The purpose of Swisscom’s Enterprise Risk Management is to protect its enterprise value. It takes account of both external and internal events and is based on established standards COSO II and ISO 31000.
Head of Internal Audit
The Board of Directors is responsible for the establishment and monitoring of the group-wide assurance functions of Risk Management, Internal Control System, Compliance Management and Internal Audit. It is briefed comprehensively at least once a year so it can fulfil its tasks and responsibilities.
The Board of Directors has set the objective of protecting the company’s enterprise value through the implementation of Group-wide risk management. A corporate culture that promotes the conscious handling of risks facilitates the achievement of this objective. Accordingly, Swisscom has implemented a Group-wide, central risk management system that is based on ISO Standard 31000 and takes account of both external and internal events. Swisscom ensures comprehensive reporting at the relevant level and appropriate documentation. Its objective is to identify, assess and address significant risks and opportunities in a timely manner. To this end, the central Risk Management unit, which reports to both the CFO and Controlling, works closely with the Controlling and Strategy departments and other assurance functions and line functions. The risk management system is examined periodically by an external auditor. Swisscom assesses its risks in terms of the probability that they will occur and their likely quantitative and qualitative effects. It manages risks on the basis of a risk strategy. The risks are evaluated in terms of their impact on key performance indicators. Swisscom reviews and updates its risk profile on a quarterly basis. The Audit & ESG Reporting Committee and the Group Executive Board are provided with a report on risks every quarter. The Board of Directors and the Audit & ESG Reporting Committee are provided with in-depth information in April and December on significant risks, their potential effects and the status of remedial measures. In urgent cases, the Chairman of the Audit & ESG Reporting Committee is informed without delay about any significant new risks.
The internal control system (ICS) ensures the reliability of financial reporting with an appropriate degree of assurance. It acts to prevent, uncover and correct substantial errors in the consolidated financial statements, the financial statements of the Group companies and the remuneration report. The ICS encompasses the following internal control components: control environment, assessment of accounting risks, control activities, monitoring controls, information and communication. The Accounting department, which reports to the CFO, controls and monitors the ICS. Internal Audit periodically monitor the functioning and effectiveness of the ICS. Significant shortcomings in the ICS identified during the monitoring activities are reported together with the corrective measures in a status report to the Audit & ESG Reporting Committee twice a year and to the Board of Directors on an annual basis. Should the ICS risk assessment change significantly, the Chairman of the Audit & ESG Reporting Committee is informed without delay. Corrective measures to remedy the shortcomings are monitored centrally. The Audit & ESG Reporting Committee assesses the performance and effectiveness of the ICS on the basis of the periodic reporting.
The Group-wide central Compliance Management System (CMS) serves to prevent compliance violations in order to protect the Swisscom Group, its executive bodies and employees from legal sanctions, financial losses and reputational damage. It covers the legal areas of anti-corruption, money laundering, data protection and confidentiality, antitrust law, telecommunications legislation and stock exchange law. Swisscom redesigned its CMS in line with the ISO-37301 standard. The new Compliance Management Framework makes even more targeted improvements possible. The Group’s central compliance functions as well as the compliance officers and managers of the Group divisions and fully consolidated Group companies provide support to the line for the ongoing implementation of the CMS in specific legal areas. External auditors will now review the CMS for adequacy and effectiveness every four years. Furthermore, external auditors will continue to conduct a specific audit in the area money laundering law on an annual or biennial basis. Once a year, Group Compliance reports directly to the Audit & ESG Reporting Board of Director’s committee and to the Board of Directors on the function’s activities, compliance risk assessment and target achievement. In the event of significant changes in the assessment of compliance risks and in the event of potentially serious compliance violations, a timely report is sent to the Chairman of the Audit & ESG Reporting Committee as well as the Chairman of the Board of Directors.
Internal auditing is carried out throughout the Group by the Internal Audit division. Internal Audit supports the Swisscom Ltd Board of Directors and its Audit & ESG Reporting Committee in fulfilling their statutory and regulatory supervisory and controlling obligations. Internal Audit also supports management by highlighting opportunities for improving business processes and controls as well as the assurance functions. It documents the audit findings and monitors the implementation of measures. Internal Audit is responsible for planning and performing audits throughout the Group in compliance with professional auditing standards and has a high degree of independence. It is under the direct control of the Chairman of the Board of Directors and provides reports to the Audit & ESG Reporting Committee. At an administrative level, Internal Audit provides reports to the Head of Group Strategy & Board Services. Administratively, Internal Audit reports to the Head of Security & Corporate Affairs.
Internal Audit liaises closely and exchanges information with the external auditors. The external auditors have unrestricted access to the audit reports and audit files of Internal Audit. Based on a risk analysis and in close coordination with the external auditors, it prepares the integrated strategic audit plan annually and presents it to the Audit & ESG Reporting Committee for approval. Notwithstanding the above, the Audit & ESG Reporting Committee can commission special audits based on information received on the whistle-blowing platform operated by Internal Audit. This reporting procedure, which has been approved by the Audit & ESG Reporting Committee, allows complaints relating to external reporting and financial reporting, among other things, to be submitted anonymously to Internal Audit, which in turn ensures that these will be followed up. At its meetings, which are held at least quarterly, the Audit & ESG Reporting Committee is briefed on audit findings, the reports submitted to the whistle-blowing platform and the status of any corrective measures implemented. The Head of Internal Audit took part in all six meetings of the Audit & ESG Reporting Committee in 2022.
Swisscom implements certified management systems based on internationally accepted standards. These ensure that all of Swisscom's services are quality controlled and developed, simplified and improved systematically. Together, they form Swisscom’s integrated ISO / IEC management system and are periodically audited by external auditing company SGS.
At the behest of the Board of Directors, the Audit & ESG Reporting Committee verifies the qualifications, independence and performance of the statutory auditors as a state-supervised auditing firm. The statutory auditors are appointed annually by the Annual General Meeting. In 2019, PricewaterhouseCoopers AG (PwC) was appointed the new statutory auditor for Swisscom Ltd and its Group companies. Also Fastweb is audited by PricewaterhouseCoopers S.p.A.
Chairman of the Board of Directors
Risks are driven by changes in markets, competition, technology, the regulatory environment and government policy. The importance of traditional telecommunications services is declining. New services in the areas of digitisation and IT services are intended to compensate for lost revenue from the core business. Over the long term, the market trends will necessitate major changes in the approach to risks related to the business model, technology and human capital.
Infrastructure providers and service providers that do not have their own network infrastructure are driving competition, which is gaining momentum and exerting transformation pressure on the business. During this transformation, the complexity resulting from the parallel operation of old and new technologies has to be reduced to enable new, attractive services. Here, there is a risk that the revenue from the traditional telecoms business will not be secured sustainably during the transformation process, while technical complexity remains undiminished.
The manner in which regulations are implemented entails risks for Swisscom, which could have an adverse impact on the company’s financial position and results of operations. Sanctions by the Competition Commission could also reduce Swisscom’s operating results and cause reputational damage to the company. Finally, excessively high political demands (e.g. those imposed on universal service provision) threaten to fundamentally undermine the current competitive system.
Geopolitical developments pose the risk of sustained inflation, shortages of goods or delays in deliveries, as well as recession or stagflation in general. The limited availability of goods and the shortage of various components can lead to increased costs, delivery delays and reduced deliveries. To enable it to respond appropriately to geopolitical developments, Swisscom reviews and implements measures on an ongoing basis. It also pursues a successful hedging strategy, thereby minimising the risk of losses that can arise as a result of fluctuating foreign exchange rates.
Customer demand for broadband access is growing rapidly, as is the popularity of mobile devices and IP-based services (smartphones, IPTV, OTTs, etc.). Swisscom faces tough competition from cable companies and other network operators as it strives to meet current and future customer needs and defend its own market share. The network expansion this necessitates calls for major investments. To mitigate financial risks and ensure optimum network coverage, network expansion is geared towards population density and customer demand. Substantial risks would arise if Swisscom were forced to spend more on network expansion than planned or if projected long-term earnings were to fall. Swisscom minimises the risks by adapting the broadband expansion of the access network to changing conditions and technical opportunities on an ongoing basis.
The competitive dynamics in Italy carry risks that could have a detrimental impact on Fastweb’s strategy and jeopardise projected revenue growth. In particular, risks may arise in connection with the entry of new competitors in the market. Fastweb is countering this pressure by constantly adapting its services, organisation, processes and partnerships. Changes in the legal and regulatory environment can have a negative impact on business activities and thus also on the value of the firm.
Usage of Swisscom’s services is heavily dependent on technical infrastructure such as communications networks and IT platforms. Any major disruption to business operations poses a financial risk as well as a substantial reputational risk. Force majeure, natural disasters, human error, hardware or software failure, criminal acts by third parties (e.g. computer viruses, hacking) and the ever-growing complexity and interdependence of modern technologies can cause damage or interruption to operations. Built-in redundancy, contingency plans, deputising arrangements, alternative locations, careful selection of suppliers and other measures are designed to ensure that Swisscom can deliver the level of service that customers expect at all times. As a systemically important company, Swisscom also wants to do its part to minimise the risk of a power shortage.
Swisscom is switching from analogue telephony to the Internet Protocol (IP). This transformation should enable Swisscom to be more flexible and efficient. The experience with IP technology to date has been positive. Swisscom’s complex IT architecture entails risks during both the implementation and operating phases. These risks have the potential to delay the rollout of new services, increase costs and impact competitiveness. The transformation is being closely monitored by the Group Executive Board. The area of Internet security is marked by rapid development and change in technology, economics and society and in their interdependencies. Innovations and capabilities go hand in hand with new opportunities as well as new risks. Even if the rise in security threats posed by cyber attacks is making prevention increasingly difficult, the objective is to identify potential risks at an early stage, systematically document them and take appropriate steps to sustainably reduce them.
Electromagnetic radiation (e.g. from mobile antennas or mobile handsets) has repeatedly been claimed to be potentially harmful to the environment and health. Under the terms of the Ordinance on Protection from Non-Ionizing Radiation, Switzerland has adopted the precautionary principle It has introduced limits for base stations that are ten times stricter than both those prescribed by the WHO and the legal provisions in neighbouring countries, and they apply to all mobile frequencies (including 5G). The public’s wary attitude, in particular towards mobile antenna sites, is impeding Swisscom’s network expansion. Even without stricter legislation, public concerns about the effects of electromagnetic radiation on the environment and health could further hamper the construction of wireless networks in the future and drive up costs.
Swisscom is exposed to foreign exchange changes which can impact the Group’s cash flows, financial result and equity.
Interest rate risks result from changes in interest rates that can negatively impact cash flows and Swisscom's financial situation.
Through its operating business activities, derivative financial instruments and financial investments, Swisscom is exposed to the risk of default of a counterparty.
Prudent liquidity management involves the holding of adequate reserves of cash and cash equivalents, negotiable securities as well as the possibility of obtaining confirmed lines of credit.
Swisscom's partners provide goods and services in excess of CHF 2.9 billion annually. Swisscom attaches importance to fair and efficient partnerships with suppliers, who share its social and ecological goals and values. Swisscom works with these suppliers to protect the environment and improve working conditions.
More about supplier risk management(opens in new tab)
Fair supply chain
Swisscom condemns corruption of any kind. Swisscom's business activities are conducted in a fair, honest and transparent manner. Swisscom has taken many organisational precautions to avoid corruption. An anti-corruption directive and various guidelines define correct and incorrect conduct. Employees exposed to the risk of corruption receive special training. The Group Compliance division supervises implementation of the requirements. Finally, all employees can take advantage of a confidential anonymous whistleblowing system.
A fundamental pillar of Swisscom’s sustainability strategy is a coherent, responsible fiscal policy. Swisscom attaches importance to paying its fair share of taxes in every country in which it conducts business. Swisscom‘s earnings are allocated in compliance with local and international provisions and standards (such as OECD guidelines), and in observance of the arm’s length principle, to the countries in which the income was generated.
Income tax expense 2022 in CHF million: 316 Switzerland, 44 Italy
Income tax expense details(opens in new tab)
Swisscom Fiscal Principles (31 KB)(opens in new tab)