Risk management report

The following section discusses the various aspects of enterprise-wide risk management. Readers are cautioned that the risk related information outlined here is not exhaustive and is for information purpose only. The discussion may contain statements, which may be forward-looking in nature. Our business model is subject to uncertainties that could cause actual results to differ materially from those reflected in the forward-looking statements. Readers are requested to exercise their own judgment in assessing the risks associated with the Company and to refer to the discussions of risks in the Company's previous Annual Reports and the filings with the Securities and Exchange Commission, USA.

A. Overview

The Enterprise Risk Management (ERM) at Infosys encompasses practices relating to identification, assessment, monitoring and mitigation of various risks to our business. ERM at Infosys seeks to minimize adverse impact on our business objectives and enhance stakeholder value. Further, our risk management practices seek to sustain and enhance long-term competitive advantage of the Company. Risk management is integral to our business model, described as ‘Predictable, Sustainable, Profitable and De-risked’ (PSPD) model. Our core values and ethics provide the platform for our risk management practices.

B. Our Risk Management Framework

Our risk management framework encompasses the following key components.

1. Risk management structure

Our risk management occurs across the enterprise at various levels. These levels also form the various lines of defense in our risk management.

The key roles and responsibilities regarding risk management in the Company are as follows :

Key roles and responsibilities
Board of Directors (Board)
  • Corporate governance oversight of risk management performed by the Executive Management
  • Review the performance of
    Risk Management Committee
Risk Council (RC)
  • Comprises Chief Executive Officer,
    Chief Operating Officer and
    Chief Financial Officer
  • Reviewing enterprise risks from time to time, initiating mitigation actions, identifying owners and reviewing progress
  • Formulating and deploying risk management policies
  • Deploying practices for identification, assessment, monitoring, mitigation and reporting of risks
  • Providing updates to RMC and the Board from time to time on the enterprise risks and actions taken
Office of Risk Management (ORM)
  • Comprises the network of risk managers from units and our group companies and is led by Chief Risk Officer
  • Facilitating the execution of risk management practices in the enterprise as mandated, in the areas of risk identification, assessment, monitoring, mitigation and reporting
  • Deploying mechanisms to monitor compliance with policies
  • Providing periodic updates to RC and quarterly updates to RMC on top risks and their mitigation
  • Working closely with owners of risk in deploying mitigation measures
Unit Heads
  • Managing their functions as per company risk management philosophy
  • Managing risks concomitant to the business decisions relating to their unit, span of control or area of operations
  • Managing risks at the unit level that may arise from time to time, in consultation with the Risk Council
The Infoscion
  • Adhering to risk management policies and procedures
  • Implementing prescribed risk mitigation actions
  • Reporting risk events and incidents in a timely manner

(1) As of April 13, 2010

2. Risk categories

The following broad categories of risks have been considered in our risk management framework :

3. Key risk management practices

The key risk management practices include those relating to risk assessment, measurement, mitigation, monitoring, reporting and integration with strategy and business planning.

Key components of Infosys Risk Management Framework


C. Overview of risk environment and key risk management activities of the year

Business risk environment was challenging for most part of the year, primarily driven by the prolonged impact of global economic slowdown on our clients and the resultant impact on our business. Financial position of several key clients who were impacted by the global economic slowdown, gradually improved during the year. Regulatory environment relating to immigration / visa and taxation required close monitoring and assessment. Global currencies from which we derive our revenues showed high volatility. Physical security environment in India called for increased vigilance measures.

Our continued emphasis on credit risk management through periodic credit quality assessments and focused collection mechanisms resulted in further improvement of credit risk indicators. Our active management of currency risks minimized the impact in a volatile currency market. We further strengthened operational risk mitigation mechanisms in areas including physical security, service delivery, information security and contracts management. Our periodic assessment and monitoring of business risk and regulatory environment resulted in deployment of appropriate mitigation measures.

We carried out various risk management activities described as follows, to monitor and mitigate risks :

1. Top risk identification, tracking and review

2. Risk assessments and review