Enterprise Risk Management System
OTE Group has developed an Enterprise Risk Management (ERM) System that supports Management in its strategic decisions, through the identification, evaluation, communication and management of enterprise risks.
In this context, the OTE Group ERM System defines the strategy for monitoring, response and management of enterprise risks, in order to:
• Ensure that existing OTE Group risks are systematically identified, analyzed and evaluated and that information relevant to risks and corresponding opportunities is promptly communicated to the competent decision-making bodies.
• Record OTE Group response to identified risks as well as to evaluate mitigating alternatives (such as transfer the risk to third parties, e.g. insurance companies).
• Establish tolerance limits (thresholds) for each level of risk assessment and evaluation. In case these limits are exceeded, relevant reporting takes place.
• Implement a common methodology across the OTE Group for the identification, evaluation and management of enterprise risks.
The OTE Group Enterprise Risk Management System, whose main objective is to safeguard the smooth operation and the future corporate success of OTE Group, is based on the COSO ERM Framework, and has received attestation according to the international risk management Standard ISO 31000:2018 "Risk Management-Guidelines" by an independent certification body.
At OTE Group, Risk Assessment is a structured process for risk identification, analysis, evaluation and management of enterprise risks, in order to ensure better decision making by the company's competent bodies and that appropriate mitigation has been developed to address these risks and monitor the implementation of relevant measures.
In this context, a common Risk Assessment methodology is being applied to all risk assessments that are being performed by business units, with specific criteria for risk evaluation and assessment, in accordance with the requirements of the Standard ISO 31000 and based on the ERM OTE Group methodology. The same methodology is also being used in order to determine the risk impact and severance of each material topic, concerning the evaluation and analysis of material sustainability issues (Materiality Analysis) for the Group. The results of all individual risk assessments performed by business units and Group subsidiaries are included in the OTE Group Corporate Risk Register, for the systematic analysis and monitoring of enterprise risks, facilitating and supporting the implementation of effective risk management practices.
The OTE Group Enterprise Risk Management Framework is illustrated in the following figure:
Τhe Business Unit of Executive Director Compliance, Enterprise Risk Management & Insurance OTE Group, which is responsible for the planning and adoption of the ERM System, reports directly to the Company's Board of Directors. The Business Unit is, inter alia, responsible for the maintenance and continuous monitoring of the OTE Group Corporate Risk Register, which is the central repository of all Group risks.
For the implementation of the ERM System, Risk Managers have been designated at the business units as well as at the Group subsidiary companies. The tasks of Risk Managers include the reporting and monitoring of the risks managed by their business units / subsidiary companies of the Group, in compliance with the OTE Group ERM methodology.
Moreover, the OTE Group Compliance, Enterprise Risks & Corporate Governance Committee has been established. The main purpose of the Committee is to support and monitor the implementation of the Compliance Management (CMS), Risk Management (RMS) and Corporate Governance Systems.
In this context, the Committee supports the Executive Director Compliance, Enterprise Risk Management & Insurance OTE Group on compliance, enterprise risk management, corporate governance and human rights issues, reviews the periodic Compliance and Risk reports by assessing the completeness, correctness and accuracy of the relevant reports and notifies accordingly the Company’s Audit Committee and the Board of Directors.