Risk management plays a crucial role in mitigating the impact of events that could negatively affect the organization. At LTIMindtree, we embed risk management into daily decision-making across all functions, fostering a culture that is aware of and responsive to risks and opportunities. We continuously assess risks and opportunities to ensure alignment between our business strategy and the internal and external environment.
Our acclaimed risk-management framework facilitates informed and responsible risk-taking by systematically and proactively identifying, assessing, treating, monitoring, and reporting risks. The Board and senior management provide robust oversight for our comprehensive risk management program. LTIMindtree's Enterprise Risk Management (ERM) framework adheres to the ISO 31000 Risk Management Guidelines, ensuring alignment with international standards.

The aim of Enterprise Risk Management (ERM) is to comprehensively manage risks to the organization, sustaining business growth and profitability through effective governance and strategies. The ERM framework establishes a robust Risk Governance structure to formulate the organization's risk management strategy and attain key business objectives, offering insights into the primary risks facing the organization. This facilitates risk-informed decision-making at the Board and executive management levels. Governance forums at different tiers ensure that risks are identified, reviewed, and addressed throughout the organization. The Chief Risk Officer oversees Risk Management activities and is supported by the ERM team.
Risk Management Committee (RMC) is an apex body comprising of the Board Committee and has a focused agenda of overseeing Key Enterprise Risks. The forum discusses and deliberates on external risks/disruptive trends and its mitigation plans. Emerging risks in context to organization vision in next few years are also discussed. RMC is convened on a quarterly basis.
Audit Committee (AC): Audit Committee (AC) is a Board Committee with focused agenda on risks and internal controls. AC meetings are conducted on a quarterly basis.
Risk Operating Committee (ROC): Risk Operating Committee (ROC) comprises of CXOs and senior leadership. ROC meeting is conducted once in a quarter, where risks perceived to the organization are discussed and deliberated, including Enterprise level risks, Data Privacy risks, Cyber Security risks, Business Continuity risks, Crisis Management, Third Party Risks, Regulatory risks and any other risk as applicable.
Business Unit (BU) ERM Cadence Meeting: Business Unit level risks are discussed in the monthly cadence meeting. The meeting is convened by the Business Unit Risk Champion and is attended by the Business Unit Head and other Senior Leadership.
ERM Framework implements management of risks at various layers of the organization including risks at project level, account level, Business unit level and Enterprise level. Detailed risk management process helps to identify and treat the risks before it surfaces as an issue. The process is enabled through a digital platform that provides an enterprise-wide view of risks, enabling informed decision-making.
ENTERPRISE LEVEL RISKS AND THEIR TREATMENT
RISKS
DESCRIPTION
Frequent changes in leadership may affect Delivery and Customer relationships. Higher attrition rates can result in increased operational costs and diminish goodwill.
RISK TREATMENT APPROACH
- Cultivating and guiding leadership development via specialized programs
- Establishing a robust leadership pipeline
- Providing career advancement opportunities to fulfill Leadership positions
RISKS
DESCRIPTION
In the ever-changing landscape of business and technology, we face risks related to workforce utilization and technological obsolescence. Due to the industry's dynamic nature, there is uncertainty in strategically planning skills in advance and reallocating our talent to meet demand while enhancing technical competencies and skills.
RISK TREATMENT APPROACH
Business-Aligned Skill Needs Assessments
- Facilitating alignment of skill needs between delivery units and service lines
Competency Manager Network
- Taking ownership to ensure that skill forecasts are aligned with business units
- Fulfilling skill needs internally, through appropriate training
Upskilling Initiative
- Providing opportunities for reskilling and upskilling of employees
- Implementing a structured talent development framework focused on skills, competencies, and proficiency
- Integrating learning pathways with performance management processes
RISKS
DESCRIPTION
Lack of strong cyber security posture across people, processes, and technology can weaken cyber resilience and undermine client confidence. Inadequate controls in cyber security may expose vulnerabilities, resulting in:
- Unauthorized access and cyber attacks
- Non-compliance with contractual obligations
- Loss of critical business data
- Embargoes and reputational damage
RISK TREATMENT APPROACH
- Develop and execute a robust Cyber Security assessment strategy to evaluate our environment against global best practices and frameworks
- Review our security posture to effectively manage cyber risks internally and externally across the extended ecosystem
- Ensure compliance with benchmark security standards for tier 1 organizations
- Implement a comprehensive cyber security strategy encompassing enterprise-wide security controls for assets including Endpoints, Servers, Clouds, and Infrastructure
- Address vulnerabilities through timely patching and deployment of security patches across all enterprise systems
- Provide mandatory training and sufficient awareness measures throughout the employee lifecycle
RISKS
DESCRIPTION
Failure to comply with privacy laws may result in significant financial penalties and damage to reputation.
RISK TREATMENT APPROACH
- Deployment of a comprehensive global data privacy framework, aligned with ISO27701 standards
- Establishing an efficient data privacy framework to identify all organizational data and processing activities, including personal data
- Utilizing automation and system enhancements to enhance Data Privacy Governance through tools such as dashboards and microsites
- Creating a personal data inventory across all organizational functions and locations
RISKS
DESCRIPTION
ESG considerations and their related risks and opportunities are increasingly pertinent, driven by heightened expectations from investors, customers, and regulatory bodies. Inadequate transparency and delayed reporting may result in non-compliance and reputational damage with stakeholders
RISK TREATMENT APPROACH
Environment
- Set targets to achieve carbon and water neutrality for operations in India
- Decrease Scope 1 and 2 emissions
- Enhance the utilization of renewable energy sources
- Reduce water consumption and increase waste recycling efforts
Social
- Foster community development through CSR initiatives focusing on Women Empowerment and Persons with Disabilities (PwD), including skilling, employment, education, providing market linkages, and supporting micro-entrepreneurship
- Prioritize Diversity, Equity, and Inclusion efforts by promoting greater inclusion of women in leadership roles, supporting PwD, LGBTQ+, and veterans in the workforce
- Establish Key Performance Indicators (KPIs) to measure outcomes in each project and conduct annual audits to assess social impact and social return on investment for critical or flagship projects
Governance
- Ensure transparent and accountable disclosures through non-financial sustainability/ESG reports
- Adhere to relevant regulations concerning payroll and social security laws, employee health and safety, financial reporting, bribery, and corruption
- Maintain and enhance various ESG ratings and rankings
RISKS
DESCRIPTION
Crucial Deliveries, milestones and commitments can get impacted due to Integration.
RISK TREATMENT APPROACH
- Delivery parameters undergo regular review and monitoring via a digitized governance process
- Project Managers and Legal consultants identify all contract commitments outlined in Statements of Work (SOW) and Master Service Agreements (MSAs) in accordance with planned milestones
- Leadership oversees high-risk projects through review process, at defined frequency
RISKS
DESCRIPTION
Integrating two former entities into LTIMindtree carries inherent risks:
- Delays in completing ground-level integration activities can impact smooth functioning of the Company's operations
- Failure to establish streamlined financial closure, reporting, and operations poses additional challenges
RISK TREATMENT APPROACH
Integrating two entities is a multifaceted endeavor, requiring a comprehensive framework be built to harmonize numerous activities and processes:
- Emphasize business-critical work streams as a top priority
- Maintain a consistent cadence and robust governance through frequent leadership reviews
- Diligently monitor and track progress in system integration
- Provide training to relevant stakeholders on pertinent systems and processes
RISKS
DESCRIPTION
There is a risk to our revenue growth due to:
- A reduction in overall IT spending stemming from broader economic uncertainty in the market
- Emphasis on smaller deal sizes with a focus on achieving quicker returns on investment
RISK TREATMENT APPROACH
Sales Transformation Programs aimed at driving growth during challenging times will operate through four streams:
- Enhance revenue generation from top 100 accounts
- Implement cross-selling and upselling strategies for accounts exceeding USD 1 Million
- Pursue proactive approaches for securing large deals
- Concentrate efforts on acquiring new clients and engaging with emerging technology players
RISKS
DESCRIPTION
Failing to stay abreast of relevant technological trends may result in increased time for industrialization due to excessive disruptions.
RISK TREATMENT APPROACH
Implement a process to regularly publish the Technology Radar, showcasing identified, selected, and evaluated technologies. These technologies can be viewed as either threats or opportunities for the future.
RISKS
DESCRIPTION
A significant portion of our revenue comes from a select group of major clients. This higher concentration of revenue among a limited number of customers poses a risk to the Company's overall revenue if we encounter specific issues with any of these customers.
RISK TREATMENT APPROACH
Given the increased size of LTIMindtree post integration, business concentration with top customers has reduced
- Efforts are directed towards diversifying the revenue profile by targeting a broader customer base.
- Emphasis is placed on nurturing the growth of the next tier of top clients.
- Efforts are being put to increase the tiers or pyramid of accounts for USD 10 Million and USD 20 Million accounts to further spread out revenue streams
RISKS
DESCRIPTION
The current economic instability is driving up labor and operating costs, compounded by increased pressure from clients for discounts and price reductions. Additionally, the return of the workforce to office premises may escalate operational costs, thereby impacting margins.
RISK TREATMENT APPROACH
Five-pronged approach under Program ‘NorthStar’ to improve margins:
- Bench & Utilization
- Focus on low margin programs
- Delivery Structure Optimization
- Improved Rate Realization
- Procurement cost optimization
RISKS
DESCRIPTION
Engaging in fraudulent activities poses the risk of eroding trust from clients, shareholders, and investors, resulting in operational, financial, and reputational harm. Such actions could detrimentally affect our organization's brand and market share.
RISK TREATMENT APPROACH
- Establish and implement a comprehensive Fraud Prevention Policy and Process aimed at implementing effective control measures to prevent fraudulent activities
- Promote a culture that encourages whistleblowers
- Strengthen governance procedures to swiftly resolve cases
- Maintain multi-layered tracking of fraudulent instances
- Explore the utilization of technology and data patterns to prevent potential fraud