OTE Group has developed an Enterprise Risk Management (ERM) System that supports Management in its strategic decisions, through the identification, evaluation, communication and management of enterprise risks, including all strategic and operational mitigation and monitoring measures used in risk management.
The OTE Group ERM System is based on the COSO ERM standard and the ELOT ISO 31000:2009 "Risk Management - Principles and Guidelines" standard, while its main objective is to safeguard the smooth operation and the future corporate success of OTE Group. The OTE Group ERM System is certified according to ISO 31000 Standard in Greece for OTE and COSMOTE, as well as in Romania for Telekom Romania and Telekom Romania Mobile.
In this context, the OTE Group ERM System defines the strategy for monitoring, response and management of enterprise risks, in order to:
- Ensure that existing OTE Group risks are systematically identified, analyzed and evaluated and that information relevant to risks and corresponding opportunities is promptly communicated to the competent decision-making bodies.
- Record OTE Group response to risk identification, analysis, communication and management, as well as evaluating mitigating alternatives (such as transfer the risk to third parties, e.g. insurance companies).
- Establish tolerance limits (thresholds) for each level of risk assessment and evaluation. In case these limits are exceeded, relevant reporting takes place.
- Implement a common methodology across the OTE Group for the identification, evaluation and management of enterprise risks.
The OTE Group ERM monitors, facilitates and supports the implementation of effective risk management practices. The tasks of risk managers include the reporting and monitoring of the overall situation in the OTE Group risk portfolio, as well as compliance with the OTE Group ERM methodology in all business units and OTE Group subsidiaries. In addition, OTE Group ERM is responsible for the maintenance and continuous monitoring of the OTE Group Corporate Risk Register, which is the central repository of all Group risks.
OTE Group ERM submits, at least four (4) times a year or adhoc when necessary, the OTE Group Risk Report to the OTE Group Compliance, Enterprise Risks and Corporate Governance Committee for its review, assessment and submission to the competent corporate bodies, namely the OTE Audit Committee and the OTE Board of Directors. The OTE Group Risk Report, after thorough assessment and relevant consolidation, includes business units' and group subsidiaries' reports, and provides a detailed description and review of Group risks in the reporting period. Specifically, the Report includes the risk description and any new developments, the likelihood of occurrence and the financial impact in case of the risk's occurrence, the respective risk owner, the responsible mitigation owner, as well as any new developments concerning the mitigation measures to address the risk.
In OTE Group, Risk Assessment is a structured process for risk identification, analysis, evaluation and management of enterprise risks, in order to ensure better decision making by the company's competent bodies and that appropriate mitigation has been developed to address these risks and monitor the implementation of relevant measures. In this context, a common Risk Assessment methodology is being applied to all risk assessments that are being performed by business units, with specific criteria for risk evaluation and assessment, in accordance with the requirements of the Standard ISO 31000 and based on the unified ERM OTE Group methodology. The results of all individual risk assessments performed by business units and Group subsidiaries are included in the OTE Group Corporate Risk Register, for the systematic analysis and monitoring of enterprise risks.
In the context of implementation of the OTE Group Enterprise Risk Management System, the Enterprise Risk and Insurance Management Policy applies.