Risk Management
The telecommunications sector faces significant challenges, chiefly the diminishing demand for voice services juxtaposed with an exponential increase in data consumption, a trend hastened by the recent pandemic. This rapid digital transition, propelled by disruptive technologies, redefines traditional revenue models and necessitates swift innovation among telecom providers.
In an increasingly saturated market, differentiation through unmatched service offerings becomes paramount. Concurrently, significant investments in infrastructure, rigorous data protection protocols, and adherence to regulatory frameworks are non-negotiable. Telecom enterprises must navigate this transformation by promptly adapting, broadening their service portfolios, and delivering frictionless customer experiences to secure a competitive advantage. stc’s risk management is integral to its strategic framework, informing business planning and performance evaluation and embedding risk considerations into critical decision-making processes to maximize impact.
Enterprise risk management governance
The Board of Directors ensures the highest standard of corporate governance is maintained by regularly reviewing governance development best practices and making certain these are duly adopted. As a result, the Board has established the Board Risk Committee, which plays a key role in overseeing the implementation of the enterprise risk management (ERM) framework, risk strategy and related risk management policies, as well as monitoring stc’s risk management system, reviewing the top risks, and the management of those risks. The risk management function is independent and separate from stc’s business groups and sectors; it has completed its first wave of measures this year as per the Boardapproved risk strategy to uplift current practices and maturity.
Enterprise risk management framework
The ERM framework provides guiding principles for proactively managing business risks through a comprehensive and dynamic system designed to identify, assess, prioritize and mitigate risks effectively across stc operations. The ERM process is embedded within stc as this allows us to take a holistic approach and make meaningful comparisons to support the delivery of strategic objectives. Quarterly risk assessment is a core part of this process. The risk framework clearly defines roles and responsibilities and sets out a consistent end-to-end process for identifying and managing risks.
stc’s approach is continuously enhanced, enabling more dynamic risk detection, modeling of risk interconnectedness, and the use of data, all of which are improving its risk visibility and responses. A standard risk scoring methodology has been devised to provide context and ensure consistency in reporting and evaluating risks. The output from this process is consolidated to determine the principal risks and uncertainties for stc Group.
Emerging risks are considered part of the risk assessment process and identified through horizon scanning, continual dialogue with the business and keeping abreast of market and industry changes. A summary of identified emerging risks is presented to the Board Risk Committee and Board for assessment, and these risks are consistently monitored as part of our ongoing risk management processes. Some of these emerging risks include ESG regulatory changes, technology innovation and business disruption.
Risk management highlights
Throughout the preceding year, stc attained significant milestones within its risk management initiatives, a testament to its unwavering commitment to cultivating a proactive, risk-aware culture, and implementing stringent risk management strategies. Notably, it augmented its risk culture via comprehensive, quarterly training sessions for designated risk champions, equipping them with the requisite knowledge and insight essential for the identification and management of risks pertinent to their domains. Furthermore, specialized training sessions have been conducted under the auspices of the stc Academy, ensuring a universal and thorough grasp of risk management principles and practices across the organization.
A pivotal achievement during this period was the successful deployment of its risk management system. This technological leap forward is designed to automate and streamline the entirety of the risk management process. The system has refined stc’s procedures for risk identification, assessment and mitigation. With the aid of advanced automation technology, it are now equipped to swiftly address emerging risks and implement mitigation strategies, significantly bolstering its resilience against risk.
In its relentless quest for excellence, stc has made considerable progress in strengthening its control mechanisms and reinforcing its risk mitigation tactics. Over the past year, its concerted efforts have been directed towards refining its risk management framework, enhancing internal controls, and ensuring the robustness of its mitigation plans. Through meticulous alignment of its controls with the pinnacle of industry best practices and regulatory standards, it has not only fortified the organization, but also empowered it to pursue its strategic objectives with heightened confidence and exactitude.
Principal risks
As a leading entity in the global telecommunications and information technology arena, stc navigates a landscape rife with uncertainties and rapid change. Success in this dynamic environment is predicated on its proactive anticipation of potential developments and the systematic identification, evaluation and management of the consequent risks and opportunities. stc regards an efficacious risk and opportunity management system as an indispensable component of its valuedriven corporate governance. In the risk evaluation phase, it categorizes risks into corporate, technology, operational, financial and compliance domains. This classification enhances its comprehension of each risk’s unique characteristics and informs its management approach, allowing it to craft tailored oversight and assurance strategies.
The material risks that could affect stc are outlined below, including any material exposure to environmental or social risks, and how it seeks to manage them. The risk management process reflects the most significant risks identified at the entity level.
Cybersecurity threats
Data privacy
Resilience following disaster, crisis or events impacting business continuity
Unfavorable regulatory changes impacting its current business model
Supply chain disruptions
Strategy implementation in a dynamic market
