Risk and opportunity management system.
As one of the world’s leading providers in the telecommunications and information technology industry we are subject to all kinds of uncertainties and change. In order to operate successfully in this ongoing volatile environment, we need to anticipate any developments at an early stage and systematically identify, assess and manage the resulting risks. It is equally important to recognize and exploit opportunities. A functioning risk and opportunity management system is therefore a central element of value-oriented corporate governance.
In addition to business management requirements, a risk management system is required by regulations and by law (for example by § 91 (2) of the German Stock Corporation Act (Aktiengesetz – AktG) and the German Accounting Law Modernization Act (Bilanzrechtsmodernisierungsgesetz – BilMoG)), which translated the requirements of the 8th EU Directive (as well as those of the 4th and the 7th) into national law). BilMoG obliges the Audit Committee to monitor the effectiveness of internal control systems and of risk management.
Our Group-wide risk and opportunity management system covers all external, strategic, operational, financial, and reputational risks and opportunities for our fully-consolidated entities. The aim is to identify these early on, monitor them, and manage them in accordance with the desired risk profile.
We base our system on an established standard process (see graphic 51). Once risks and opportunities have been identified, we move on to analyze and assess them in more detail. The effects of risks and opportunities are not offset against each other. This is followed by a decision on the actual action to be taken (e.g., reducing risks/seizing opportunities). The associated action plan is implemented, monitored and evaluated by the respective risk owners. All steps are repeatedly traversed and modified to reflect the latest developments and decisions.
Deutsche Telekom’s risk and opportunity management system is based on the globally applicable risk management standard of the International Standards Organization (ISO). ISO standard 31000 “Risk management – Principles and guidelines” is regarded as a guideline for internationally recognized risk management systems.
The external auditor mandated by law to audit the Company’s annual financial statements and consolidated financial statements in accordance with § 317 (4) of the German Commercial Code (Handelsgesetzbuch – HGB) examines whether the risk early warning system is able to identify at an early stage risks and developments that could jeopardize the Company’s future. The system complies with the statutory requirements for risk early warning systems and conforms to the German Corporate Governance Code.
In addition, our Group Controlling unit has established a series of Group guidelines and processes for the planning, budgeting, financial management and reporting of investments and projects. This guideline guarantees the necessary transparency during the investment process and the consistency of investment planning and decisions in our Group and operating segments. It also provides decision-making support for the Board of Management and the Board of Management Capital Expenditure Committee. This process also includes the systematic identification of strategic opportunities and risks.