Risk management and internal control | Ooredoo corporate

Risk management and internal control

The risk management policy of Ooredoo Group requires the Group’s Board of Directors to implement a system for overseeing, managing, and controlling internal risks to protect the Company’s investments and operations inside and outside Qatar. This system is designed to:

− Identify, assess, monitor, and manage risks.

− Inform the Board of Directors about the actual changes of Ooredoo’s risk profile.

The Board is responsible for establishing the risk management system and for reviewing the effectiveness of its implementation in Ooredoo and its Group. Management is responsible for systematically identifying, assessing, monitoring, and managing material risks throughout the organization. This system includes the Company’s internal compliance and control systems.

In addition, the Company has tight controls and well-established systems that control its transactions and relationships with related parties. Ooredoo Group implements a risk management policy at Group level, where it states that the Group’s Board of Directors, supported by Audit Committee and Internal Audit Department, will review all risks that Ooredoo and its subsidiaries might face every quarter. Identifying risks that might face any of the operating companies is the responsibility of its executive management and employees. The Group’s Risk Management examines the risk ratings determined, and the action plans to address these risks.

In undertaking the above, Internal Audit provides support to risk management in the Group. The risk pooling and actions planned to be taken to mitigate the effects of risks are set out in the existing procedures for the annual strategic planning of the Group. Measures for identifying and managing risks vary between operating companies, but they are now being standardized, starting with reviewing and amending Audit Committee charters in operating companies to ensure that audit committees are permanently assigned to oversee risk management in Ooredoo’s subsidiaries.

High-level financial measurements are collected at Group level according to recurring timetables, monthly, quarterly, or yearly depending on the details required. These measurements provide an indication of the risks faced by each operating company, with special attention to issues of cash and funding needs, as well as preparedness to deal with the unexpected. The Company is currently updating its methods so it can collect more detailed data about risk management. The Company has already started to study offers from developers of automated systems that can be used at Group level to collect and manage risk databases that have been identified, and procedures to address them. The Department works on analyzing risk management efficiency in Ooredoo, in addition to internal compliance and control systems and their efficiency.

Ooredoo also implements a system to compare external markets with the procedures in place to manage risk. This is to guarantee implementing the best practices.