• 
• Overview

  • This report

    Our integrated reporting journey How to get the most out of our integrated report Feedback

    Snapshot

    Snapshot of performance

    About us

    What we do Where we operate Where our industry is heading The people who keep us in business What we live for How we're managed Who governs us Who leads us
• Reviews

  • Performance reviews

    Chairman's statement Interview with the CEO Interview with the CFO

    Strategic reviews

    Grow passionate promoters by dramatically improving the customer experience Actively create an environment for our people to excel and grow Put the power of the internet in people's hands Together drive operational excellence Proactively partner with our stakeholders
• Governance
  • Business principles Abridged corporate governance statement Risk management report Remuneration report
• Summaries
  • Summary financial information Integrated performance indicators Consolidated value-added statement
• Information
  • Assurance Directors' responsibility statement
• Search

Risk management report

Risk management report

"We all take risks every day - whether it's getting in the car in the morning or walking down a flight of stairs. Without taking risks we wouldn't be able to innovate or grow. The challenge for Vodacom is to make sure that we have identified the risks we're taking, mitigated potential mishaps, and above all to make sure that we never cross the line between having a healthy appreciation of risk and becoming reckless."

Johan van Graan, Chief Risk Officer

Management develops and enhances its risk and control procedures on an ongoing basis. This is aimed at continuously improving the identification, assessment and monitoring of risk. Directors consider our strategic risks when they formulate strategy, approve budgets and monitor progress against business plans. We have a dedicated Risk Group that reports to the Chief Risk Officer. The unit is tasked with helping to embed risk management within the Group, to assist in identifying, assessing and recording strategic risks and to monitor procedures aimed at mitigating them. This year we established Risk Management Committees in Tanzania, DRC, Mozambique and Lesotho. The committees are chaired by the respective Managing Directors and include the executive committee of each country. Their mandates are identical to that of the Group Risk Management Committee ('GRMC'), which is set out in the risk policy, detailing the objectives, scope, approach and roles and responsibilities.

How we manage risk

The GRMC meets four times a year and is chaired by the Chief Financial Officer. Current membership comprises the Group Executive Committee members, the Chief Risk Officer and the Managing Directors of each operating company. The GRMC also acts as the Risk Management Committee for Vodacom SA. The main functions of the GRMC are to:

• approve the list of high and critical strategic risks that are presented to the Group Board yearly; and • oversee and monitor the structures and projects aimed at managing specific risks.

Risks are managed by three main structures, namely the Risk Management Committees; the Risk Group; and line management. Risks are identified at five different levels, namely project, process, operational, tactical and strategic levels. Risks are regularly reviewed and updated. For strategic risks, a filtering process and clear reporting lines ensure that critical and high risks are reported to the Risk Management Committees and escalated to the various boards in each operating company. The Group Board reviews the list of strategic and critical risks regularly as required by King III. The Board also approves the Company's risk tolerance yearly.

for more details on the activities of the Audit, Risk and Compliance Committee.

The process we follow

Our process of defining, assessing, classifying and monitoring risks is set out below.

Defining the risks Various levels of management in each operating company defi ne risks at project, process, operational, tactical and strategic levels. The Board sets the levels of risk tolerance yearly.      Assessing the likelihood of the risks happening Risks are assessed based on the likelihood of them happening after taking into account controls in place to mitigate them. Again we use a scale from 1 to 5, where 1 is ‘never’ and 5 is ‘almost certain’. When we rate a risk ‘5’, it means the controls in place will not prevent the risk from happening due to factors outside our control.     Monitoring and reporting the risks We capture well over 2 000 operational, tactical and strategic risks across the Group in our risk system, Cura. We manage risks continually and review them quarterly. We also involve internal audit and report back to the Group’s Audit, Risk and Compliance Committee and the Board quarterly.     Assessing the impact of the risks on the organisation should they happen Risks are assessed based on their potential impact on the business (customers, business systems, employees), fi nancial position and reputation. A level 1 risk is seen as insignifi cant and level 5 is catastrophic. For example, if more than half of our customers would be impacted by the risk, it would be classifi ed as level 5.     Classifying the risks We classify risks as critical, high, medium and low based on their impact and likelihood of them occurring. So where a risk has a high likelihood of occurring and the impact on our business, financial position or reputation is high it would be considered critical.

Major strategic risks

Risk   Context   Mitigating factors Regulatory decisions and changes in regulation   We comply with a wide range of requirements that regulate the licensing, construction and operation of our networks in the countries we operate in. In particular, the decisions of regulators on granting spectrum licences as well as wholesale and retail tariffs may affect us negatively.   • We have specialist regulatory and government relation teams that understand legislation and regulation. • We participate actively in written submissions and formal hearings on legislative and regulatory changes. • We have access to best practice and international debate through Vodafone. • We conduct detailed scenario planning on an ongoing basis. Increased competition   We are facing intense competition in all our markets. Our ability to compete effectively depends on network quality, capacity and coverage, pricing of services and devices, quality of customer services, developing new and improved products and services in response to customer demands, new technologies, reach and quality of sales and distribution channels, and capital resources. In particular, pushing down prices to stay competitive along with increased capital investment to support growth in traffic, may impact our financial performance negatively.   • We continue to invest in network coverage and quality.  • We continue to expand distribution. • We're focused on dramatically improving the customer experience across all customer touchpoints.  • We offer a wide range of devices at competitive prices. • We continue to offer more value to customers through promotions and discounts. Unpredictable political, economic and legal risks   Political, economic and legal risks in some of our markets may be less predictable than in countries with more developed institutional structures. The value of our investments in these markets may be negatively affected by political, economic and legal developments beyond our control. In particular, the mobile communications industry can often be subject to unpredictable, higher direct and indirect taxes in these countries.   • We have a comprehensive stakeholder relations strategy in place in all the countries we operate in. • We have a specialised tax management capability and seek expert tax advice as needed. • We will consider litigation to enforce compliance with legislation. Customer registration   Customer registration is a requirement in South Africa, Tanzania, DRC and Mozambique. Implementing customer registration requirements in our markets is costly and may negatively affect our ability to connect customers easily. We may also be required to disconnect customers that do not register.   • We have specialist regulatory and government relation teams that understand legislation and regulation. • We continue to invest in educating our customers on these requirements. • We offer incentives to customers to register in good time. Major network and billing infrastructure failures   We operate complex mobile networks that rely on third parties to provide power or transmission. In certain countries, like Mozambique and Lesotho, we have limited redundancy in our master switching centres. Network and billing infrastructure may also be damaged by natural disasters or terrorism. In particular, network outages may impact customer usage and revenue negatively.    • We have comprehensive business continuity and disaster recovery plans in place. • We invest in maintaining and upgrading our networks on an ongoing basis. • We are self-providing transmission links on critical routes in our networks to reduce reliance on external parties. • We are making investments to ensure adequate redundancy capabilities where feasible. • We have comprehensive insurance in place. • We continue to consider dual generator and alternative energy supply solutions where feasible.