BT 2011 Annual Report Download - page 43

Download and view the complete annual report

Please find page 43 of the 2011 BT annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 189

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189

BUSINESS REVIEW
40
OUR RISKS
Our risks
Security and resilience
BT is dependent on the secure operation and resilience of its
information systems, networks and data. The scale of our
business and global nature of our operations means we are
required to manage significant volumes of personal and
commercially sensitive information.
BT stores and transmits data for its own purposes and on behalf
of customers, all of which needs to be safeguarded from
potential exposure, loss or corruption, and therefore receives a
high level of management attention and security measures.
Certain of our customers require specific, highly sophisticated
security provisioning which we are contractually obliged to meet
and through our continuing success in meeting those
requirements we are able to differentiate our offerings from
those of our competitors.
Impact
Failure or interruption of data transfer could have a significant
adverse effect on the business. A breach of our security and/or
resilience affecting BT’s own operations or those of our
customers could lead to an extended interruption to network
services and even national infrastructure. Such failure may lead
to a loss of customer confidence, termination of contracts, loss
of revenue and reduced cash resources. Additional reputational
damage and financial loss may arise from a breach involving a
legal failing such as breaching data protection requirements.
Risk mitigation
We operate well established policies addressing the security and
resilience requirements of our operations, our systems and
systems operated by us for our customers. We have a corporate
resilience strategy and business continuity plans in place
designed to deal with catastrophic events including, for
example, major terrorist action, industrial action, cyber-attacks
or natural disasters.
Our mitigations for this diverse risk are continuously reviewed
and updated which, in 2011, led to more stringent application
of data encryption and segregation measures, the deployment
of increasingly sophisticated anomaly and intrusion detection
systems, and migration to distributed and virtual data centre
designs that provide much greater inherent resilience.
Major contracts
We have a number of complex and high value contracts with
certain customers. The profitability of, and revenue arising from,
these contracts is subject to a number of factors including:
variation in cost and achievement of cost reductions anticipated
in the contract pricing, both in terms of scale and time; delays in
delivery or achieving agreed milestones owing to factors either
within or outside of our control; changes in customers’
requirements, budgets, strategies or businesses; the
performance of our suppliers; and other factors. Any of these
factors could make a contract less profitable or even loss
making.
The degree of risk varies generally in proportion to the scope
and life of the contract and is typically higher in the early
transitional and transformational stages of the contract. Some
customer contracts require significant investment in the early
stages, which is expected to be recovered over the life of the
contract. Major contracts often involve the implementation of
new systems and communications networks, transformation of
legacy networks and the development of new technologies. The
recoverability of these upfront costs may be adversely impacted
by delays or failure to meet milestones. Substantial performance
risk exists in these contracts, and some or all elements of
performance depend upon successful completion of the
transition, development, transformation and deployment
phases.
Impact
Failure to manage and meet our commitments under these
contracts, as well as changes in customers’ requirements,
budgets, strategies or businesses may lead to a reduction in our
expected future revenue, profitability and cash generation. We
may lose significant revenues due to the merger or acquisition of
customers, changes to customer strategy, business failure or
contract termination. Failure to replace the revenue and
earnings thereby lost from such customers will lead to reduction
in revenue, profitability and cash flow.
Risk mitigation
We have developed business processes in support of each stage
of the major contract life cycle: bid, in life, renewal and
termination. Our programme of in-life reviews has been
enhanced over the past two years and is designed to validate
financial and non-financial controls over delivery of the
contracts and incorporates tiered levels of defined review
according to the scale and complexity of the contract. All our
contracts are subject to regular management review and many
are subject to independent review (both internal and external)
as part of that governance. Independent review helps us
identify lessons learned and to promulgate best practice
through the business.
OVERVIEWBUSINESS REVIEWFINANCIAL REVIEWREPORT OF THE DIRECTORSFINANCIAL STATEMENTSADDITIONAL INFORMATION