Integrated Report 2018

  • Introduction
    • Message from CEO
    • About the report
  • Company and our stakeholders
    • About our company
    • Our stakeholders
  • Business model and value creation
    • Business model and value creation
    • Key resources
    • Business model
    • External environment
    • Internal environment
  • Strategy
    • Q&A with CEO
    • Our strategy
  • Results
    • Q&A with CFO
    • Outputs & outcomes
    • Financial review
  • Risk
    • Risk management
    • Risk exposure
  • Corporate governance
    • Our approach to corporate governance
    • Our governance structure
    • Governing bodies activities in 2018
  • Selected financial data
  • Appendix
    • GRI table
    • Defining the Reports content
    • Sustainable Development Goals
    • Methodology
    • Glossary
    • Independent Limited Assurance Statement
    • Contact information
Risk management

Risk Management

Orange Polska is exposed to a range of external and internal risks of varying types which can impact the achievement of its objectives. Therefore, Orange Polska maintains a risk management framework to identify, assess and manage risks. This framework has been based on the ISO 31000:2009 standard. Leaders within the Group’s individual business areas and functions are responsible for the assessment and management of risks, including the identification and escalation of new/emerging circumstances, and monitoring and reporting on both the risks themselves and the effectiveness of control measures. Events are considered in the context of their potential impact on the delivery of our business objectives

Orange Polska’s three lines of defence

range Polska’s three lines of defence

Appetite for risk

We assess event-based risks according to their likelihood and impact in terms of financial, reputational, business continuity and human resources loss. If the consequences are, for example, both financial and reputational, the risk is assessed according to the most negative consequence. When the negative impact of a risk is assessed as exceeding the acceptable level, mandatory mitigation measures are put in place to prevent or minimise losses. The effectiveness of such measures is verified on an ongoing basis, and they are adjusted as required.

Risk management process

A list of TOP risks is developed as a result of individual meetings with Board Members and Executive Directors, who indicate significant events that have the potential to jeopardise the Company’s strategy. Based on the risks identified in this process, their owners continue with further assessment of the risk likelihood and impact, as well as assigning mitigation measures and appointing the managers responsible for the implementation thereof. The outcome of the analysis of each TOP risk is subject to approval by the Board Member or Executive Director responsible for the particular area and, in case of potential financial loss, also by the Chief Financial Officer.

The risk management process in Orange Polska is shown in the diagram on the right.

The risk management process in Orange Polska

The risk management process in Orange Polska

Reporting

Indicative heat maps are used to report and evaluate risks. This example presents a risk that has low reputational impact, but moderate impact in terms of business continuity. Therefore, the overall assessment of the risk would be medium.

The TOP risks are reviewed at meetings of the Management Board and the Supervisory Board.

TOP risks

The TOP risks, which are set out in the table on pages 82-85 are clusters of event-based risks that could have a material impact on the business model, future performance, solvency or liquidity of the Group. In each case, the extent to which the Management Board can mitigate the risk is highlighted.

The risk areas included in the TOP list are those which most strongly define our business activities and contribute to the loss or gain of value, and they are subject to change. For example, in 2018 we determined that the risk related to labour shortage had been sufficiently mitigated by our remedial actions, and could be delegated to the respective business areas. We also identify and monitor risks related to our impact on society and the natural environment. However, these are not included in the TOP risks as they do not meet the threshold for value impact.

Risk exposure

Each category’s current exposure relative to the previous year is indicated by the arrow in the risk exposure column.

Sample heat map

Sample heat map