Vodafone 2015 Annual Report Download - page 34

Download and view the complete annual report

Please find page 34 of the 2015 Vodafone annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 216

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216

Risk management
Our risk management
approach
Vodafone recognises that effective risk
management is critical to enable us to meet
our strategic objectives.
The Board has overall responsibility for the
Group’s risk management and internal controls
system. The Audit and Risk Committee, under
delegation from the Board, monitors the
nature and extent of risk exposure against risk
appetite for our principal risks. Details of the
activities of the Audit and Risk Committee are
set out on pages 63 to 68 of this report.
At an operational level, risks are reviewed and
managed by the Executive Committee and
through its delegated sub-committee, the Risk
and Compliance Committee. Details of the
activities of the Risk and Compliance Committee
are set out on page 71 of this report.
Identifying our principal risks
Vodafone identies its principal risks through
annual ‘bottom up’ and ‘top down’ exercises.
The bottom up exercise is conducted
by each majority-owned subsidiary company
in 25 markets, together with three major
central companies responsible for shared
service centres, roaming and enterprise
services. Each of these 28 entities identies
their top ten risks together with their tolerance
for these risks. The top down exercise includes
interviews with around 30senior executives.
The output from the aggregated results of the
top down and bottom up exercises produces
a list of principal risks that are reviewed and
agreed by the Executive Committee, prior
to review by the Audit and Risk Committee.
Each principal risk is assigned to a senior
executive who is responsible for managing
the risk and reporting on progress to the
Executive Committee.
Our principal risks
Vodafone’s principal risks are relatively similar
to those reported last year, although with
some movement on the relative ranking
of these risks and two new risks added:
(i)major Enterprise contracts and (ii) superior
customer experience.
The risks are each classied as nancial,
operational, compliance, strategic
or reputational. Vodafone’s decentralised
operations and global scale reduces the
impact of many of its operational risks.
Identifying and
managing our risks
We have a clear framework for identifying and managing risk, both
at an operational and strategic level. Our risk identication and mitigation
processes have been designed to be responsive to the ever-changing
environments in which we operate.
Internal audit
Supports Group/
local audit
committees in
reviewing the
effectiveness
of the risk
management
framework
Board/Audit &
Risk Committee
Local Chief Executives
& Executive Committee
Risk & Compliance Committee
(sub-committee of the
Executive Committee)
a Decides on principal risks
a Determines risk appetite
a Decides risk response for risks
that exceed tolerance
a Monitors risk management
a Sets cultural tone
Operational level
a Local risk owners – key functional owner for a principal local or global risk, responsible for local programme
to measure, manage, monitor and report on the risk
a Local risk coordinators – main point of contact in each market on risk, help to coordinate all activities including
enterprise risk management exercise and reporting to the local Chief Executive on overall risk management
a Local audit committees – track remedial actions for principal risks in market
Risk and Compliance Director
a Responsible for global risk
management framework
a Monitors Group level risks,
controls and actions
a Supports the Executive
Committee in monitoring risk
exposure versus appetite
a Manages global risk community
a Aligns risks to assurance
Group risk owners
a Identify relevant controls
a Manage global
remediation programmes
a Report on progress to Risk and
Compliance Director
Top
down
Group
level
Bottom
up
Entity
level
a Overall responsibility for Group’s risk management and internal controls system
a Monitors nature and extent of risk exposure against risk appetite for principal risks
a Set local objectives and risk appetite in line with Group guidance
a Overall responsibility for culture, local risk management and controls
Vodafone Group Plc
Annual Report 2015
32