| Home | Book 2 - MTN Financial Statements | Downloads | Glossary of terms |
 
Home | How we run our business | Risk management
 
Sustainability review
Corporate governance
Risk management

Risk management

Management of the Group is responsible for the on-theground implementation of adequate and effective internal control mechanisms.

Risk management mechanisms

As a company that operates in and understands emerging markets, MTN believes that risk management is fundamental to effective corporate governance and the development of a sustainable business. The group has adopted a risk philosophy that is aimed at maximising business success and shareholder value by effectively balancing risk and reward.

MTN’s objective with risk management is to embed the process into the day-to-day running of the business in a practical manner. This involves continual pro-active identification and understanding of risk factors and events that may impact business objectives, development of appropriate response strategies, and continual monitoring and reporting. This is done through the implementation of various risk management and governance mechanisms. These include:

  • Measuring the effective implementation by the various operations’ chief executives and other management of corporate governance measures.
  • Embedding risk management procedures into day-to-day activities such as business planning, operational reviews, projects etc.
  • Business risk management functions in most operations to facilitate, co-ordinate and monitor the effective implementation of risk management mechanisms.
  • Assurance from internal audit on the internal control environment.
  • Audit and risk committees in all operations.
  • Group oversight.

Roles and responsibilities for risk management and internal control

Group board of directors

The Group board of directors is ultimately responsible for oversight of proper risk management and internal control mechanisms.

Sub-committee oversight

The Group board is supported by two sub-committees, namely the Group audit committee and the Group risk management and compliance committee. The Group audit committee is the oversight body for the implementation of adequate and effective internal control mechanisms in the Group. The Group risk management and compliance committee is the oversight body for risk management in the Group. It sets and approves
the risk management framework, and reviews the overall effectiveness of risk management structures and response strategies. At a lower level, each operating company has its own audit and risk committee which is a sub-committee of the board of directors of that operating company. These committees are chaired by independent non-executive directors and essentially mirror on a lower level the role of the Group audit committee and Group risk management and compliance committee. These committees report to the Group committees on a regular basis to ensure oversight from a Group perspective.

Management

Management of the Group is responsible for the on-theground implementation of adequate and effective internal control mechanisms. Management is represented at a Group level by the Group executive committee, headed by the Group president and chief executive officer, and at an operating company level by the chief executive officer of each operating company.

Independent business risk management function Business risk management is an independent function responsible for the disciplines of enterprise risk management, internal audit and fraud risk management. It is headed by a Group executive who reports directly to the Group president and chief executive officer and has direct access to and regular meetings with the chairpersons of the Group audit committee and Group risk management and compliance committee. The focus of the Group business risk management function is to provide support and guidance and to ensure that the maturity of risk management practices in all operations is improved. This is done through the implementation of a set of maturity models which guide the business risk management functions in the operations. MTN now has business risk management functions in all but two of its operations with oversight from the Group business risk management function. We plan to introduce business risk management functions in the two outstanding operations in due course. As a result of management's efforts, the average maturity level of MTN's business risk disciplines has improved by more than 50% during 2008 and the goal is to continue this trend during 2009. MTN now has in excess of 100 risk and internal audit specialists employed in these functions.

Enterprise risk management

As far as enterprise risk management is concerned, the business risk management function is responsible for ensuring the existence of an effective framework for risk management and driving the implementation of this framework throughout the Group. This is done by assisting and educating management on the topic and by ensuring effective reporting and escalation of risks.

The process of risk management in the Group is guided by a risk framework which is based on best practice risk management procedures. The Group business risk management function, together with management, has the mandate and responsibility of ensuring that adequate risk management processes are implemented in all areas of the business in line with the risk framework.

Risk appetite

MTN's risk appetite is determined by type of risk. This allows for a more controlled way of managing risk levels. Aggregation of total risk is done qualitatively and the Group risk management and compliance committee assesses the acceptability of MTN's consolidated risk profile. A project to expand the Group delegation of authority to include escalation and approval of risk response strategies is under way.

Insurance and risk transfer

MTN has in place a comprehensive insurance programme which covers perils such as material damage/business interruption, political risk, public liability, directors' and officers' liability, crime and professional indemnity. The limits of indemnity for these covers have been structured to optimise the balance between maximum potential loss and containing premiums. MTN also believes that risk retention and selfinsurance are necessary to keep premiums at reasonable levels and show commitment towards risk management. MTN's risk retention levels differ from policy to policy but range between USD150 000 and USD3 000 000.

Fraud risk management

The business risk management function is responsible for assessing fraud risk across the Group and driving the implementation of fraud prevention activities, which include whistleblowing processes. Business risk management is also responsible for detecting and investigating fraud. The implementation of fraud prevention mechanisms in the Group remains a priority. There was an increase in the number of fraud and theft cases reported in 2008. We believe that was not due to an increase in fraud and theft activities but was mainly due to the implementation of improved fraud prevention and detection mechanisms which included the implementation of a Group-wide fraud incidents register, conducting fraud risk assessments in most operations and the implementation of improved whistleblowing mechanisms. The overall value of fraud and theft incidents uncovered to date is not material.

In 2009 we will focus on the following inherent fraud risk categories from both a fraud risk and internal audit point of view:

  • Procurement – conflict of interest and collusion with suppliers.
  • Asset and inventory theft.
  • Site acquisition and construction.
  • Manipulation of billing data.
  • Bribery and corruption.

Internal audit

The business risk management function has a separate internal audit discipline which is responsible for providing independent internal audit assurance to the Group. The independence of the internal audit discipline is maintained by ensuring that internal audit employees are not involved in risk management activities and by virtue of the fact that internal audit work is ultimately governed by the Group audit committee.

Internal audit activity in the Group increased significantly during 2008. This was a result of the creation of an internal audit presence in operations that previously did not have full-time audit functions and the implementation of an internal audit assurance partnership with one of the ‘Big 4’ audit firms.

For 2009, more than 110 000 internal audit hours are planned compared to 94 000 for 2008. The distribution of these hours in the various core business areas can be illustrated as follows:

Planned audit hours (core business areas)
Planned audit hours (core business areas)

The split of audit hours planned for 2009 between the various country operations is illustrated as follows:

Planned audit hours (countries)
Planned audit hours (countries)

Not only was there a significant increase in internal audit activity during 2008 but there was also an improvement in the maturity and quality of internal audit assurance. This was as a result of the implementation of extensive training of internal audit staff and adoption of improved methodologies and reporting.

Principal risks

Principal risks

The board believes that management has identified the core risks in relation to the Group. These, as displayed in the graphic above, are categorised into operational, telecoms sector, strategy and macro-economic risks.

MTN’s principal risks fall mainly into the macro-economic and telecoms sector categories.

Two factors that could adversely affect MTN’s revenue and market share are the potential impact of the world economic downturn on emerging markets and increased competition in these markets. The impact of the economic downturn is difficult to quantify, but is a significant risk to the Group. A number of European operators are already showing signs of a slowdown but the impact on our markets to date has not been significant and, as mentioned in the Group president and CEO’s report, MTN remains cautiously optimistic about 2009. Competition in emerging markets has increased significantly over the past year and is expected to accelerate as major European and Middle Eastern operators expand into the developing markets. MTN believes that its innovative marketing and product delivery strategies will manage the impact of these factors. MTN’s latest results are evidence of this. Innovations like the MTN Zone dynamic tariffing offering have done particularly well and have positioned us well in a number of countries.

The Group operates in environments which can, and do, present challenges from a political and regulatory perspective. These challenges are often beyond MTN's control and any resulting inability to operate successfully in these countries as a consequence of these challenges could have a significantly negative impact on the Group. MTN operates in varying regulatory environments - some of which are immature. The result is often regulations that are uncertain or inconsistent. MTN is confident that its risk management strategies to respond to these risks have prevented any significant negative impact to the Group so far. These strategies include strict compliance with regulations, physical security measures, risk transfer and insurance strategies and good corporate citizenship. The political situation in some of the countries we operate in continues to be challenging. As a result, the Group has created a crisis operations centre based at its head office to assist the Group and its operations to maximise the safety of our staff, protect our infrastructure and respond pro-actively to incidents. Turmoil in Afghanistan during 2008 resulted in some infrastructure losses for MTN and other mobile operators. Tragically one MTN employee and his family were killed during an attack in Afghanistan.

In just over two years, MTN's network in Iran has achieved phenomenal subscriber growth, bringing subscriber numbers to the third highest in the Group. The impact of economic sanctions on certain of the countries in which we operate is still seen as a risk to the Group, particularly from a supply chain and economic growth point of view.

The impact of the current economic crisis on the currencies of emerging markets remains a risk to the Group. This risk is managed through our centralised Treasury function with the implementation of various mechanisms and procedures to respond to this risk as far as it is within MTN's control.

Key operational risks in the Group include network performance in certain countries. Significant focus has been placed on the mitigation of this risk over the last year, with extensive investment in our networks to increase redundancy, increase network availability and reduce congestion. A key challenge to the Group remains adaptation to the skills required for the new-generation networks and furthermore to have the right resources to keep up with the expected strong growth in the business. The implementation of the MTN Academy will help address these needs.

The repatriation of earnings from most of the Group’s operations has continued as planned. There are, however, some isolated cases where problems have been experienced. In these cases MTN has engaged the relevant authorities in order to resolve the issues.

 
Copyright 2009 © Mobile Telephone Networks. All rights reserved.
© 2005 FIFA TM