Enterprise Risk Management system

The Enterprise Risk Management system is based on the principles, framework and process of the ISO 31000 standard for risk management. As a key element of responsible corporate governance, its aim is not to completely avoid risks but rather to provide scope for more conscious risk-taking, supported by comprehensive knowledge of risks and their interactions. The Board of Directors determines the Groups’s risk appetite, and this is then applied within the organisation. The Group Risk Management department creates transparency that supports Swisscom in operating within the specified risk appetite.

The Board of Directors and the Group CEO have set out their expectations for managers and employees of the Swisscom Group in a Code of Conduct (take responsibility, follow the rules, show integrity and report breaches) and this serves as the basis of a healthy risk culture.

Swisscom’s assurance functions are designed to support management and at the same time reduce its workload. Group Risk Management’s aim is to establish proactive risk management that identifies risks early on and manages them actively, consistently and comprehensively to boost trust in Swisscom and its reputation. Group Risk Management collaborates closely with the whole organisation to achieve this aim.