30
Organizational Resilience | BSI and Cranfield School of Management
happening with the industry environment and with technologies, to make sure that
the strategic choice risk itself is being mitigated correctly.” The company has shifted
from a focus on “how you minimize risk to how you enable the business to take
risks, because in this unknown environment you need to take some risks to get the
return.”
Managing “the two-sided coin of strategy and risk” works by asking strategic
questions and discussing risk mitigation measures. For example, there was a
discussion about what needed to be changed in the business model. Infosys needed
to create new software platforms, so new product teams were formed, and they
created new software. Then the question became, ‘What are the risks that new
software will not gain in sales momentum?’ So it mitigated that risk by engaging the
existing sales teams to sell the new software. The next question was, ‘What is the
risk that the sales team does not have the competencies to do this?’ This provoked a
conversation about whether the company should just retrain its existing salespeople
or bring in new salespeople. The final mitigation was to “catalyze the existing sales
team with of some of the salespeople who were specialized in software sales,
including those obtained in an acquisition”.
To ensure excellence in strategy execution, Infosys has developed a corporate
scorecard, which gives it a roadmap for the next three to five years. Various
parameters including market penetration, operations, innovation, automation,
people, culture, and values are captured in the scorecard. The key issue is being
satisfied that the “new software-based services and the renewed traditional services
are providing a platform for consistent profitable growth”. Infosys also focuses
on system strength and process rigour, with a strong focus on safeguards in its
contracts and business continuity. With a large number of employees, Infosys has
“a lot of labour risks, safety risks, facilities risks, immigration risks and all kinds of
employee-related risks”. There is also, of course, fraud and cyber security, which are
traditional issues that Infosys addresses along with legal compliance. In the past,
resilience at Infosys relied on “policies, procedures, enforcement and accountability”,
but now it is seeing a move towards more analytics and agility.
One of the first things that employees came back and said was, “If you want me to
come up with new stuff I need to be able to access the Internet freely.” In the past,
access to the Internet was curtailed because it was thought to reduce productivity
and increase cyber risk. However, “now we are saying of course you need to go and
see what other people are doing, you need to part of forums outside, you need to
have access to information on the Internet because you need to be innovative and
collaborate.” But this change raised risk because the more open the network was to
the outside world, the greater the cyber security threat. Infosys “struggled with this
issue for quite some time, and finally we came up with an ‘open Internet’ policy,
where we could safeguard some of the critical risk”. The day it opened up its Internet
for most people to access most sites “we got a record number of cyber security hits
on our network – it was unprecedented, but luckily none of them came through
the firewall.” Importantly, Infosys recognized that this was going to happen and
prepared for it. To date, Infosys thinks productivity hasn’t been adversely affected
but innovation has improved. The open access Internet policy also “has a more
intangible cultural benefit, which is that people just feel they’ve got more freedom
and more empowerment to do things.”