Head of Internal Audit
The Board of Directors is responsible for the establishment and monitoring of the group-wide assurance functions of Risk Management, Internal Control System, Compliance Management and Internal Audit. It is briefed comprehensively at least once a year so it can fulfil its tasks and responsibilities.
The Board of Directors has set the objective of protecting the company’s enterprise value through the implementation of Group-wide risk management. A corporate culture that promotes the conscious handling of risks facilitates the achievement of this objective. Accordingly, Swisscom has implemented a Group-wide, central risk management system that is based on ISO Standard 31000 and takes account of both external and internal events. Swisscom ensures comprehensive reporting at the relevant level and appropriate documentation. Its objective is to identify, assess and address significant risks and opportunities in a timely manner. To this end, the central Risk Management unit, which reports to both the CFO and Controlling, works closely with the Controlling and Strategy departments and other assurance functions and line functions. The risk management system is examined periodically by an external auditor. Swisscom assesses its risks in terms of the probability that they will occur and their likely quantitative and qualitative effects. It manages risks on the basis of a risk strategy. The risks are evaluated in terms of their impact on key performance indicators. Swisscom reviews and updates its risk profile on a quarterly basis. The Audit & ESG Reporting Committee and the Group Executive Board are provided with a report on risks every quarter. The Board of Directors and the Audit & ESG Reporting Committee are provided with in-depth information in April and December on significant risks, their potential effects and the status of remedial measures. In urgent cases, the Chairman of the Audit & ESG Reporting Committee is informed without delay about any significant new risks.
The internal control system (ICS) ensures the reliability of financial reporting with an appropriate degree of assurance. It acts to prevent, uncover and correct substantial errors in the consolidated financial statements, the financial statements of the Group companies and the remuneration report. The ICS encompasses the following internal control components: control environment, assessment of accounting risks, control activities, monitoring controls, information and communication. The Accounting department, which reports to the CFO, controls and monitors the ICS. Internal Audit periodically monitor the functioning and effectiveness of the ICS. Significant shortcomings in the ICS identified during the monitoring activities are reported together with the corrective measures in a status report to the Audit & ESG Reporting Committee twice a year and to the Board of Directors on an annual basis. Should the ICS risk assessment change significantly, the Chairman of the Audit & ESG Reporting Committee is informed without delay. Corrective measures to remedy the shortcomings are monitored centrally. The Audit & ESG Reporting Committee assesses the performance and effectiveness of the ICS on the basis of the periodic reporting.
The Board of Directors has set the objective of safeguarding the Swisscom Group and its executive bodies and employees from legal sanctions, financial losses and reputational damage by ensuring Group-wide compliance. A corporate culture that promotes willingness to behave in a way that complies with the relevant regulations facilitates the achievement of this objective. The principles underlying this are laid down in the Code of Conduct approved by the Board of Directors. Swisscom has therefore implemented a Group-wide, central compliance system. Within the framework of this system, every year, Group Compliance applies a risk-based approach towards identifying areas of legal compliance that require monitoring by the central system. Within these areas of legal compliance, the business activities of the Group companies are reviewed periodically in a proactive manner in order to identify risks in good time and determine the required corrective measures. The employees affected are informed of the measures and their implementation is monitored. The decentralised compliance units independently monitor compliance with the areas of law for which they are responsible and report to Group Compliance. Once every year, Group Compliance reviews the appropriateness and effectiveness of the system. In certain areas, an annual audit of the implemented measures is also performed by external auditors (financial intermediation in accordance with the Anti-Money Laundering Act). Group Compliance reports to the Audit & ESG Reporting Committee and the Board of Directors once a year on its activities and its risk assessments. Should there be significant changes in the risk assessment or if serious breaches are identified, the Chairman of the Audit & ESG Reporting Committee e is informed immediately.
The Internal Audit division is responsible for internal auditing. Internal Audit supports the Swisscom Ltd Board of Directors and its Audit & ESG Reporting Committee in fulfilling their statutory and regulatory supervisory and controlling obligations. Internal Audit also supports management by highlighting potential areas of improvement for business processes and the assurance functions. It documents the audit findings and monitors the implementation of measures. Internal Audit is responsible for planning and performing audits throughout the Group in compliance with professional auditing standards and has a high degree of independence. It is under the direct control of the Chairman of the Board of Directors and provides reports to the Audit & ESG Reporting Committee. At an administrative level, Internal Audit provides reports to the Head of Group Strategy & Board Services.
Internal Audit liaises closely and exchanges information with the external auditors. The external auditors have unrestricted access to the audit reports and audit files of Internal Audit. The integrated strategic audit plan, which includes the coordinated annual plan of both the internal and external auditors, is prepared annually on the basis of a risk analysis and presented to the Audit & ESG Reporting Committee for approval. Notwithstanding the above, the Audit & ESG Reporting Committee can commission special audits based on information received on the whistle-blowing platform operated by Internal Audit. This reporting procedure, which has been approved by the Audit & ESG Reporting Committee, allows complaints relating to external reporting and financial reporting, among other things, to be submitted anonymously to Internal Audit, which in turn ensures that these will be followed up. At its meetings, which are held at least quarterly, the Audit & ESG Reporting Committee is briefed on audit findings, the reports submitted to the whistle-blowing platform and the status of any corrective measures implemented. The Head of Internal Audit took part in all six meetings of the Audit & ESG Reporting Committee in 2021.
Swisscom implements certified management systems based on internationally accepted standards. These ensure that all of Swisscom's services are quality controlled and developed, simplified and improved systematically. Together, they form Swisscom’s integrated ISO / IEC management system and are periodically audited by external auditing company SGS.
At the behest of the Board of Directors, the Audit & ESG Reporting Committee verifies the qualifications, independence and performance of the statutory auditors as a state-supervised auditing firm. The statutory auditors are appointed annually by the Annual General Meeting. In 2019, PricewaterhouseCoopers AG (PwC) was appointed the new statutory auditor for Swisscom Ltd and its Group companies. Fastweb is already audited by PricewaterhouseCoopers S.p.A.
Chairman of the Board of Directors
Risks are driven by changes in markets, competition, technology, the regulatory environment and government policy. The importance of traditional telecommunications services is declining. New services in the areas of digitisation and IT services are intended to compensate for lost revenue from the core business. Over the long term, the market trends will necessitate major changes in the approach to risks related to the business model, technology and human capital.
Infrastructure providers and service providers that do not have their own network infrastructure are driving competition, which is gaining momentum and exerting transformation pressure on the business. During this transformation, the complexity resulting from the parallel operation of old and new technologies has to be reduced to enable new, attractive services. Here, there is a risk that the revenue from the traditional telecoms business will not be secured sustainably during the transformation process, while technical complexity remains undiminished.
The manner in which regulations are implemented entails risks for Swisscom, which could have an adverse impact on the company’s financial position and results of operations. Sanctions by the Competition Commission could also reduce Swisscom’s operating results and cause reputational damage to the company. Finally, excessively high political demands (e.g. those imposed on universal service provision) threaten to fundamentally undermine the current competitive system.
Customer demand for broadband access is growing rapidly, as is the popularity of mobile devices and IP-based services (smartphones, IPTV, OTTs, etc.). Swisscom faces tough competition from cable companies and other network operators as it strives to meet current and future customer needs and defend its own market share. The network expansion this necessitates calls for major investments. To mitigate financial risks and ensure optimum network coverage, network expansion is geared towards population density and customer demand. Substantial risks would arise if Swisscom were forced to spend more on network expansion than planned or if projected long-term earnings were to fall. Swisscom minimises the risks by adapting the broadband expansion of the access network to changing conditions and technical opportunities on an ongoing basis.
Constant changes in background conditions and markets mean that corporate culture also has to adapt. The key challenges in this context lie in maintaining employee motivation and high staff loyalty despite the pressure on costs, as well as managing growth and efficiency, increasing employees’ ability to adapt and renew their skills, and ensuring that Swisscom remains an attractive employer.
The competitive dynamics in Italy carry risks that could have a detrimental impact on Fastweb’s strategy and jeopardise projected revenue growth. In particular, risks may arise in connection with the entry of new competitors in the market. Fastweb is countering this pressure by constantly adapting its services, organisation, processes and partnerships. Changes in the legal and regulatory environment can have a negative impact on business activities and thus also on the value of the firm.
Usage of Swisscom’s services is heavily dependent on technical infrastructure such as communications networks and IT platforms. Any major disruption to business operations poses a financial risk as well as a substantial reputational risk. Force majeure, natural disasters, human error, hardware or software failure, criminal acts by third parties (e.g. computer viruses, hacking) and the ever-growing complexity and interdependence of modern technologies can cause damage or interruption to operations. Built-in redundancy, contingency plans, deputising arrangements, alternative locations, careful selection of suppliers and other measures are designed to ensure that Swisscom can deliver the level of service that customers expect at all times.
Swisscom is switching from analogue telephony to the Internet Protocol (IP). This transformation should enable Swisscom to be more flexible and efficient. The experience with IP technology to date has been positive. Swisscom’s complex IT architecture entails risks during both the implementation and operating phases. These risks have the potential to delay the rollout of new services, increase costs and impact competitiveness. The transformation is being closely monitored by the Group Executive Board. The area of Internet security is marked by rapid development and change in technology, economics and society and in their interdependencies. Innovations and capabilities go hand in hand with new opportunities as well as new risks. Even if the rise in security threats posed by cyber attacks is making prevention increasingly difficult, the objective is to identify potential risks at an early stage, systematically document them and take appropriate steps to sustainably reduce them.
Electromagnetic radiation (e.g. from mobile antennas or mobile handsets) has repeatedly been claimed to be potentially harmful to the environment and health. Under the terms of the Ordinance on Protection from Non-Ionizing Radiation, Switzerland has adopted the precautionary principle It has introduced limits for base stations that are ten times stricter than both those prescribed by the WHO and the legal provisions in neighbouring countries, and they apply to all mobile frequencies (including 5G). The public’s wary attitude, in particular towards mobile antenna sites, is impeding Swisscom’s network expansion. Even without stricter legislation, public concerns about the effects of electromagnetic radiation on the environment and health could further hamper the construction of wireless networks in the future and drive up costs.
Climate change poses risks for Swisscom. These risks are driven by changes in the legal framework and in physical climatic parameters (increased levels of precipitation, higher average temperatures and temperature extremes, and melting permafrost) and by other economic and reputational factors. The resulting developments could impact the operability of Swisscom’s telecoms infrastructure, particularly in view of the potential risk to base stations, transmitter stations and local exchanges. The analysis of the risks posed by climate change is largely based on the official reports of the Federal Office for the Environment (FOEN) on climate change (CH2018 Climate Scenarios). Swisscom also publishes its own annual climate report.
Swisscom is exposed to foreign exchange changes which can impact the Group’s cash flows, financial result and equity.
Interest rate risks result from changes in interest rates that can negatively impact cash flows and Swisscom's financial situation.
Through its operating business activities, derivative financial instruments and financial investments, Swisscom is exposed to the risk of default of a counterparty.
Prudent liquidity management involves the holding of adequate reserves of cash and cash equivalents, negotiable securities as well as the possibility of obtaining confirmed lines of credit.
Swisscom's partners provide goods and services in excess of CHF 2.7 billion annually. Swisscom attaches importance to fair and efficient partnerships with suppliers, who share its social and ecological goals and values. Swisscom works with these suppliers to protect the environment and improve working conditions.
Swisscom condemns corruption of any kind. Swisscom's business activities are conducted in a fair, honest and transparent manner. Swisscom has taken many organisational precautions to avoid corruption. An anti-corruption directive and various guidelines define correct and incorrect conduct. Employees exposed to the risk of corruption receive special training. The Group Compliance division supervises implementation of the requirements. Finally, all employees can take advantage of a confidential anonymous whistleblowing system.
A fundamental pillar of Swisscom’s sustainability strategy is a coherent, responsible fiscal policy. Swisscom attaches importance to paying its fair share of taxes in every country in which it conducts business. Swisscom‘s earnings are allocated in compliance with local and international provisions and standards (such as OECD guidelines), and in observance of the arm’s length principle, to the countries in which the income was generated.
Income tax expense 2021 in CHF million: 239 Switzerland, (20) Italy