Organisational Report

happening with the industry environment and with technologies, to make sure that the strategic choice risk itself is being mitigated correctly.” The company has shifted from a focus on “how you minimize risk to how you enable the business to take risks, because in this unknown environment you need to take some risks to get the return.” Managing “the two-sided coin of strategy and risk” works by asking strategic questions and discussing risk mitigation measures. For example, there was a discussion about what needed to be changed in the business model. Infosys needed to create new software platforms, so new product teams were formed, and they created new software. Then the question became, ‘What are the risks that new software will not gain in sales momentum?’ So it mitigated that risk by engaging the existing sales teams to sell the new software. The next question was, ‘What is the risk that the sales team does not have the competencies to do this?’ This provoked a conversation about whether the company should just retrain its existing salespeople or bring in new salespeople. The final mitigation was to “catalyze the existing sales team with of some of the salespeople who were specialized in software sales, including those obtained in an acquisition”. To ensure excellence in strategy execution, Infosys has developed a corporate scorecard, which gives it a roadmap for the next three to five years. Various parameters including market penetration, operations, innovation, automation, people, culture, and values are captured in the scorecard. The key issue is being satisfied that the “new software-based services and the renewed traditional services are providing a platform for consistent profitable growth”. Infosys also focuses on system strength and process rigour, with a strong focus on safeguards in its contracts and business continuity. With a large number of employees, Infosys has “a lot of labour risks, safety risks, facilities risks, immigration risks and all kinds of employee-related risks”. There is also, of course, fraud and cyber security, which are traditional issues that Infosys addresses along with legal compliance. In the past, resilience at Infosys relied on “policies, procedures, enforcement and accountability”, but now it is seeing a move towards more analytics and agility. One of the first things that employees came back and said was, “If you want me to come up with new stuff I need to be able to access the Internet freely.” In the past, access to the Internet was curtailed because it was thought to reduce productivity and increase cyber risk. However, “now we are saying of course you need to go and see what other people are doing, you need to part of forums outside, you need to have access to information on the Internet because you need to be innovative and collaborate.” But this change raised risk because the more open the network was to the outside world, the greater the cyber security threat. Infosys “struggled with this issue for quite some time, and finally we came up with an ‘open Internet’ policy, where we could safeguard some of the critical risk”. The day it opened up its Internet for most people to access most sites “we got a record number of cyber security hits on our network – it was unprecedented, but luckily none of them came through the firewall.” Importantly, Infosys recognized that this was going to happen and prepared for it. To date, Infosys thinks productivity hasn’t been adversely affected but innovation has improved. The open access Internet policy also “has a more intangible cultural benefit, which is that people just feel they’ve got more freedom and more empowerment to do things.”

30

Organizational Resilience | BSI and Cranfield School of Management