Blackberry 2016 Annual Report Download - page 28

Download and view the complete annual report

Please find page 28 of the 2016 Blackberry annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 138

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138

Table of Contents
19
Risk Management Framework Policy and Risk Appetite
The Company’s risk management framework policy defines responsibilities for the identification, assessment, management and
reporting of risks, and sets out expectations for ownership, resource assignment and compliance. The scope of the framework
embraces internal functions as well as those activities for which the Company engages support from third parties.
To support the risk management framework and risk oversight activities, the Company maintains a risk appetite statement that
defines, by category of risk, the Company’s tolerance for risk-taking having regard to potential rewards and overall business
strategies and objectives. The Company risk profile is regularly assessed against the risk appetite statement. The risk appetite
statement is reviewed and updated as the Company’s business strategy and operating environment evolves.
Risk Governance and Oversight
The Company utilizes a “three lines of defense” governance structure to clearly define how the responsibility for risk management
activities is assigned:
The first line of defense for managing risks resides with the management of each business unit. Risk exposures are
identified and mitigated at a granular level through various ongoing management activities including business planning,
operations management, reporting, and process improvement projects.
Oversight of business unit management is provided by the second line of defense, the Security Risk and Compliance
Committee (“SRCC”), which meets at least quarterly and is supported by various compliance, security and control
functions. The SRCC is composed of manager representatives from each major business group and provides strategic
direction by defining key policies, identifying emerging risk trends, and sponsoring training.
The risk performance and audit group comprises the third line of defense, providing independent assurance to assess the
effectiveness of the Company’s risk management program including the governance, risk and internal control activities
conducted by the first two lines of defense.
Additional governance and oversight is provided by the risk management and compliance council (“RMCC”), a council of internal
senior leaders which oversee the risk management activities undertaken by business group management and the SRCC. The
RMCC meets at least quarterly with the Chief Risk Officer serving as the Chair. The RMCC reviews the Company’s risk profile,
risk criteria and limits, and monitors remediation activities to address gaps. The RMCC also approves the risk appetite statement
and promotes a culture of risk management and compliance across the Company.
In addition, the Audit and Risk Management Committee of the Board, pursuant to its charter, is responsible for overseeing all
aspects of risk management at the Company, including the annual risk management plan, risk compliance, the risk performance
and audit function and the controls, processes and policies used to manage the Company’s Risk. The Chief Risk Officer
provides regular reporting to the Board and the Audit and Risk Management Committee on the Company’s risk profile and the
activities overseen by the RMCC.
RISK FACTORS
Investors in the Company’s common shares should carefully consider the following risks, as well as the other information
contained in this AIF and in the Company’s MD&A for the fiscal year ended February 29, 2016. If any of the following risks
actually occurs, the Company’s business could be materially harmed. The risks and uncertainties described below are not the
only ones the Company faces. Additional risks and uncertainties, including those of which the Company is currently unaware or
the Company currently deems immaterial, may also have a material adverse effect on the Company’s business.
The Company may not be able to attract new enterprise customers or maintain its existing relationships with its
enterprise customers, or transition them to the Company’s latest enterprise software platforms and deploy
BlackBerry smartphones.
The Company’s current focus is on serving enterprise customers, particularly in regulated industries, including financial
services, government and healthcare. In fiscal 2016, the Company undertook numerous initiatives to enhance its enterprise
product and service offerings, including the strategic acquisitions of Good, AtHoc and Watchdox, the launch of the PRIV, the
introduction of BES12 Cloud, and the integration of Samsung KNOX with WorkLife by BlackBerry and SecuSUITE with
BlackBerry enterprise solutions offered through Samsung Business Services. If the Company’s new products and services,
including the Good Secure EMM Suites, are not competitive, do not align with customers’ needs, are not launched as per
announced timelines or if they experience quality or performance issues, results of operations could be materially impacted.
While the Company expects these initiatives to improve and enhance its strength in enterprise solutions, there can be no
assurance that new enterprise customers will be attracted or existing ones maintained.