Annual report 2012

Operational risks

Operational risks are the risks of loss resulting from inadequate or failed internal processes, the conduct of people and the functioning of systems or from external events. 

Identified operational risks
Risk

Method of management  

Risks associated with the optimisation of human resources
  • Release of workers for business reasons, allocation of staff to areas with identified personnel deficits and the replacement of students with new employees.
Risks associated with an inappropriate organisational structure
  • Updating of the organisational structure in accordance with the proposals of directors.
  • Updating of the organisational structure in accordance with the results of the business process re-engineering project.
Risks associated with diminishing employee loyalty and commitment
  • Upgrading of the management by objective system, training and the development of managers at all levels; employee care.
Risks associated with the merging of two companies/cultures
  • Training programme for directors and managers regarding the integration of different cultures.
  • Appropriate communication with employees regarding strategic guidelines and the Group’s vision; establishment of common values and the communication thereof.
Risk of communication noise or misunderstandings in relations with the media, the internal, general and financial publics, and with other institutions.
  • Timely, unequivocal and clear messages from the Management Board, the Supervisory Board and the responsible experts.
  • Intensive building of media relations.
Legal risks associated with lawsuits and legislation
  • Active defence before the courts and the contesting of lawsuits, striving for out-of-court settlements of disputes, consultation with internal and external legal experts to avoid further lawsuits in sensitive business decisions.
  • Influencing legislative solutions through participation in the legislative process and through cooperation with government bodies by issuing expert proposals.
Risks in proceedings before the Competition Protection Office
  • Active defence in proceedings, consultation with external and internal legal experts in the adoption of sensitive business decisions.
Risks associated with the functioning and security of ICT networks and services
  • Updating of the business continuity plan, implementation of preventive measures with the aim of detecting possible problems and critical points, and testing and training of personnel to take the appropriate measures.
  • Enhancing and upgrading the ICT network and elements to increase resistance to possible network failures. Redundancy of key network elements.
  • Updated procedures for managing faults and implementing upgrades.
  • Appropriate public announcements.
Risks associated with planning and developing ICT technologies
  • Continuous monitoring of trends.
  • Testing and validation of solutions, the continuous acquisition of expertise from all areas.
Risks associated with the provision of support and maintenance for IT products
  • Internal reallocation of staff and appropriate training.
Risk of dependency on external service providers
  • Use of a Dual Vendor strategy whenever possible.
  • Optimisation of the intermediary network and upgrading of the system for remunerating intermediaries.
  • Definition of procedures for managing partners in the process of developing IT solutions, and the formalisation of the process of managing IT needs.
  • Moneta: catalogue of business processes of all participants, post-sales activities and concern for key providers, and attracting other major providers.
  • Development of long-term relationships with suppliers – strategic partnerships.
Risks associated with the non-functioning of connections and services provided by other entities
  • Continuous notification of operators with regard to planned works on networks, and the adaptation of IT systems to facilitate automatic notification.
  • Organisation of processes for monitoring and reporting indicators according to a service-level agreement (SLA) on leased networks.
  • Drafting of the process of defining standardised requirements demanded by Telekom Slovenije from network providers for newly leased networks.
Network and technology obsolescence risk
  • Preventive maintenance, replacement of critical elements, acquisition of additional backup equipment from equipment that has been removed, migration of services from the copper-based network to the fibre optic network.
  • Introduction of new technological solutions and upgrading of the network, taking into account real disposable resources.
Risk of abuse
  • Use and upgrading of abuse prevention systems (FMS).
  • Use of existing security systems to protect the Company’s facilities, improving the security culture of employees, introducing new technologies to increase the security of services.
Risks associated with losses due to the disclosure of trade secrets
  • Implementation of general acts and strengthening of the security culture.
  • Building of an appropriate communication culture to curb the uncontrolled outflow of information from the Company, which damages its reputation.
Revenue-loss risk in "Switch to Bill" processes
  • The introduction of a uniform system for preventing the outflow of revenues (“RAS – revenue assurance system”) for the Group.
Risks associated with the execution and quality of projects
  • Prioritisation, portfolio management and the high-quality drafting of projects.
  • Supervising project execution, the use of resources and the quality of project results on a number of levels using several methods.
  • Timely identification of projects in difficulty and the drafting of appropriate measures to rectify them.
Risks associated with process efficiency
  • The business process re-engineering project and the drafting of a business process methodology are both in progress.
Risks associated with quality assurance and environmental management
  • Plans for maintaining and upgrading formalised quality management systems, start-up activities for energy efficiency project and the monitoring of indicators.
Risk of damage/destruction of property – direct damage (e.g. natural disasters, fire, earthquake)
  • Risk is transferred to an insurance company through insurance coverage of the relevant amount.

 

Significance

Impact

Probability

Degree of risk

Risks associated with the optimisation of human resources 3 3 9
Risks associated with an inappropriate organisational structure 2 4 8
Risks associated with diminishing employee loyalty and commitment 2 2 4
Risks associated with the merging of two companies/cultures 1 2 2
Risk of communication noise 3 2 6
Legal risks associated with lawsuits and legislation 3 3 9
Risks in proceedings before the Competition Protection Office 4 2 8
Risks associated with the functioning and security of ICT networks and services 4 1 4
Risks associated with planning and developing ICT technologies 3 2 6
Risks associated with the provision of support and maintenance for IT products 2 2 4
Risk of dependency on external service providers 2 2 4
Risks associated with the non-functioning of connections and services provided by other entities 3 3 9
Network and technology obsolescence risk 2 1 2
Risk of abuse 2 2 4
Risks associated with losses due to the disclosure of trade secrets 3 2 6
Revenue-loss risk in “switch to bill” processes 3 3 9
Risks associated with the execution and quality of projects 2 3 6
Risks associated with process efficiency 3 2 6
Risks associated with quality assurance and environmental management 2 3 6
Risk of damage/destruction of property – direct damage 3 1 3