Risk Management Report
Mindtree’s Enterprise Risk Management (ERM) program is a strategic discipline which supports the Company’s objective to support sustainable growth and generating value for its customers, investors, employees and other stakeholders. This is achieved by deploying an effective risk management framework which helps in proactively identifying, prioritizing and mitigating risks. The Mindtree Enterprise Risk Management (ERM) framework has been designed by incorporating elements of leading risk management standards such as:
• COSO; Enterprise Risk Management – Framework by Treadway Commission
• ISO 31000: 2009 by ISO
• IRM Risk Management Standard
Mindtree ERM Framework
Risk Management Committee (RMC) at Mindtree is made up of three Executive Directors, including the Executive Chairman, CEO, Executive Vice Chairman and an Independent Director. RMC is headed by the Executive Chairman and also includes CFO and CRO as permanent invitees to meetings. RMC provides the oversight and direction to the group. Every potential risk has designated risk owners who are responsible for risk treatment as per Mindtree’s risk management policy. RMC meets every quarter to discuss on the risks and their mitigation plans along with risks that have emerged during the course of the year. In 2017-18 we added initiatives such as:
• Risk Management framework has been extended to the acquired companies.
• Enterprise risk register is automated and dashboard with risk heat map is now accessible online for Senior Management at any point of time.
• The risk awareness program has continued to gather pace throughout the year. The program uses different mechanisms to target different audiences ranging from senior leaders to Mindtree Minds who have joined us fresh from campus and has received a very enthusiastic response.
• Contract Management Tool is enhanced for effective tracking of contractual customer obligations.
• Business Continuity framework has been further strengthened by enhancing Business Continuity/Disaster Recovery functions and implementing specific plans to meet business-defined recovery time and recovery point objectives and also ensuring that these plans are reviewed on a set schedule. Roles and responsibilities have been defined to ensure that everyone involved in the Business Continuity Management (BCM) process understands their role.
• We have taken various initiatives to strengthen the controls around Information Security/ Cyber Security.
A detailed description of all the significant risks and their mitigation plans is given in the Management Discussion and Analysis section.