Menu

Enterprise Risk Management

08/24/2015 - 00:45 PM

- + Text size
Print

In order to ensure a global approach to risk management, the Telecom Italia Group has adopted an Enterprise Risk Management (ERM) process, inspired by ISO 31000. This is a corporate risk governance tool used to identify, assess and manage risks.

Control Room Security

The Telecom Italia Group has adopted an Enterprise Risk Management (hereinafter ERM) Model which allows risks to be identified, assessed and managed uniformly within Group companies, highlighting potential synergies between the parties involved in assessing the Internal Control and Risk Management System.

The ERM process is designed to identify potential events that may influence the business, in order to manage risk within acceptable limits and provide a reasonable guarantee that business objectives will be achieved.

The process is managed by the ERM Steering Committee, which is chaired and coordinated by the head of the Administration, Finance and Control Department.

The Steering Committee meets every three months (or when specifically required) and is intended to ensure the governing of the Group risk management process, which is designed to guarantee the operational continuity of the company's business, monitoring the effectiveness of countermeasures adopted.

 The process adopted is cyclical and includes the following stages: :

  • defining the Risk Appetite, identifying the Risk Exposure and Risk Tolerance Threshold in relation to the planned objectives
  • identifying and Fine Tuning the Risk Universe of Telecom Italia, the Risk Universe being the document that contains a description of the main characteristics of all the risks identified, updated annually in order to confirm / integrate / edit the list of business risks.
  • Risk Assessment, for each risk considered in the Risk Universe a severity assessment is carried out in order to place it on 3X3 (Risk and Control Panel) matrix, which allows action priorities to be identified.
  • Identifying Relevant Risks and determining the Corporate Risk Profile
  • Activating mitigation actions on Relevant Risks and monitoring them over time;
  • Drawing up the Reporting Flows.

The results of this work allow greater awareness and protection of the business to be developed thanks to a more objective approach to risk exposure, to the connection between assessment activities and planning and capital allocation processes as well as to a timely verification of existing and/or future controls to mitigate the identified risks.