This document discusses the IT industry in India. It provides an introduction to the major components of the IT industry in India, including IT services, business process outsourcing, software products and engineering services, and hardware. It notes some of the top players in the Indian IT industry and provides revenue figures. It also discusses IT as a service (ITaaS) delivery model. The document then outlines some of the key drivers for success and risks faced by industry players, including cybersecurity risks, political and regulatory risks, risks from changes in technology and automation, and provides mitigation strategies for three of the top risks. It also discusses risk management standards and guidelines and provides an overview of the COSO enterprise risk management framework and Wipro

1. in IT
PRN Student Name
17020448011 Ashutosh Pandey
17020448016 Nema Buch
17020448028 Jogeshwary Dhope
17020448049 Lipi Basu
17020448090 Shubhangi Shingate
17020448092 Sonam Singh
17020448106 Vijay Ratnalikar

2. IT INDUSTRY - INTRODUCTION
Information technology in India is an
industry consisting of following major
components: IT services , business
process outsourcing (BPO) , software
products and engineering services and
hardware
Top players in India – TCS, Infosys,
Wipro, HCL, Tech Mahindra, L & T etc
and the sector aggregated revenues of
US$ 160 billion in 2017
The domestic revenue of the IT industry
is estimated at US$ 38 billion and export
revenue is estimated at US$ 117 billion
in FY17
IT as a service (ITaaS) is an operational
model where the information
technology(IT) service provider delivers
an information technology service to a
business. The IT service provider can be
internal or external.

3. KEY DRIVERS FOR SUCCESS
Market
Position
Operating
Management
Diversification
Marketing
and
Distribution
Financial
Policies
Capital
Structure
Cash flow
protection
and Liquidity
Financial
Flexibility
Open
communication
lines
Business
requirements
analysis
Expectation
management
Organizational
protocols and
sponsorship
Scientific research
expertise
(important in such
fields as
pharmaceuticals,
medicine, space
exploration etc.)
Production process
innovation
capability
Production
innovation
capability
Expertise in a given
technology

4. KEY RISKS FACED BY THE INDUSTRY PLAYERS
Cybersecurity
Political and regulatory
risk (Changes to federal,
state and local
regulations, including
tax)
Worldwide Economic
instability
Change in Technology
(Emerging technologies)
& Automation
Management of current
and future mergers and
acquisitions or
divestitures
Intellectual property
infringement
Outsourcing
Inability to attract or
retain personnel,
including management
Pressures on pricing,
margins and cost cutting
Product liability, quality
and safety issues
Fraud Physical Attack

5. Impact and
Handling of
top three risks in
IT

6. CYBER SECURITY RISK
Impact: Costly Financial Consequences such as
 Legal fines
 Liability for customer losses
 Remediation effort
 Investigation
 Loss of business due to loss of potential
customer
 Loss of trust and reputation
 Insecurity of capital
 Insecurity of Intellectual Property
 Insecurity of Privileged organizational
information
Mitigation/contingency:
Establish and maintain certain information
security risk criteria
Identify “risks associated with the loss of
confidentiality, integrity and availability for
information within the scope of the
information security management system”, and
identify the owners of those risks
Installation and effective usage of security
tools and standards
Regular Security Audit at organizational level

7. POLITICAL, ECONOMIC AND REGULATORY RISK
Impact:
 Loss of business/loss of profit margin for Indian IT companies
 Increased taxation, reduced investment and lack of finance
 Pressure/security concern for executive management and employees
 Downsizing, no recruitment & lay offs in industry
 Loss of revenue due to exchange rate fluctuation
 Currency inconvertibility and remediation effort
 Leads to Legal fines, increase in compliance cost and complexity
Mitigation/contingency:
 Diversification
 Cut down of salaries and additional facilities of employees
 Intelligence and analysis
 Bringing risk management staff together with Government relations or external affairs
 Assess the organizational approach to manage its global compliance activities including acquisitions
Top geopolitical threats (ranked by number of mentions)

8. Change in Technology (Emerging Technologies) & Automation
Impact:
 Increase in uncertainty on financial as well as people front
 Need of added emphasis on planning, control, and coordination
 Inability to develop or market new products and services on time
 Loss of business due to change in technology
 Resistance for adoption of new technology (by existing people)
 Existing skillsets become unusable leading to dissatisfaction in existing employees
 Loss of business / profit margin due to Automation
Mitigation/contingency:
 Fine tuning of current strategies, structures and business processes timely to
cope up with the changes
 Invest in innovation and technology proactively
 Have right focus on learning and development aligned to organizational goals
 Get people involved from the beginning and communicate timely

10. RISK MANAGEMENT
What?
• Process of identifying vulnerabilities and threats to an organisation in achieving business objectives
and deciding what countermeasures, if any, to take in reducing risk to an acceptable level
Why?
• organisations need an integrated view of risk which can be achieved by coordinated risk identification
exercise, the components of which are:
• A common risk language including issue rating
• A collective risk assessment program to minimize duplication of effort
• An audit process that allows for participation of other risk and control functions
• An aligned and consistent risk reporting process
How?
• Risk Management frameworks
• Standards developed worldwide to help organisations implement risk management systematically and
effectively
• Establish a common view on frameworks, processes and practice and are generally set by recognised
international standard bodies

11. RISK MANAGEMENT STANDARDS AND GUIDELINES
Organisational: Designed to improve an organisation’s ability to meet or exceed its objectives
through enhanced decision-making and activities that address key uncertainties
Compliance and Control: Seeks to assure the transfer or mitigation of risks primarily through
compliance and control objectives and activities
ISO 31000: 2009 Risk
Management Practices
and Guidelines
OCEG “Red Book” 3.0:
GRC Capability Model
BS31100: 2011 Code of
Practice for Risk
Management
COSO: 2013 Enterprise
Risk Management
Integrated Framework
FERMA: 2002 A Risk
Management Standard
All industries and
sectors
All industries and
sectors
All industries and
sectors
All industries and
sectors
All organisations
Organisational Compliance and
control
Organisational Organisational,
Compliance and
control
Organisational
ApplicabletoPrimary
objective

12. Help organisations increase the
likelihood of achieving objectives,
improve the identification of
opportunities and threats and
effectively allocate and use
resources for risk treatment
Cannot be used for
certification purposes but
provides guidance for
internal or external audit
programmes
Compare their risk management
practices with an internationally
recognised benchmark,
providing sound principles for
effective management and
corporate governance
ISO 31000 – RISK MANAGEMENT

13.  Accepted framework for internal control
 Organisations measure the effectiveness of their systems of internal control against the defined standard
 5 Main components to support the achievement of an entity’s mission, strategies and business objectives
1. Control Environment
• Integrity and Ethical Values
• Commitment to Competence
• Board of Directors and Audit Committee
• Management’s Philosophy and Operating Style
• Organisational Structure
• Assignment of Authority and Responsibility
• Human Resource Policies and Procedures
2. Risk Assessment
• Company-wide Objectives
• Process-level Objectives
• Risk Identification and Analysis
• Managing Change
3. Control Activities
• Policies and Procedures
• Security (Application and
Network)
• Application Change
Management
• Business Continuity/Backups
• Outsourcing
4. Information and Communication
• Quality of Information
• Effectiveness of Communication
• 5. Monitoring
• Ongoing Monitoring
• Separate Evaluations
• Reporting Deficiencies

14. ERM FRAMEWORK AT WIPRO
1. Risk Register is
created for each
process in the
organisation.
2. Risks and controls
are mapped to the
business objective
of each process.
3. Risks are collated
from all known
internal and
external sources.
4. Each risk is
captured with a
measurable Key risk
indicator (“KRI”)
mapped with the risk
appetite and suitable
mitigation plans.
5. Periodic reports
and dashboards are
published to track
risk levels.
6. Risks and mitigations are
tracked jointly with
concerned business or
functional owners to enhance
accountability and focus.
7. Periodic risk dashboards
are placed for review
with Senior Management
and Audit committee.
AS/NS 4360:2004 by
AUS/NZ Standards
board
COSO; Enterprise Risk
Management –
Integrated Framework
by Treadway
Commission
Orange Book by UK
Government Treasury.
ISO/FDIS 31000:2009
by ISO
Mix of four
globally
recognized
standards:

15. Thank you