The purpose of Swisscom’s Enterprise Risk Management is to protect its enterprise value. It takes account of both external and internal events and is based on the established standard ISO 31000.
Klaus Rapp,
Head of Internal Audit
The Board of Directors is responsible for the establishment and monitoring of the group-wide assurance functions of Risk Management, Internal Control System, Compliance Management and Internal Audit. It is briefed comprehensively at least once a year so it can fulfil its tasks and responsibilities.
The Board of Directors has set the objective of protecting the company’s enterprise value through the implemen-tation of Group-wide risk management. A corporate culture that promotes the conscious handling of risks facilitates the achievement of this objective. Accordingly, Swisscom has implemented a Group-wide, central risk management system that is based on ISO Standard 31000 and takes account of both external and internal events. Swisscom maintains level-appropriate, comprehensive reporting and appropriate documentation. Its objective is to identify, assess and address significant risks and opportunities in good time. To this end, the central Risk Management unit, which reports to the Head of Group Security & Corporate Affairs, works closely with the Controlling and Strategy departments, other assurance functions and line functions. The risk management system is examined periodically by an external auditor. Swisscom assesses its risks in terms of the probability that they will occur and their quantitative and qualitative effects in the event that they do occur. It manages risks on the basis of a risk strategy. The risks are evaluated in terms of their impact on key performance indicators. Swisscom reviews and updates its risk profile on a quarterly basis. In April and December, the Head of Risk Management provides the Board of Directors and the Audit & ESG Reporting Committee with information on significant risks, the potential effects and the status of the corresponding measures. In urgent cases, the Chairman of the Audit & ESG Reporting Committee is informed without delay about any significant new risks. Once a year, the Head of Risk Management consults with the Audit & ESG Reporting Committee (without management involvement).
The internal control system (ICS) ensures the reliability of financial reporting with an appropriate degree of assurance. It acts to prevent, uncover and correct substantial errors in the consolidated financial statements, the financial statements of the Group companies and the Remuneration Report. The ICS encompasses the following components: control environment, assessment of accounting risks, control activities, monitoring controls, informa-tion and communication. The Accounting unit, which reports to the CFO, manages and monitors the ICS. Internal Audit periodically reviews the functioning and effectiveness of the ICS. Significant shortcomings in the ICS identified during these monitoring and review activities, including the corrective actions defined, are reported in the status report to the Audit & ESG Reporting Committee twice a year and to the Board of Directors on an annual basis. Should the ICS risk assessment change significantly, the Chairman of the Audit & ESG Reporting Committee is informed without delay. Appropriate corrective measures to remedy the shortcomings are monitored by the Accounting unit. The Audit & ESG Reporting Committee assesses the performance and effectiveness of the ICS on the basis of the periodic reporting. The internal control system for non-financial reporting is currently being set up. The 2024 Sustainability Impact Report was audited by SGS and compliance with the Global Reporting Initiative (GRI) was confirmed.
The Group-wide central Compliance Management System (CMS) is designed to prevent compliance violations in order to protect the Swisscom Group, its executive bodies and employees from legal sanctions, financial losses and reputational damage. The CMS covers the following legal areas: Anti-corruption, Money laundering and terrorism financing, Data protection and confidentiality, Competition law, Telecommunications law and Stock exchange law.
Swisscom enhanced its CMS in line with the ISO 37301 standard in 2024. The Group’s dedicated compliance functions as well as the compliance officers and compliance managers of the business divisions and fully consoli-dated subsidiaries provide support to the line for the ongoing implementation of the CMS in specific legal areas. External auditors review the CMS for adequacy and effectiveness every four years. Furthermore, external auditors will continue to conduct a specific audit in the area of money laundering law on an annual or biennial basis.
Once a year, Group Compliance reports directly to the Audit & ESG Reporting Board of Director’s committee and to the Board of Directors on its activities, compliance risk assessment and target achievement. In the event of significant changes in the assessment of compliance risks and in the event of potentially serious compliance violations, a timely report is sent to the Chairman of the Audit & ESG Reporting Committee and to the Chairman of the Board of Directors.
Internal auditing is carried out throughout the Group by the Internal Audit division. Internal Audit supports the Swisscom Ltd Board of Directors and its Audit & ESG Reporting Committee in fulfilling their statutory and regulatory supervisory and controlling obligations. Internal Audit also supports management by highlighting opportunities for improving business processes and controls as well as the assurance functions. It documents the audit findings and monitors the implementation of measures. Internal Audit is responsible for planning and performing audits throughout the Group in compliance with professional auditing standards and has a high degree of independence. It is under the direct control of the Chairman of the Board of Directors and provides reports to the Audit & ESG Reporting Committee. At an administrative level, Internal Audit provides reports to the Head of Group Strategy & Board Services. Administratively, Internal Audit reports to the Head of Group Security & Corporate Affairs. Once a year, the Head of Internal Audit consults with the Audit & ESG Reporting Committee (without management involvement).
Internal Audit liaises closely and exchanges information with the external auditors. The external auditors have unrestricted access to the audit reports and audit files of Internal Audit. Based on a risk analysis and in close coordination with the external auditors, Internal Audit prepares an audit plan annually and presents it to the Audit & ESG Reporting Committee for approval. Notwithstanding the above, the Audit & ESG Reporting Committee can commission special audits – and do so based on information received on the whistle-blowing platform operated by Internal Audit. This reporting procedure, which has been approved by the Audit & ESG Reporting Committee, allows complaints relating to external reporting and financial reporting, among other things, to be submitted anonymously to Internal Audit, which ensures that these will be followed up. At the meetings, which are held at least quarterly, the Audit & ESG Reporting Committee is briefed on audit findings, the reports submitted to the whistle-blowing platform and the implementation status of the audit plan. The Head of Internal Audit took part in all five meetings of the Audit & ESG Reporting Committee in 2024.
Swisscom implements certified management systems based on internationally accepted standards. These ensure that all of Swisscom's services are quality controlled and developed, simplified and improved systematically. Together, they form Swisscom’s integrated ISO / IEC management system and are periodically audited by external auditing company SGS.
At the behest of the Board of Directors, the Audit & ESG Reporting Committee verifies the qualifications, independence and performance of the statutory auditors as a state-supervised auditing firm. The statutory auditors are appointed annually by the Annual General Meeting. Since 2019 PricewaterhouseCoopers AG (PwC) is the statutory auditor for Swisscom Ltd and its Group companies. Also, Fastweb is audited by PricewaterhouseCoopers S.p.A.
Michael Rechsteiner,
Chairman of the Board of Directors
Risks are driven by changes in markets, competition, technology, the regulatory environment and government policy. The importance of traditional telecommunications services is declining. New services in the areas of digitisation and IT services are intended to compensate for lost revenue from the core business. Over the long term, the market trends will necessitate major changes in the approach to risks related to the business model, technology and human capital.
Infrastructure providers and service providers that don’t have their own network infrastructure are driving the com-petitive dynamics. Swisscom is countering this pressure and the development of revenue from the traditional telecoms business by transforming the company, as well as through constant innovation. Megatrends such as increasing connectivity, customisation of customer needs, and demographic change are shaping and altering both society and the economy and have a long-term impact on the activities of Swisscom. Swisscom conducts a com-prehensive external environment analysis at least once a year in order to identify potential disruptions at an early stage. It uses the future trends and developments identified by the analysis in a targeted manner: for example, to categorise new, potentially disruptive developments and to model possible scenarios in a timely manner. Swisscom also produces regular analyses of the economic and regulatory environment. It also examines the activities of global internet corporations in greater depth to identify relevant changes and respond with appropriate measures. To respond to changes in the market, Swisscom consistently focuses on customer needs when transforming its own company and optimises or adapts its processes and its organisation.
The manner in which regulations are implemented entails risks for Swisscom, which could have an adverse impact on the company’s financial position and results of operations. Sanctions by the Competition Commission could also reduce Swisscom’s operating results and cause reputational damage to the company. Finally, excessively high political demands threaten to fundamentally undermine the current competitive system. Swisscom’s wide range of business activities, coupled with the complexity of the applicable regulations, calls for an effective compliance management system (CMS). Swisscom’s central CMS covers the entire Group. It was audited by an independent auditor in accordance with ISO 37301 (compliance management systems) during the year under review.
Swisscom pursues a successful hedging strategy, thereby minimising the risk of losses that can arise as a result of fluctuating foreign exchange rates. Geopolitical developments also pose the risk of inflation, shortages of goods or delays in deliveries, and recession in general. Changes in the geopolitical situation have put the need to protect critical infrastructure on the political agenda. A new parliamentary motion calls for a legal basis for, if necessary, banning technical equipment components from countries where state or state-related institutions exert control over industry. To enable it to respond appropriately to geopolitical developments, Swisscom reviews and implements measures on an ongoing basis.
Customer demand for broadband access is growing in proportion to the growing popularity of devices and IP-based (Internet Protocol-based) services (smartphones, IPTV, OTTs, etc.). Swisscom faces tough competition from cable companies and other network operators as it strives to meet current and future customer needs and defend its own market share. The network expansion this necessitates calls for major investments. To mitigate financial risks and ensure optimum network coverage, network expansion is geared towards population density and customer demand. Swisscom enters into partnerships for network expansion. Substantial risks would arise if Swisscom were forced to spend more on network expansion than planned or if projected long-term earnings were to fall. Swisscom minimises the risks by adapting the broadband expansion of the access network to changing conditions and technical opportunities on an ongoing basis.
The competitive dynamics in Italy carry risks that have a detrimental impact on Fastweb’s strategy and could jeopardise projected revenue growth as a result. Fastweb is countering this pressure by constantly adapting its services, organisation, processes and partnerships. In the year under review, Swisscom acquired Vodafone Italia, which is to be merged with Fastweb as a result. This will create a leading convergent provider in the Italian market, which will be able to remain robust in the face of external risks thanks to expected synergy effects. Changes in the legal and regulatory environment can have a negative impact on business activities and thus on the value of the company.
Usage of Swisscom Switzerland’s and Fastweb’s services is heavily dependent on technical infrastructure such as communications networks and IT platforms. Any major disruption to business operations poses a financial risk as well as a substantial reputational risk. Force majeure, natural disasters, human error, hardware or software failure, criminal acts by third parties (e.g. computer viruses, hacking activities), power outages, power shortages and the ever-growing complexity and interdependence of modern technologies can cause damage or interruption to operations. Built-in redundancy, contingency plans, deputising arrangements, alternative locations, careful selection of suppliers and other measures are designed to ensure that Swisscom can deliver the level of service that customers expect at all times. As a systemically important company, Swisscom also wants to do its part to minimise the risk of a power shortage. Swisscom was certified in accordance with ISO 22301 (business continuity management) in the reporting year.
Swisscom’s complex IT architecture entails risks during both the implementation and operating phases. These risks have the potential to delay the rollout of new services, result in additional costs and impact Swisscom’s competitiveness. The transformation is being closely monitored by the Group Executive Board. Changes and developments in technology, the economy and society interact to shape the area of Internet security because continuous innovations and the opportunities they bring lead not only to opportunities, but also to new risks. Despite the fact that preventing cyber attacks is becoming increasingly difficult due to the rise in the number of potential threats, the objective is to identify these risks at an early stage, systematically document them and take appropriate steps to sustainably reduce them.
In the year under review, claims were again made that electromagnetic radiation (e.g. from mobile antennas or mobile handsets) is potentially harmful to health. Under the terms of the Ordinance on Non-Ionising Radiation (ONIR), Switzerland has adopted a precautionary principle and introduced limits for base stations in sensitive areas such as homes, schools, hospitals and permanent workplaces that are ten times stricter than those prescribed by the WHO. The public’s wary attitude towards 5G, particularly if questions arise concerning locations for mobile communication antennas, is impeding Swisscom’s network expansion. Even without stricter legislation, public concerns about the effects of electromagnetic radiation on the environment and health could further hamper the construction of wireless networks in the future and drive up costs.
Swisscom is exposed to foreign exchange changes which can impact the Group’s cash flows, financial result and equity.
Risk mitigation measures
Interest rate risks result from changes in interest rates that can negatively impact cash flows and Swisscom's financial situation.
Risk mitigation measures
Through its operating business activities, derivative financial instruments and financial investments, Swisscom is exposed to the risk of default of a counterparty.
Risk mitigation measures
Prudent liquidity management involves the holding of adequate reserves of cash and cash equivalents, negotiable securities as well as the possibility of obtaining confirmed lines of credit.
Risk mitigation measures
Swisscom's partners provide goods and services in excess of CHF 3.4 billion annually. Swisscom attaches importance to fair and efficient partnerships with suppliers, who share its social and ecological goals and values. Swisscom works with these suppliers to protect the environment and improve working conditions.
Swisscom condemns corruption of any kind. Facilitation payments are also prohibited. Swisscom's business activities are conducted in a fair, honest and transparent manner. Swisscom has taken many organisational precautions to avoid corruption. An anti-corruption directive and various guidelines define correct and incorrect conduct. Employees exposed to the risk of corruption receive special training. The Group Compliance division supervises implementation of the requirements. Finally, all employees can take advantage of a confidential anonymous whistleblowing system.
A fundamental pillar of Swisscom’s sustainability strategy is a coherent, responsible fiscal policy. Swisscom attaches importance to paying its fair share of taxes in every country in which it conducts business. Swisscom‘s earnings are allocated in compliance with local and international provisions and standards (such as OECD guidelines), and in observance of the arm’s length principle, to the countries in which the income was generated.
Income tax expense details
Swisscom Fiscal Principles (31 KB)