Vous êtes sur la page 1sur 8

83 SingApore Telecommunications Limited

Risk Management
Philosophy and Approach

We identify and manage risks to reduce the uncertainty associated with executing our
business strategies and maximising opportunities that may arise. Risks can take various
forms and can have material adverse impact on our reputation, operations, human
resources and financial performance.

We have established a comprehensive Risk Management Framework approved by our


Risk Committee. The Risk Management Framework sets out the governance structure
for managing risks, our risk philosophy, risk appetite and tolerance levels, our risk
management approach as well as risk factors.

In addition, our risk assessment and mitigation strategy are aligned with our Group
strategy and is an integral part of the annual business planning and budgeting process.

Governance Structure for Managing Risks

THE BOARD
Instils culture and approach for risk governance
Provides oversight of risk management systems and internal controls
Reviews key risks and mitigation plans
Determines risk appetite and tolerance
Monitors exposure

RISK COMMITTEE AUDIT COMMITTEE


Reviews and recommends risk strategy and policies Reviews adequacy and effectiveness of the Groups
Oversees design, implementation and monitoring of internal control framework
internal controls Oversees financial reporting risk for the Group
Reviews adequacy and effectiveness of the Groups Oversees internal and external audit processes
risk framework
Monitors the implementation of risk mitigation plans

MANAGEMENT COMMITTEE
Implements risk management practices within all business units and functions

RISK MANAGEMENT COMMITTEE


Supports the Board and Risk Committee in terms of risk governance and oversight
Sets the direction and strategies to align corporate risk management with the Groups risk appetite and risk tolerance
Reviews the risk assessments carried out by the business units
Reviews and assesses risk management systems and tools
Reviews efficiency and effectiveness of mitigations and coverage of risk exposures
Annual report 2016 84

Our Risk Philosophy


Our risk philosophy and risk management approach are based on three key principles:

RISK CENTRIC CULTURE Strong Corporate Governance PROACTIVE RISK MANAGEMENT


Structure PROCESS
Set the appropriate tone at the top
Promote good corporate governance Robust processes and systems
Promote awareness, ownership
to identify, quantify, monitor,
and proactive management of Provide proper segregation of duties
mitigate and manage risks
key risks Clearly define risk-taking
Promote accountability responsibility and authority Benchmark against global best
practices
Promote ownership and
accountability for risk taking

Risk Appetite

The Board has approved the following Risk Appetite Statement:

The Group is committed to delivering value to our shareholders achieved through sustained profitable growth. However,
we shall not compromise our integrity, values and reputation by risking brand damage, service delivery standards, severe
network disruption or regulatory non-compliance.

The Group will defend our market leadership position in Singapore and strengthen our market position in Australia and in
Asia Pacific through our regional mobile associates. We will continue to pursue business expansion in the emerging markets,
including acquiring controlling stakes in the associates, and actively managing the risks.

The Group is prepared to take measured risks to seek new growth in the digital space by providing globalplatforms and
enablers, targeted at a global footprint, while leveraging our current scale and corestrengths.

The Group targets an investment grade credit rating and dividend payout policy consistent with our stated dividend policy
and guidance.

Risk Management
We have established a rigorous and Credit Management in the profiles are managed within
and systematic risk review process management of risks. In addition, we policy limits.
to identify, monitor, manage regularly assess the environmental,
and report risks throughout the social and governance risks that exist In addition, we have in place a formal
organisation based on our risk or emerge in our broader value chain programme of risk and control self-
philosophy. Management has and address them through various assessment where line personnel
primary responsibility for identifying, corporate sustainability initiatives. are involved in the ongoing
managing and reporting to the assessment and improvement of
Board the key risks faced by Our key risk management activities risk management and controls. The
the Group. Management is also also include scenario planning, effectiveness of our risk management
responsible for ensuring that the business continuity/disaster recovery policies and processes is reviewed
risk management framework is management and crisis planning on a regular basis and, where
effectively implemented within and management. Close monitoring necessary, improved. Independent
the business units. The business and control processes, including reviews are conducted by third-
units are supported by specialised the use of appropriate key risk and party consultants regularly to ensure
functions such as Regulatory, Legal, key performance indicators, are the appropriateness of the risk
Environment, Insurance, Treasury implemented to ensure the risk management framework.
85 SingApore Telecommunications Limited

Risk Management
Philosophy and Approach

The consultants also report key Board, the CEOs of our business units address them, are reported to the
risks to the Board, as well as provide submit an annual report on the key AC. Our Management, with the
periodic support and input when risks and mitigation strategies for assistance of Singtel IA, follows
undertaking specific risk assessments. their respective businesses to the up on the external auditors
Furthermore, the risk management Risk Committee. Our Group CEO recommendations as part of their
processes facilitate alignment of our and Group CFO provide a written role in reviewing our system of
strategy and annual operating plan certification to the Board confirming internal controls.
with the management of keyrisks. the integrity of financial reporting,
and the efficiency and effectiveness The systems that are in place are
Singtels Internal Audit (IA) carries of the risk management, internal intended to provide reasonable
out reviews and internal control control and compliancesystems but not absolute assurance against
advisory activities aligned to the every year. material misstatements or loss, as
key risks in our businesses. This well as ensuring the safeguarding
provides independent assurance In the course of their statutory audit, of assets, the maintenance of
to the Audit Committee (AC) on external auditors review our material proper accounting records, the
the adequacy and effectiveness internal controls to the extent of the reliability of financial information,
of our risk management, financial scope laid out in their audit plans. compliance with applicable
reporting processes, and internal Any material non-compliance and legislation, regulations and best
control and compliance systems. In internal control weaknesses, together practices, and the identification
order to provide assurance to the with their recommendations to and management of business risks.

Risk Factors
Our financial performance and operations are influenced by a vast range of risk factors. Many of these affect not just our
businesses, but also other businesses in and outside the telecommunications industry. These risks vary widely and many
are beyond the Groups control. There may also be risks that are either presently unknown or not currently assessed as
significant, which may later prove to be material. However, we aim to mitigate the exposures through appropriate risk
management strategies and internal controls.

The section below sets out the principal risk types, which are not listed in the order of significance.

Economic Risks Project Risks Breach of Privacy Risks


Political Risks New Business Risks Financial Risks
Regulatory Risks and Technology Risks Electromagnetic Energy Risks
Litigation Risks Vendor/Supply Chain Risks Network Failure and
Competitive Risks Information Technology Risks Catastrophic Risks
Expansion Risks Cyber Security Risks Talent Management Risks

ECONOMIC RISKS dislocations, liquidity disruptions and and expenditures to minimise the
Changes in domestic, regional and market corrections. These and other risk of over-investment. Each of
global economic conditions may related events have had a significant the business units in our Group
have a material adverse effect on the impact on economic growth as has continuing cost management
demand for telecommunications, a whole and consequently, on programmes to drive improvements
information technology (IT) and consumer and business demand for in their cost structures.
related services, digital services, and telecommunications, IT and related
hence, on our financial performance services, and digital services. POLITICAL RISKS
and operations. Some of the countries in which
Our planning and management Group Consumer operates have
The global credit and equity markets review processes involve the experienced or continue to
have experienced substantial periodic monitoring of budgets experience political instability.
Annual report 2016 86

The continuation or re-emergence of as well as the risk of nationalisation. industry to propose changes and
such political instability in the future Any of these factors can materially provide feedback on regulatory
could have a material adverse effect and adversely affect our overseas reforms and developments in
on economic or social conditions investments. the telecommunications and
in those countries, as well as on the media industry.
ownership, control and condition of Consumer Australia, Consumer
our assets in those areas. Singapore and Group Enterprise are Access to Spectrum
impacted by the implementation We may need to access additional
Group Consumer is geographically of national broadband networks spectrum to support both organic
diversified with operations in in both Australia and Singapore. growth and the development of
Singapore, Australia and the In Singapore, the Infocomm new services. Access to spectrum is
emerging markets. We work closely Development Authority of Singapore critically important for supporting our
with the Management and our (IDA) has, in its implementation of business of providing mobile voice
partners in the countries where the Next Generation Nationwide and data. The use of spectrum in
we operate to leverage the local Broadband Network (Next Gen NBN), most countries where we operate is
expertise, knowledge and ability. designed a structure to level the regulated by government authorities
This way, we ensure compliance with playing field to make the benefits and requires licences. Failure to
the laws and are able to implement of the NextGenNBN available to all acquire access to spectrum or new
risk mitigation measures. industry players. This has significantly or additional spectrum on reasonable
altered the existing cost model of the commercial terms or at all could have
As Group Enterprise and Group industry and increased the level of a material adverse effect on our core
Digital Life expand their products competition from new entrants. In communications business, financial
and services across the region and Australia, the government is currently performance and growth plans.
around the world, exposure to undertaking a significant reform of
similar political risks may increase the fixed-line telecommunications Litigation Risks
in the future. sector, including the rollout of a We are exposed to the risk of
national broadband network (NBN) regulatory or litigation action by
REGULATORY RISKS AND to be operated on a wholesale-only regulators and other parties. Such
LITIGATION RISKS open access basis. It is possible regulatory matters or litigation
Regulatory Risks that the Australian governments actions may have a material effect
Our businesses depend on licences regulatory reforms, including on our financial condition and
issued by government authorities. legislation and the deployed NBN and results of operations. Examples of
Failure to meet regulatory commercial transactions relating to such litigation are disclosed in Notes
requirements could result in fines or the NBN, could ultimately lead to a to the Financial Statements under
other sanctions including, ultimately, sub-optimal or negative outcome Contingent Liabilities.
the revocation of licences. Our for Optus.
global operations are subject to We have put in place standard master
extensive government regulations, Our operations are also subject to supply agreements with vendors and
which may impact or limit our various other laws and regulations implemented contract policies to
flexibility to respond to market such as those relating to customer manage contractual arrangements
conditions, competition, new data privacy and protection, and with vendors and customers. The
technologies or changes in cost workplace safety and health. Failure policies provide the necessary
structures. Governments may to meet these regulations may empowerment framework for the
alter their policies relating to the affect our business and/or our CEOs, the Management Committee
telecommunications, IT, multimedia capacity to operate in line with our and the Board Committees to
and related industries, as well as the business objectives. approve any deviations from the
regulatory environment (including standard policies.
taxation) in which we operate. Such We have access to appropriate
changes could have a material regulatory expertise and staffing COMPETITIVE RISKS
adverse effect on our financial resources in Singapore and Australia We face competitive risks in all
performance and operations. and we work closely with the markets and business segments in
management and our partners in the which we operate.
Our overseas investments are also countries we operate in. We closely
subject to the risk of imposition of monitor new developments and Group Consumer Business
laws and regulations restricting the regularly participate in discussions The telecommunications market
level, percentage and manner of and consultations with the respective in Singapore is highly competitive.
foreign ownership and investment, regulatory authorities and the As new players enter the market
87 SingApore Telecommunications Limited

Risk Management
Philosophy and Approach

and regulation requires Singtel in Group Enterprise Business operations in both traditional and
Singapore to allow our competitors Business customers enjoy wide new digital services. This comes with
to have access to our networks, our choices for many of our services, considerable risks.
market share in some segments including fixed, mobile, cyber
and prices for certain products and security, cloud, managed services, IT Partnership Relations
services have declined. These trends services and consulting. Competitors The success of our strategic
may continue and intensify. include multinational IT and investments depends, to a large
telecommunications companies, extent, on our relationships with,
In the Australian mobile market, in while in Australia, the enterprise and the strength of our investment
addition to the incumbent operator, market is dominated by the partners. There is no guarantee that
a number of participants are incumbent. The quality and prices we will be able to maintain these
subsidiaries of international groups of these services can influence relationships or that our investment
and operators, and have made large a potential business customers partners will remain committed to
investments which are now sunk decision. Prices for some of these their partnerships.
costs. We are, therefore, exposed services have declined significantly
to the risk of irrational pricing being in recent years as a result of capacity Acquisition Risks
introduced by such competitors. additions and price competition. We continually look for investment
The consumer fixed-line services Such price declines are expected opportunities that can contribute to
market continues to be dominated to continue. our expansion strategy and develop
by the incumbent provider, which new revenue streams. Our efforts are
can leverage its scale and market Group Enterprise continues to focus challenged by the limited availability
position to restrict the development on offering companies comprehensive of opportunities, competition from
of competition. With the deployment and integrated infocomm technology other potential investors, foreign
of the Australian NBN, competition is (ICT) solutions and initiatives to ownership restrictions, government
expected to increase as new operators strengthen customer engagement. and regulatory policies, political
enter the market. This includes broadening our solution considerations and the specific
portfolio to cover new areas of preferences of sellers. We face
The operations of our regional customer needs, such as cloud challenges arising from integrating
mobile associates businesses are computing, cyber security and newly acquired businesses with our
also subject to highly competitive solutions for smart cities. own operations, managing these
market conditions. Their growth businesses in markets where we have
depends in part on the adoption of Group Digital Life Business limited experience and/or resources
mobile data services in their markets. The digital products and services and financing these acquisitions. We
Some of these markets have and we offer are primarily in the areas of also risk not being able to generate
could continue to experience digital marketing, digital video and synergies from these acquisitions,
keen price competition for mobile data analytics. Competition is intense, and the acquisitions becoming a
data services from smaller-scale with many over-the-top (OTT) drain on our management and
competitors, leading to lower operators offering services over the capital resources.
profitability and potential loss of internet and facing low entry barriers.
market share for our associates. The business strategies of some
Group Digital Life aspires to become of our regional mobile associates
Our business models and profits a significant global player in these involve expanding operations
are also challenged by disintermediation areas by delivering distinctive outside their home countries. These
in the telecommunications industry by products and services in the target associates may enter into joint
handset providers and non-traditional markets and launching them quickly ventures and other arrangements
telecommunications service providers to capture market share. We will with other parties. Such joint
who provide multimedia content, continue to harness our valuable ventures and other arrangements
applications and services directly assets, such as extensive customer involve risks, including, but not
on demand. knowledge, touch points, intelligent limited to, the possibility that thejoint
networks and the scale of our venture or investment partner may
Group Consumer is focused on customer base. have economic or business interests
driving efficiencies and innovation or goals that are not consistent with
via new technologies, products EXPANSION RISKS those of the associates. There is no
and services, processes and Given the size of the Singapore and guarantee that the regional mobile
business models to meet evolving Australia markets, our future growth associates can generate total
customer needs and strengthen depends, to a large extent, on our synergies and successfully build a
customer loyalty. ability to grow our overseas competitive regional footprint.
Annual report 2016 88

We adopt a disciplined approach applications and services, pay- and, as a result, incur additional
in our investment evaluation and TV, regional premium OTT video, capital expenditure.
decision-making process. Members content, managed services, cloud
of our management team are also services, cyber security, ICT, data Each business group faces the
directors on the boards of our analytics and digital marketing. ongoing risk of market entry
associates. In addition to sharing There is no assurance that we will be by new operators and service
network and commercial experience, successful in these ventures, which providers (including non-
best practices in the areas of may require substantial capital, new telecommunications players)
corporate governance and financial expertise, considerable process that, by using newer or lower-
reporting are also shared across or systems changes, as well as cost technologies, may succeed
the Group. organisational, cultural and mindset in rapidly attracting customers
changes. These businesses may away from established market
PROJECT RISKS also expose us to new areas of risks participants.
We incur substantial capital associated with themedia and online
expenditure in constructing and industries such as media regulation, Group Enterprise may incur
maintaining our networks and IT content rights disputes and customer substantial development expenditure
systems infrastructure. These data privacy and protection. to gain access to related or enabling
projects are subject to risks technologies to pursue new growth
associated with the construction, As new businesses place new opportunities in the ICT industry.
supply, installation and operation of demands on people, processes and The challenge is to modify our
equipment and systems. systems, we respond by continually network infrastructure in a timely
updating our organisation structure, and cost-effective manner to
The projects that we undertake as talent management and development facilitate such implementation,
contractors to operate and maintain programme, reviewing our policies failing which this could adversely
infrastructure are subject to the risks and processes, and investing in affect our quality of service,
of increased project costs, disputes new technologies to meet financial condition and results
and unexpected implementation changing needs. of operations.
delays, any of which can result
in an inability to meet projected TECHNOLOGY RISKS We continue to invest in upgrading,
completion dates or service levels. Rapid and significant technological modernising and equipping our
changes are typical in the systems with new capabilities to
Group Enterprise is a major IT service telecommunications and ICT ensure we continue to deliver
provider to governments and large industry. These changes may innovative and relevant services to
enterprises in the region. We face materially affect Group Consumer our customers.
potential project execution risks and Group Enterprises capital
when projects are not accurately expenditure and operating costs, VENDOR/SUPPLY CHAIN RISKS
scoped or the quality of service as well as the demand for products We rely on third-party vendors
performance is not up to customers and services offered by our and their extended supply chain in
specifications, resulting in over- business divisions. many aspects of our business for
commitments to customers, as well various purposes, including, but
as inadequate resource allocation Rapid technological advances may not limited to, the construction
and scheduling. These can lead to leave us with infrastructure and of our network, the supply of
cost overruns, project delays systems that are technically obsolete handsets and equipment, systems
and losses. before the end of their expected and application development
useful life. Technological changes services, content provision and
We have a project risk management may also reduce costs and expand customer acquisition. Accordingly,
framework in place, with processes the capacities of new infrastructure. our operations may be affected
for regular risk assessment, In the emerging markets in which by third-party vendors or their
performance monitoring and our associates operate, regulatory supply chain failing to perform their
reporting of key projects. practices, including spectrum obligations. In addition, the industry
availability, may not necessarily is dominated by a few key vendors
NEW BUSINESS RISKS synchronise with the technology for such services and equipment,
Beyond our traditional carriage progression path and the market and any failure or refusal by a key
business in Singapore and Australia, demand for new technologies. vendor to provide such services or
we are venturing into new These changes may require us to equipment, or any consolidation of
growth areas to create additional replace and upgrade our network the industry, may significantly affect
revenue streams, including mobile infrastructure to remain competitive our business and operations.
89 SingApore Telecommunications Limited

Risk Management
Philosophy and Approach

We monitor our relationships with We are exposed to the risks of cyber security breaches, to ensure timely
key vendors closely and develop attacks that can cause disruptions to response, internally and externally, to
new relationships to mitigate supply the network and services provided minimise impact.
risks. We have in place a Sustainable to customers, and cyber thefts
Supply Chain strategy and framework of sensitive and/or confidential FINANCIAL RISKS
to manage risks that may exist in our information, resulting in litigations The main risks arising from our
extended supply chain. from customers and/or regulatory financial assets and liabilities are
fines and penalties. foreign exchange, interest rate,
INFORMATION market, liquidity, access to financing
TECHNOLOGY RISKS To combat these threats, we adopt a sources and increased credit risks.
As our businesses and operations rely holistic approach by keeping abreast Financial markets continue to
heavily on information technology, of the threat landscape and business bevolatile and this may heighten
our Management has established the environment as well as implementing execution risk for funding activities
IT & Network Security Committee a multi-layered security framework to and credit risk premiums for
to provide oversight of all IT and ensure there are relevant preventive, marketparticipants.
network security risks, including detective and recovery measures.
cyber security threats and data We are exposed to foreign exchange
privacy breaches. The committee We have developed a security-first fluctuations from our operations
comprises members from the various mindset and have been building and through subsidiaries as well
IT and network domains, meets our capabilities organically, through as associated and joint venture
bi-monthly and reports directly to investments as well as partnerships companies operating in foreign
the Risk Management Committee. with best-of-breed technology countries. These relate to the
The committee develops appropriate partners to meet the diverse needs translation of the foreign currency
policies and frameworks to ensure of governments and enterprises. earnings and carrying values of our
information system security, reviews Group Enterprise has in September overseas operations. Additionally, a
the projects and initiatives on IT and 2015 completed the acquisition significant portion of associated and
network security, and reviews any IT of Trustwave, a leading US cyber joint venture company purchases and
security incidents. security services company which liabilities are denominated in foreign
enhances the Groups cyber security currencies, versus the local currency
We have established a Group capabilities.To date, we have over of the respective operations.
Information Security Policy for 1,800 security professionals, global This gives rise to changes in cost
managing risks associated with security operations and engineering structures and fair value gains or
information security in a holistic centres as well as a specialised losses when marked to market.
manner. The policy is developed team of ethical hackers and forensic
based on industry best practices and experts in assisting various businesses We have established policies,
is aligned with international standards to manage vulnerabilities and threats, guidelines and control procedures
such as ISO 27001. The policy covers achieve compliance with regulations to manage and report exposure
various aspects of IT risk governance, and implement secure solutions. to such risks. Our financial risk
including change management, management is discussed further
user access management, database BREACH OF PRIVACY RISKS on page 203 in Note 36 to the
configuration standards and disaster We seek to protect the privacy of Financial Statements.
recovery planning, and provides the our customers in our networks and
cornerstone for driving robust IT systems infrastructure. Significant ELECTROMAGNETIC
security controls across the Group. failure of security measures may ENERGY RISKS
undermine customer confidence and Health concerns have been raised
We have also established a Project materially impact our businesses. We globally about the potential exposure
Management Methodology to ensure may also be subject to the imposition to Electromagnetic Energy (EME)
that new systems are developed with of additional regulatory measures emissions through using mobile
appropriate IT security controls and relating to the security and privacy of handsets or being exposed to mobile
are subject to rigorous acceptance customer data. transmission equipment. While there
tests, including penetration testing, is no substantiated evidence of
prior to implementation. We have implemented security public health risks from exposure to
policies, procedures, technologies the levels of EME typically emitted
CYBER SECURITY RISKS and tools designed to minimise the from mobile phones, perceived
The scale and level of sophistication risk of privacy breaches. We have also health risks can be a concern for
of cyber security threats have established an escalation process our customers, the community, and
increased especially in recent times. for major incidents, which includes regulators. The perceived health
Annual report 2016 90

risks can result in reduced demand significantly disrupt our operations,


for mobile communications or which may materially adversely
concerns with local communities on affect our ability to deliver services to
the implementation of new mobile customers.
base stations which may impact
our mobile business and impact We have business continuity plans
revenues or may lead to litigation. as well as insurance policies in place.
In addition, government controls There is a defined crisis management
may be introduced to address and escalation process for our CEOs
this perceived risk, restricting and senior management to respond
our ability to deploy our mobile to emergencies and catastrophic
communications networks. events. However, our inability to
operate our networks or customer
We design and deploy our network support systems may have a material
to comply with the relevant impact on our business.
Government-mandated standards
for exposure to EME. Our standards TALENT MANAGEMENT RISKS
are based upon those recommended As we seek new avenues of growth,
by the International Commission on a key differentiator alongside access
NonIonizing Radiation Protection to innovation will be the ability to
(ICNIRP), which is a related agency attract and sustain talent including
of the World Health Organisation new skills and capabilities. The loss
(WHO). The ICNRP standards are of some or all of our key executives
adopted by many countries around or the inability to attract or retain key
the world and are considered best talent, could materially and adversely
practice. We continue to monitor affect our business.
research findings on EME, health
risks and their implications on We continue to invest in the skills of
relevant standards and regulations. our existing workforce and build up
our current and emerging capabilities
NETWORK FAILURE AND through external professional hires
CATASTROPHIC RISKS and targeted campus recruitment.
The provision of our services In order to develop and retain talent,
depends on the quality, stability, we conduct regular skills assessment
resilience and robustness of our in the critical business areas and
networks and systems. We face the set out structured developmental
risk of malfunction of, loss of, or roadmaps to fill new and emerging
damage to, network infrastructure skills gaps. We have a targeted
from natural or other uncontrollable development approach to cultivate
events such as acts of terrorism. young, emerging and future technical
Some of the countries in which we and business leaders through formal
and/or our regional mobile associates learning activities, coaching and
operate have experienced a number mentoring as well as providing
of major natural catastrophes over critical experiences such as
the years, including typhoons, international assignments, rotations
droughts and earthquakes. In and special projects.
addition, other events that are outside
our control and/or our regional
mobile associates, such as fire,
deliberate acts of sabotage, industrial
accidents, blackouts, terrorist attacks
or criminal acts, could damage, cause
operational interruptions or otherwise
adversely affect any of the facilities
and activities, as well as potentially
cause injury or death to personnel.
Such losses or damage may

Vous aimerez peut-être aussi