Risk management system

Swisscom’s enterprise risk management (ERM) applies Group-wide and takes both internal and external events into account. Swisscom complies with the established COSO II and ISO 31000 risk management standards and thus has a risk management system in place that meets the requirements of its own corporate governance policy as well as those of Swiss law.


Swisscom’s risk management system is aimed at safeguarding the company’s enterprise value. This is assured by having in place a recognised and appropriate Group-wide risk management system as well as comprehensive, fit-for-purpose reporting at each level of management, suitable documentation and a risk and opportunity-aware corporate culture.


The Board of Directors delegates responsibility for implementing the risk management system to the CEO Swisscom Ltd. A central Risk Management unit reports to the CFO Swisscom Ltd. It coordinates all organisational units charged with risk management tasks and oversees these insofar as this is required for reporting purposes. This ensures comprehensive, Group-wide coordinated risk management and reporting. As part of their remit, employees entrusted with risk management tasks have an unrestricted right to information and are authorised to access and view all relevant documents and records.

Swisscom employs special instruments in individual risk areas. In financial risk management, for example, quantitative tools (sensitivity analyses) are used to assess interest rate and currency risks. Specialised organisational units monitor the legal compliance risks and financial reporting risks (internal control system, ICS).


The main risks and opportunities for Swisscom are identified in a comprehensive analysis. Each topic is assigned an owner. To enable the early identification, assessment and management of risks and opportunities and their inclusion in strategic planning, the central Risk Management unit works closely with the Controlling and Strategy department and other relevant departments. Risk management covers risks and opportunities in the areas of strategy (including market), operations (including finance), compliance and financial reporting. The risks are assessed according to their qualitative and quantitative effects in the event of occurrence, and managed on the basis of a risk strategy. The risks are evaluated in terms of their impact on key performance indicators reported by Swisscom. The risk profile is reviewed and updated on a quarterly basis. The Board of Directors’ Audit Committee and the Swisscom Group Executive Board are informed about significant risks, their potential effects and the status of measures on a semi-annual basis, and the Board of Directors on a semi-annual basis. The effectiveness of the risk strategies and measures taken is assessed quarterly.

Information on the internal control system, compliance management and internal auditing is provided in the Corporate Governance Report, Section 4.10, Controlling instruments of the Board of Directors vis-à-vis the Group Executive Board.

See report page 118