Risk management system
Swisscom’s enterprise risk management (ERM) applies Group-wide and takes both internal and external events into account. Swisscom complies with the established COSO II and ISO 31000 risk management standards and thus has a risk management system in place that meets the requirements of its own corporate governance policy as well as those of Swiss law.
Swisscom’s risk management is aimed at safeguarding the company’s enterprise value. This is assured by having in place a recognised and appropriate Group-wide risk management system as well as comprehensive, fit-for-purpose reporting at each level of management, suitable documentation and a risk-aware corporate culture. Risks are defined as events or situations which, should they occur, could potentially jeopardise the company’s ability to achieve its objectives.
Swisscom employs special instruments in individual risk areas. In financial risk management, for example, quantitative tools (sensitivity analyses) are used to assess interest rate and currency risks. Specialised central organisational units monitor the legal compliance risks and financial reporting risks (internal control system, ICS).
The main risks to which Swisscom is exposed are identified in a comprehensive risk analysis. Each risk is assigned a risk owner. To enable the early identification, assessment and management of risks and their inclusion in strategic planning, the central Risk Management unit works closely with the Controlling and Strategy departments and other relevant departments. Risk management covers risks in the areas of strategy (including market risks), operations (including finance risks), compliance and financial reporting. The risks are assessed according to their probability of occurrence and their qualitative and quantitative effects in the event of occurrence, and are managed on the basis of a risk strategy. The risks are evaluated in terms of their impact on key performance indicators reported by Swisscom. The risk profile is reviewed and updated on a quarterly basis. The Board of Directors’ Audit Committee and the Swisscom Group Executive Board are informed about significant risks, their potential effects and the status of measures on a quarterly basis, and the Board of Directors on a semi-annual basis. The effectiveness of the risk strategies and measures taken is assessed quarterly. Information on the internal control system, compliance management and internal auditing is provided in the Corporate Governance Report, Section 4.8, Controlling instruments of the Board of Directors vis-à-vis the Group Executive Board.See report