OTE Group has developed an Enterprise Risk Management (ERM) System that supports Management in its strategic decisions, through the identification, evaluation, communication and management of enterprise risks.
In this context, the OTE Group ERM System defines the strategy for monitoring, response and management of enterprise risks, in order to:
- Ensure that existing OTE Group risks are systematically identified, analyzed and evaluated and that information relevant to risks and corresponding opportunities is promptly communicated to the competent decision-making bodies.
- Record OTE Group response to identified risks as well as to evaluate mitigating alternatives (such as transfer the risk to third parties, e.g. insurance companies).
- Establish tolerance limits (thresholds) for each level of risk assessment and evaluation. In case these limits are exceeded, relevant reporting takes place.
- Implement a common methodology across the OTE Group for the identification, evaluation and management of enterprise risks.
Methodology
The OTE Group ERM System, whose main objective is to safeguard the smooth operation and the future corporate success of OTE Group, is based on the COSO ERM Framework and the international Standard ISO 31000:2018 "Risk Management - Guidelines".
At OTE Group, Risk Assessment is a structured process for risk identification, analysis, evaluation and management of enterprise risks, in order to ensure better decision making by the company's competent bodies and that appropriate mitigation has been developed to address these risks and monitor the implementation of relevant measures.
In this context, a common Risk Assessment methodology is being applied to all risk assessments that are being performed by business units, with specific criteria for risk evaluation and assessment, in accordance with the requirements of the Standard ISO 31000 and based on the unified ERM OTE Group methodology. The results of all individual risk assessments performed by business units and Group subsidiaries are included in the OTE Group Corporate Risk Register, for the systematic analysis and monitoring of enterprise risks, facilitating and supporting the implementation of effective risk management practices.
The OTE Group Enterprise Risk Management Framework is illustrated in the following figure:
RMS Operation
For the implementation of the ERM System, Risk Managers have been designated at the business units as well as at the Group subsidiary companies. The tasks of Risk Managers include the reporting and monitoring of the risks managed by their business units / subsidiary companies of the Group, in compliance with the OTE Group ERM methodology.
Moreover, the OTE Group Compliance, Enterprise Risks & Corporate Governance Committee has been established. The main purpose of the Committee is to support and monitor the implementation of the Compliance Management (CMS), Risk Management (RMS) and Corporate Governance Systems and human rights issues of the Group.
ERM Policies
In the context of implementation of the OTE Group Enterprise Risk Management System, the following Policies apply:
OTE Group Enterprise Risk and Insurance Management Policy
This policy describes the current requirements for enterprise risk and insurance management of the OTE Group and the associated responsibilities.
OTE Group Risk Appetite Statement
This Statement describes the approach of OTE Group companies’ management towards risk, taking into consideration the most significant risks to which OTE Group is exposed, in the context of OTE Group Enterprise Risk Management (ERM) framework, and defines as Risk Appetite, the level of risk which is considered by OTE Group as acceptable and justifiable in order to achieve its strategic goals.