occurrence and in some cases, the detectability of the risk. Estimated risks are compared with established risk criteria and thresholds to determine the priority and method of risk treatment.

Risk treatment

Risk treatment is the process of selecting and implementing measures to alleviate the impact of identified risks.

  • Avoid: A decision to nullify the risk by refraining from the activities that cause it
  • Transfer: A decision to transfer the specific risk to another entity
  • Reduce: A decision to reduce the level of risk through targeted mitigation, if not to completely nullify it
  • Accept: A decision to allow the risk to remain as is, irrespective of its severity

    Risk mitigation and monitoring

Mitigation plans are finalized, owners are identified and the progress of mitigation actions are monitored and reviewed. The risk and strategy committee periodically does a deep dive into understanding the scope and effectiveness of mitigation plans and provides feedback to mitigation teams.

Risk-based approach to strategic planning

At Infosys, the functions of strategic planning and risk management are intertwined. Risks to achieving business objectives are key inputs to the formulation and development of strategy and business planning. Key strategic initiatives are identified to mitigate specific risks. This approach is practiced at various levels of the Company, such as in client account teams, project teams, support departments and subsidiaries.

Risk reporting and disclosures

Dashboards help track external and internal indicators for each identified risk and assess its severity. The trend line assessment of top risks, analysis of exposure and potential impact are carried out periodically, presented and discussed with the risk council and risk and strategy committee. Key external and internal incidents are reported and reviewed at appropriate fora, such as the Information Security Council and meetings of the executive board. Risks relating to client project execution and client account level risks are reported and discussed at appropriate levels within the Company. Periodic updates are provided to the Board highlighting key risks, their impact and mitigation actions. Key risk factors are disclosed in regulatory filings.

C. Risk management highlights for the year

During the last fiscal, our risk management practices were primarily focused on the effectiveness of strategic programs in improving our competitive position and differentiation in market segments, the momentum of new initiatives to achieve our long-term business aspirations, our preparedness to address any incidents that may cause business disruptions to our physical and technological infrastructure, strengthening internal controls to detect fraudulent activity, leadership development and monitoring possible impact of changes in our regulatory environment.

We carried out the following risk management activities during the last fiscal:

  • An annual risk survey was conducted across functions to get inputs on key risks to the achievement of business objectives, their prioritization and mitigation actions to minimize impact.
  • Top risks were reviewed and discussed with the risk council and the risk and strategy committee. Deep dive assessments were done in identified areas by members of the committee.
  • Risk assessment of our business momentum relative to competition and competitive position in key market segments comprising geographies, industries and service lines were conducted and actions were reviewed.
  • Regularly assessed business environment including trend-line of key external indicators and internal business indicators along with assessments by market segments, top clients' growth, currency risk and credit risk.
  • Reviewed key operational risks and actions based on inputs from the internal risk register, external assessments, internal audit findings and incidents. Reviewed operational risk areas including client service delivery, information security (cyber attacks and threat intelligence), women’s safety, physical security, succession planning and business continuity management.
  • Monitored key developments in the regulatory environment relating to visas, immigration laws and impact assessments.
  • Monitored availability of natural resources, such as water and power and its impact on our operations.

R Seshasayee

Chairman of the Board and Independent

R. Seshasayee is the Chairman of the Board of Directors, Infosys.

Seshasayee, a chartered accountant, started his career with Hindustan Lever Ltd. in 1971.

He joined Ashok Leyland in 1976, rose to become the Executive Director – Finance in 1983 and was elevated to Deputy Managing Director in 1993 and Managing Director in 1998. He became the Executive Vice Chairman of Ashok Leyland in 2011, and is presently the Non-Executive Vice Chairman of the company.

He led Ashok Leyland’s transformation into a self-reliant, globally competitive technology leader seeking growth through globalization and diversification, with acquisitions and joint ventures. He also led the company to embrace the tenets of sustainable development and environmental protection. During his tenure as the Managing Director from 1998-99 to 2010-11, Ashok Leyland’s turnover increased five times from Rs.2045 Cr to Rs. 12093 Cr, net profit thirty times, and market cap fourteen times.

Seshasayee has been the Chairman of IndusInd Bank from 2007 till date. During this period, both net profit and market cap of the bank increased twenty six times.

Seshasayee is presently Vice Chairman, Hinduja Group India. Hinduja Group is a multi-billion, transnational group, with global presence in banking and finance, automotive, infrastructure, specialty chemicals, realty, etc.

He served on the Board of ICICI Ltd./ICICI Bank from 1997-2003 He has been on the Board of Infosys Ltd. from January 2011. He was the Chairman of the Audit Committee.

Seshasayee was the President of Confederation of Indian Industry (CII) during 2006-07 and has been an active leader of CII for over 20 years. He was the President of the Society of Indian Automobile Manufacturers (SIAM), the apex body representing the Indian automobile industry during 2001-03.

Seshasayee has served on several government and professional committees.

As a member of Government of India delegations, Seshasayee was an active participant at the Doha Ministerial Round of WTO in 2001 and the Hong Kong Ministerial at Hong Kong in 2005. Seshasayee was also the Co-Chair of the World Economic Forum – Middle East during 2007.

He has served as the Chairman of the Board of Governors of the National Institute of Technology, Tiruchirapalli (NIIT) and as the Chairman of the Indian Institute of Information Technology Design and Manufacturing (IITD & M), Kancheepuram.

Seshasayee is the Chairman of the Executive Council of the Cancer Institute, Chennai; President of Schizophrenia Research Foundation (SCARF); and Vice President of the Music Academy, Chennai.

Seshasayee has won many honors and recognitions, including the Star of Italian Solidarity award from the Italian Government, Sir Jehangir Ghandy Medal for Industrial and Social Peace from XLRI, Jamshedpur, and the Lifetime Achievement Award from the Institute of Chartered Accountants of India.

3,152 Views 21 Comments

Dr. Vishal Sikka

Chief Executive Officer and Managing Director

Dr. Sikka joined Infosys in 2014 to help transform the company during a time of significant change in the services industry, change that was brought on by the cost imperatives of clients on the one hand, and significant and rapid advancements in technology on the other hand. Since joining Infosys, Dr. Sikka has implemented a strategy of helping clients renew their existing landscapes to fundamentally drive down costs using automation and artificial intelligence, and at the same time bring breakthrough innovation that transforms user and consumer experiences, opens new business opportunities and new business models, and leverages data in entirely new ways. Key initiatives such as Zero Distance, which focuses on finding innovation in every project for every client, on an ongoing basis, has set a precedent in the industry for driving grassroots innovation. Similarly, the notion of looking at technology as an amplifier of human potential has enabled the company to bring together services, software and platforms in a way that drives unprecedented value for companies across every industry.

In addition, Dr. Sikka has created a strong focus on learning and education within Infosys, a culture which not only drives value for clients and the entire Infosys ecosystem, but extends outside the company as well. Infosys is helping clients in their efforts to create learning and collaborative cultures – helping them to find the most important problems to solve using Design Thinking as the framework, to rethink existing processes leveraging technology, to find new ways of working as teams and as individuals, and to build incredible talent, skills and passion across teams.

Prior to joining Infosys, Dr. Sikka was a member of the Executive Board of SAP SE, leading all products and technologies, including all of product development, and driving innovation globally. In his 12 years at SAP, Dr. Sikka held several senior leadership roles including becoming SAP’s first-ever CTO in 2007. As CTO, Dr. Sikka was responsible for overall technology architecture and ensuring coherence in SAP’s product strategy. During that time and later when he joined the Executive Board of SAP, Dr. Sikka brought a strong focus on delivering innovation non-disruptively, simplifying customers landscapes, and delivering new and delightful user experiences.

When Dr. Sikka joined the SAP Executive Board in February 2010, he brought this same focus to all of product development and was instrumental in building a culture of innovation at SAP; innovation became the focus and was at the heart of everything the company developed and delivered to customers. Among other things, Dr. Sikka is credited with creating SAP’s breakthrough in-memory data platform SAP HANA, the fastest growing product in SAP’s history. He also accelerated SAP’s development processes, bringing a deep focus on design and user experience, creating a culture of innovation, initiating for the first time in company history a focus on startups, driving venture investments, and leading product incubation as well as co-innovation with customers.

Dr. Sikka is the creator of ‘timeless software,’ a framework which articulates the principles of renewing existing processes and landscapes without disruption to customer environments. The principles of Timeless Software provide the foundation to ensuring there is no longer a trade-off between leveraging breakthrough innovation and ensuring the consistency, reliability and coherence of systems and user experiences. Dr. Sikka is especially known for his championship of technology as an amplifier of human potential and his passion for applying software in purposeful ways to address some of the biggest global challenges.

His experience includes research in artificial intelligence, intelligent systems, programming languages and models, and information management – at Stanford University, at Xerox Palo Alto Labs, and as the founder of two startups.

Dr. Sikka received his BS in Computer Science from Syracuse University. He holds a Ph.D. in Computer Science from Stanford University.

3,152 Views 21 Comments

Pravin Rao

Chief Operating Officerand Whole-time Director

As the Chief Operating Officer, Pravin Rao is responsible for driving growth and differentiation across portfolios at Infosys. Additionally, he oversees global delivery, quality and productivity, the supply chain and business enabler functions. He is also the Chairperson of Infosys BPO.

Pravin has over 28 years of experience. Since joining Infosys in 1986, he has held a number of senior leadership roles such as Head of Infrastructure Management Services, Delivery Head for Europe, and Head of Retail, Consumer Packaged Goods, Logistics and Life Sciences. Pravin holds a degree in electrical engineering from Bangalore University, India.

3,152 Views 21 Comments

Kiran Mazumdar-Shaw

Independent Director

Kiran Mazumdar-Shaw is Chairperson and Managing Director of Biocon Limited, a biotechnology company based in Bangalore, India.

Kiran is highly respected in the corporate world and has been named among TIME magazine’s 100 most influential people in the world. The Economic Times placed her at India Inc.’s top 10 most powerful women CEOs for the year 2012. Her pioneering efforts in biotechnology have drawn global recognition for both the Indian industry and Biocon.

Kiran holds a bachelor’s degree in Zoology from Bangalore University, India, and is qualified as a Master Brewer from Ballarat University, Australia. She has also received many honorary doctorates in recognition of her pre-eminent contributions to the field of biotechnology.

3,152 Views 21 Comments

Roopa Kudva

Independent Director

Roopa Kudva is Managing Director of Omidyar Network India Advisors and Omidyar Network partner. Omidyar Network is a US-based philanthropic investment firm.

Previously, she was the MD and CEO of CRISIL, a global analytical company providing ratings, research, and risk and policy advisory services. She has led CRISIL’s evolution from a leading Indian rating agency to a diversified analytical company with clients ranging from the largest investment banks of the world to tens of thousands of small firms spread across India. Under her leadership, CRISIL’s market capitalization has grown four-fold from Rs. 2,900 crores to Rs. 14,000 crores, and revenues have tripled.

Ms. Kudva regularly features in lists of the most powerful women in business compiled by prominent publications, including Fortune and Business Today. She is a recipient of several prestigious awards including the ‘Outstanding Woman Business Leader of The Year’ at CNBC TV18’s ‘India Business Leader Awards 2012’, India Today ‘Corporate Woman Award 2014’ and Indian Merchants’ Chamber Ladies' Wing’s ‘Woman of the Year’ Award 2013-14.

Ms. Kudva is a member of several policy-level committees relating to the Indian financial system, including committees of the Securities and Exchange Board of India and the Reserve Bank of India. She has also been a member of the Executive Council of NASSCOM. She is a regular speaker at global conferences and seminars by multilateral agencies, market participants, and leading academic institutions.

Ms. Kudva holds a postgraduate diploma in management from Indian Institute of Management, Ahmedabad (IIM-A) and also received the ‘Distinguished Alumnus Award’ from her alma mater.

3,152 Views 21 Comments

Ravi Venkatesan

Independent Director

Ravi Venkatesan is a Director on the Boards of Infosys and AB Volvo, and a Fellow of the Center for Higher Ambition Leadership, Boston. He is an advisor to several family businesses and entrepreneurial ventures. He is also a member of the Advisory Board of Bunge Ltd., the Global Alumni Board of Harvard Business School, and of Marico Innovation Foundation. Ravi is a founding partner and Chairman of Social Venture Partners, India – a network of engaged philanthropists attempting to address complex social issues through venture philanthropy.

Between 2004 and 2011, Ravi was the Chairman of Microsoft India, which, under his leadership, became Microsoft's second largest and one of its fastest growing geographies. It was also consistently rated among the best employers and most respected companies in India. He was instrumental in helping Microsoft India create ‘Shiksha’, a large computer literacy program that helped train over 35 million students from disadvantaged backgrounds.

Prior to Microsoft, Ravi spent sixteen years with Cummins Inc. As Chairman of Cummins India Limited, he oversaw the company’s transformation into a leading provider of power solutions and automotive engines in India. He also played a key role in establishing the Cummins College of Engineering, India's first engineering college for women, in Pune.

Ravi was voted the most influential MNC CEO for 2011 by the Economic Times daily. He has authored the book, “Conquering the Chaos: Win in India, Win Everywhere”.

Ravi holds a bachelor’s degree in mechanical engineering from the Indian Institute of Technology, Bombay; a master’s in engineering from Purdue University; and a Master of Business Administration from Harvard Business School, where he was a Baker Scholar. Ravi was awarded the Distinguished Engineering Alumnus award in 2011 by Purdue University, and the Distinguished Alumnus award by the Indian Institute of Technology.

3,152 Views 21 Comments

Dr. Punita Kumar-Sinha

Independent Director

Dr. Punita Kumar-Sinha has focused on investment management and financial markets during her 25-year career. She spearheaded some of the first foreign investments into the Indian equity markets in the early 1990s. Currently, she is the Founder and Managing Partner, Pacific Paradigm Advisors, an independent investment advisory and management firm focused on Asia. Dr. Kumar-Sinha is also a Senior Advisor and serves as an Independent Director for several companies. Prior to founding Pacific Paradigm Advisors, she was a Senior Managing Director of Blackstone and the Chief Investment Officer of Blackstone Asia Advisors. Dr. Kumar-Sinha was also the Senior Portfolio Manager and CIO for The India Fund (NYSE:IFN), the largest India Fund in the US, for almost 15 years, The Asia Tigers Fund (NYSE:GRR), and The Asia Opportunities Fund.

Prior to joining Blackstone, Dr. Kumar-Sinha was a Managing Director and Senior Portfolio Manager at Oppenheimer Asset Management Inc., and CIBC World Markets, where she helped open one of the first India advisory offices for a foreign firm. She also worked at Batterymarch (a Legg Mason company), Standish Ayer & Wood (a BNY Mellon company), JP Morgan and IFC/World Bank.

Dr. Kumar-Sinha has been frequently featured in the media, including: The Financial Times, The New York Times, The Wall Street Journal, Barron’s, Forbes, CNN, CNBC, Fox News, Star News, Bloomberg , ET Now and The Economic Times. She has also anchored a TV series on ET NOW on various global economies, key Indian policy issues and their impact on capital markets. Dr. Kumar-Sinha has been a speaker at many forums and many of her contributions at seminars and conferences have projected the potential and prospects of Asia as an investment destination.

Dr. Kumar-Sinha has a Ph.D. and a Masters in Finance from the Wharton School, University of Pennsylvania. She received her undergraduate degree in chemical engineering with distinction from the Indian Institute of Technology, New Delhi. She is an MBA and also a CFA Charter holder. Dr. Kumar-Sinha is a member of the CFA Institute, the Boston Security Analysts Society and the Council on Foreign Relations. She is a Charter Member and was a Board Member of TIE-Boston. Dr. Kumar-Sinha has been awarded the Distinguished Alumni Award from IIT Delhi.

3,152 Views 21 Comments

Prof. Jeffrey Sean Lehman

Independent Director

Prof. Jeffrey Sean Lehman is the inaugural vice chancellor of NYU Shanghai. He has previously been founding dean of the Peking University School of Transnational Law, president of Cornell University, dean of the University of Michigan Law School, a tenured professor of law and public policy at the University of Michigan, a practicing lawyer in Washington, D.C., a law clerk to Associate Justice John Paul Stevens of the U.S. Supreme Court, and a law clerk to Chief Judge Frank M. Coffin of the U.S. Court of Appeals for the First Circuit.

Jeffrey is also chancellor of the Peking University School of Transnational Law, a nonresident senior scholar at the Woodrow Wilson International Center for Scholars, a member of the international advisory board of the Nazareth Academic Institute, and an American representative in the U.S.-China Legal Experts Dialogue.

He previously served as president of the American Law Deans Association, as chair of the board of Internet2, and as a member of the boards of trustees of the Consortium on Financing Higher Education, the Skadden Fellowship Foundation, and the Asian University for Women Support Foundation.

Jeffrey’s honors include the Friendship Award from the People’s Republic of China, the National Equal Justice Award from the NAACP Legal Defense and Educational Fund, Inc., an honorary doctorate from Peking University, honorary professorships from several other universities, and membership in the American Law Institute. Jeffrey earned a bachelor’s degree in mathematics from Cornell University and degrees in law and public policy from the University of Michigan.

3,152 Views 21 Comments

Prof. John W. Etchemendy

Independent Director

John W. Etchemendy is the Provost of Stanford University and Patrick Suppes Family Professor in the School of Humanities and Sciences.

Professor Etchemendy is also a faculty member of the Symbolic Systems Program and a senior researcher at the Center for the Study of Language and Information (CSLI). He has received the Dean’s Award for Excellence in Teaching (1988), and the Bing Award for Excellence in Teaching (1992). In addition, he is also the recipient of the Educom Medal for leadership in the application of technology to teaching. Professor Etchemendy received his B.A. and M.A. in Philosophy from the University of Nevada, Reno. He earned his doctorate in Philosophy at Stanford University. He served on the faculty at Princeton University for two years before joining the Department of Philosophy at Stanford as a faculty member.

Professor Etchemendy is the author of numerous books and articles on logic, some co-authored with several close collaborators. He has been co-editor of the Journal of Symbolic Logic and is on the editorial board of several other journals.

3,152 Views 21 Comments