Risk Management Framework

The risk landscape in the current business environment is changing dynamically with the
dimensions of Cyber security, Information Security and Business Continuity, Data Privacy
and Large Deal Execution figuring prominently in the risk charts for most organizations
in our sector. To effectively mitigate these risks, we have employed a risk management
framework, which helps proactively identify, prioritize and mitigate risks. The framework
is based on principles laid out in the four globally recognized standards as below.

Audit Committee of
Governance Oversight Tone@ The Top
the board
Develop & deploy Policy/Framework

Framework Standard ERM framework Risk

Management People, Process, Technology Management Team

Continuous Improvement
Risk Management

Identification Analysis
Evaluation Treatment

Monitoring
Business Units &
 wnership
Risk O
Functions
Risk Categories

Governance Strategic
Operational Compliance

Reporting

AS/NZS ISO 31000:2009 Risk Management

Orange Book by UK Government Treasury - Principles and Guidelines by AUS/NZ
Standards Board
COSO; Enterprise Risk Management-
Integrating with strategy and performance ISO - ISO 31000:2018, Risk Management
(2017) by Tread way Commission -Guidelines

38 Building a Bold Tomorrow

 Wipro Limited
Integrated Annual Report 2020-21

Pandemic and COVID-19 Regulatory Compliance

This includes COVID-19 outbreak within the
company’s premises, impacting employee safety
and well-being.
Mitigation plan
→ Work from home policy – Implemented WFH
policy wherein most employees continue to
work from home, barring the absolute essential
staff mandated by customer requirement
→ Workplace safety measures – Availability of
medical support within premises
→ Wellness focus – physical and emotional
well being, financial support
It covers various federal, state, local and foreign
laws relating to various aspects of the business
operations and non- compliances can result in
substantial fines, sanctions, etc.
Mitigation plan
→ A program on statutory compliance is in place
with the objective to track all applicable
regulations, obligations and corresponding
action items that require to be adhered to
ensure compliance along with necessary
workflows enabled

Business Continuity Risk Escalation of Information Security, Cyber

This arises out of global disruptions like Security and Technology Risk
pandemic, natural disasters, IT outages, cyber On account of increase in surface area of devices
security, terror attacks and unrest, power
Mitigation plan
disruptions.
→ Effective security controls implemented to
Mitigation plan
detect, prevent and remediate threats
→ Business Continuity Management System
→ Program to continuously monitor the
(BCMS) and a framework aligned to ISO 22301
effectiveness of the controls are implemented
across global locations, accounts and service
to effectively sustain the security controls
functions
→ Focus on continuous improvement of the
→ Core BCM team is a skilled cross-functional
efficacy of the security controls with the
team comprising members from Delivery,
adoption of new processes and latest
Legal, Office Administration, HR, Procurement,
technology solutions
IT enablement & IT security teams

Internal Financial Reporting and Control

In response to the COVID-19 pandemic, we initiated our business continuity program in March 2020 and
facilitated our employees to work remotely/work from home. Our business continuity program and the
design of our processes allow for remote execution with accessibility to secure data. There were no changes
to our internal control over financial reporting that have materially affected or are reasonably likely to
materially affect our internal control over financial reporting during the period covered in this Annual Report.

39
Risk Management Framework

Data Privacy Regulations Geo-political or Economic Situations

(such as General Data Protection Regulation in Risk of Protectionism policies impacting the
Europe) relating to personal information dealt business in that market.
with both by and on behalf of Wipro increases the
Mitigation plan
risk of non-compliance.
→ Country Risk Assessment framework
Mitigation plan
→ Strengthened the Data Privacy program, taking
into consideration the privacy regulatory
requirements, with specific emphasis to
revalidate all existing frameworks, policies and
processes that can be leveraged by respective
support function and delivery teams, covering Employee work place Environment, Health,
all applicable geographies and areas of Safety and Security Risk is a major focus area
operations
Mitigation plan
→ Executed Data process/ Data transfer
→ Addressing employee health and safety
agreements with customers as well as vendors
requirements including both the physical and
for flow down DTA/DPA to ensure governance
mental well-being
→ Also strengthened Wipro systems to ensure
→ Extended safe and healthy work environment
personal data governance from controller
to all our contractors, customers, visitors at our
perspective
premises and to our extended value chain
→ Adherence to privacy by design is a non-
→ OHSAS ISO45001 implemented across
negotiable requirement incorporated in the
campuses
application development and rollout process
→ Set up a well-defined process to handle
subject access requests related to personal
data, to cater to the SAR requirements
→ Implemented a 24*7 personal incident
M&A integration
management process to ensure speedy
M&A is a key strategy for Wipro. The seamless and
governance on personal data related incidents;
successful integration of the new entities into the
if any
larger organization is a key focus.
→ Made mandatory data privacy awareness and
Mitigation plan
refresher sessions for all employees as part of
Wipro onboarding process → Involved a cross functional team to plan the
integration, right from the due diligence stage
to post integration and until steady state
operations

40 Building a Bold Tomorrow

 Wipro Limited
Integrated Annual Report 2020-21

Intellectual Property (IP)

Talent Risk
Violating or misusing our client's intellectual
Attracting, up-skilling and retaining talent is a key
property rights or for breaches of third-party
risk.
intellectual property rights or confidential
information in connection with services to our Mitigation plan
clients can lead to reputational and financial risk.
→ Initiated an organization re-structuring
Inadequate protection of Wipro IP can lead to
program including a simple delivery model that
financial loss and loss of market opportunity.
will yield economies of scale
Mitigation plan
→ It will also help achieve our goal of becoming an
→ An elaborate program exists to safeguard our employer of choice
clients and Wipro's Intellectual Property
→ The dedicated IP unit ensure that all Wipro and
client IP is protected, reviews and enhances
program on an on-going basis and ensures a
strong Governance
Fraud Risk
→ Undertake employee awareness and training This is related to information dealt with both by
programs, employee IP declaration, systemic and on behalf of Wipro and increases the risk of
controls and periodic reviews to ensure non-compliance.
adherence
Mitigation plan
→ Put in place a robust Fraud Management
program to identify potential areas of failure
and proactively implement mitigations
Service Delivery and Obligation → The Code of Business Conduct, Zero tolerance
Management Risk policy on integrity, Anti- Bribery and Anti-
Mitigation plan Corruption program (ABAC), Finance Risk
Management program, Vendor Management
→ Risk Management framework is implemented
program and our Ombuds program ensures a
for large value deals to assess solution fitness,
strong governance around fraud management
credit risks, financial risks, technology risks
among other risk factors → The ABAC program classifies each country
from a risk perspective basis factors and build
→ Contractual compliance programs ensure
control and mitigation plans accordingly.
regular project reviews and highlights any risk
to service delivery
→ Early warning systems and customer
satisfaction surveys help to assess
effectiveness
→ Additional risk assessment of Functions
Environmental & Climate Related Risks
ensures pro-active mitigation of risks that are
likely to impact service delivery
See ‘Natural Capital’ section

41