BT 2012 Annual Report Download - page 37

Download and view the complete annual report

Please find page 37 of the 2012 BT annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 205

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205

34
34 Strategy
Our risks
Security and resilience
Our reputation for secure and resilient services relies on the
quality, integrity and reliability of our global information systems,
networks and infrastructure. The scale of our business and global
nature of our operations means we are required to manage
significant volumes of personal and commercially sensitive
information which are stored and transmitted to meet our own
business purposes and those of our customers. All of this needs to
be safeguarded from potential exposure, loss or corruption.
Increasing dependence on voice and data transmission in a variety
of forms is accompanied by high expectations about service
continuity. In addition, concerns about interception, corruption
and theft of information lead to requirements for stringent
security measures, in an environment where attacks are becoming
more frequent and sophisticated. Certain of our customers
require specific, highly sophisticated security provisioning which
we are contractually obliged to meet if we are to continue to be
able to differentiate our offerings from those of our competitors.
Changes over the last year
Reports of and attention paid to computer hacking incidents
have increased concerns about the likelihood of a cyber attack.
Enhanced laptop encryption and significant improvements in the
protection and segregation of credit card data are some measures
which we have taken to manage this risk. We continue to evolve
our strategy and capabilities to seek to protect our business
against the threat of attacks. The increased threat we have faced
in the UK from cable theft, together with actions we have taken in
response, are set out in more detail on page23.
Impact
Failure or interruption of data transfer could have a significant
adverse effect on our business. A breach of our security and/or
resilience affecting our own operations or those of our customers
could lead to an extended interruption to network services and
even affect national infrastructure. Such failure may lead to a loss
of customer confidence, termination of contracts, loss of revenue,
and reduced cash resources through penalties and unplanned
costs of restoration and improvement. Additional reputational
damage and financial loss may arise from a breach involving a
legal failing such as breaching data protection requirements.
Risk mitigation
We operate well established policies addressing the security and
resilience requirements of our operations, our own systems and
systems operated by us for our customers. Compliance with these
policies is routinely monitored. We apply stringent application
and data encryption measures, deploy increasingly sophisticated
anomaly and intrusion detection systems and utilise distributed
and virtual data centre designs which provide much greater
inherent resilience. We have a corporate resilience strategy that
combines formal business continuity plans with well tested,
rapid and flexible responses. These are designed to deal with
catastrophic incidents including for example, major terrorist
action, industrial action, cyber attacks or natural disasters.
Given our important role in the forthcoming London 2012
Olympic and Paralympic Games, safeguards and deterrent
measures have been increased, and incident responses rehearsed,
to increase the likelihood that any potential incidents can be
contained and dealt with as quickly as possible.
Major contracts
We have a number of complex and high-value contracts with
certain customers. The revenue arising from, and the profitability
of, these contracts are subject to a number of factors including:
variation in cost and achievement of cost reductions anticipated
in the contract pricing, both in terms of scale and time; delays
in delivery or achieving agreed milestones owing to factors
either within or outside of our control; changes in customers’
requirements, budgets, strategies or businesses; the performance
of our suppliers, and other factors. Any of these factors could
make a contract less profitable or even loss making.
The degree of risk varies generally in proportion to the scope and
life of the contract and is typically higher in the early transitional
and transformational stages of the contract. Some customer
contracts require investment in the early stages, which is expected
to be recovered over the life of the contract. Major contracts often
involve the implementation of new systems and communications
networks, transformation of legacy networks and the development
of new technologies. The recoverability of these upfront costs may
be adversely impacted by delays or failure to meet milestones.
Substantial performance risk exists in these contracts, and some or
all elements of performance depend upon successful completion of
the transition, development, transformation and deployment phases.
Changes over the last year
Global economic and credit market conditions, in Europe in
particular, have put increased financial and operational pressures
on our customers and have made the environment even more
competitive. As we continue to expand into emerging markets,
the landscape of our risks and opportunities naturally changes
as we must deal with rapidly evolving geo-political risks and
different trading environments and business practices. We are
able to draw on our experience in managing these risks and will
continue to apply the control framework and mitigation that is in
place for our major contracts.
Impact
Failure to manage and meet our commitments under these
contracts, as well as changes in customers’ requirements, budgets,
strategies or businesses, may lead to a reduction in our expected
future revenue, profitability and cash generation. We may lose
revenue due to the merger or acquisition of customers, changes to
customer strategy, business failure or contract termination. Failure
to replace the revenue and earnings lost from such customers could
lead to an overall reduction in revenue, profitability and cash flow.
Risk mitigation
We have in place business processes that support each stage of a
major contract’s life cycle: bid; in-life; renewal, and termination.
Our programme of in-life reviews has continued over the past
year. It is designed to validate financial and non-financial controls
over delivery of the contract. It incorporates tiered levels of
defined review according to the scale and complexity of the
contract. Controls are applied and regularly monitored across our
major contracts. All our major contracts are subject to regular
management review and many are subject to independent review
(both internal and external) as part of that governance.
We have started rolling out new and revised risk training material
with the objective of improving identification, evaluation and
management of risk on our major contracts. Our independent
review programme continues to help us identify lessons learned
and to promote best practice through the business.
Our principal risks
Overview
BusinessStrategy
Performance
Governance
Financial statements
Additional information Overview
BusinessStrategy
Performance
Governance
Financial statements
Additional information