4 minute read
Risk Management
Managing risks and uncertainties is a fundamental part of successfully delivering our strategic objectives. Our enterprise risk team governs and implements a risk management framework using the three lines of defence model. This framework enables a consistent approach to how we identify, assess, manage and monitor the risks and uncertainties to the successful delivery of our strategic objectives.
The business provides the first line of defence, leading and directing actions and application of resources to achieve objectives. Appropriate structures and processes for the management of operations, risk and internal control are established and maintained. The first line also ensures compliance with legal and regulatory expectations.
Business lines are supported by a network of risk champions and the second line.
Risk oversight is provided by the risk team, who sets policy, detailed risk reviews and provides guidance and support to risk owners and champions.
The risk team reports quarterly to JT’s Executive Committee, who are responsible for setting risk appetite and direction of strategy as it relates to principal risk. Further reporting to the audit and Risk Committee is provided on a quarterly basis.
Assurance is provided by JT’s internal audit team, who communicate independent and objective assurance and advice to management on the adequacy and effectiveness of governance, risk management and internal control to support the achievement of JT’s objectives.
Risk Matrix
JT’s current portfolio of identified risks is reflected in the heatmap to the left. Each risk is positioned against their current impact and likelihood score.
The scoring methodology, review, and management processes for these risks are aligned to ISO31000:2018.
A summary of the key risks that have the potential to threaten the delivery of JT’s objectives – ‘JT’s Principle Risks’are provided within the table to the right. The Principle Risks highlighted, show eight of JT’s key risks out of the overall Risk Matrix, to demonstrate their direct relationships to JT’s strategic objectives. 1
Key for risk table (p17)
Principal Risks and Uncertainties
The most significant risks – those which could affect our strategic objectives, future performance, viability, and/or reputation –form our principal risks. Principal risks draw upon the significant corporate risks recorded in each business line with ongoing input from our senior leaders and respective oversight committees. These risks are reviewed by the Audit & Risk Committee and the Board quarterly. Each principal risk aligns to one of our four key strategic priorities covered on p6.
Principal Risk Areas of Focus for 2023 Key Controls and Mitigating Factors
Network stability and reliability
Risk: that we are unable to maintain a stable and secure network that meets the expectations of our stakeholders
• Significant investment in JT’s infrastructure and systems, to improve network resilience, security and further ensure the reliability of calls to emergency services. The investment includes a multi-year programme for the delivery of 5G and replacement of our existing mobile network provider
• Continued implementation of a Security Operations Centre
• JT continues to invest in the quality, resilience, security and monitoring of its networks, which included in 2022 the formation of a new Network Operations Centre providing 24/7 monitoring, alerting and incident response capabilities
Regulatory framework: increased complexity
Risk: that the evolving regulatory landscape will increase complexity across both Islands
• Manage the programme needed to deliver the Telecom Security Act and code of practice, including removal of High Risk Vendors from JT’s network
• Enhance compliance and reporting to provide assurance to Regulators and our Shareholder
• Proactive engagement with regulators ensures that we can act quickly to any changes in the regulatory landscape
• A governance framework and mechanisms are in place for timely escalation and action
Events impacting customer experience
Risk: that our customers have a poor experience when using our products and services
• Continue to develop and enhance measurement and solutions that improve our customer experience
• Monitor customer impact of our product simplification programme
• Addressing customer feedback, proactive monitoring of SLAs and KPIs through regular dedicated forums
• Proactive communication on product migration
Ability to secure growth through the innovation of new products
Risk: associated with the need to simplify and manage the product portfolio whilst securing future growth through innovation and new product development
Change delivery
Risk: that JT does not deliver the transformation strategy
• Dedicated product function with focus on simplification, lifecycle and innovation
• Disciplined product roadmap prioritisation and governance
• Strengthen and build partnerships with existing and new partners
• Delivery on 2023 milestones for JT’s key strategic programmes of product simplification, digital transformation and autonomous networks
• Alignment of business prioritisation to improve throughput of effort and improved resource management
• Alignment on Product Strategy
• KPIs to track progression on product simplification targets
• Set of financial KPIs to track new revenue generation
• Executive oversight and response to KPIs, status and risk reporting
• Enhanced resource management
JT’s ability to attract and retain talent
Risk: that JT is unable to attract or retain sufficient people with the skills needed to deliver on its longer term ambitions
• Work with business to document and align strategic workforce plan and identify gaps
• JT undertakes demand and capacity assessments to identify and manage resource and change requirements
• Smart ways of working allow us to expand our talent reach through our flexible location working
• Monthly employee engagement surveys provide feedback to management for rapid action
Environmental, social and governance risks
Risk: that JT does not deliver on sustainability ambitions and fails to manage its appetite for ESG risks
Enterprise-wide process governance and control framework
Risk: that JT does not have an effective and efficient governance process and control framework
• Run material impact assessment on business activities to feed into JT’s sustainability reporting
• Continue to drive carbon reduction in line with science based targets
• 10-year sustainability strategy in place
• Proactive engagement with the Government of Jersey, suppliers and partners
• Enhance controls and processes with integration of JT’s Enterprise Resource Platform (ERP) solution during 2023
• Formalise and document process and control framework and embed within business processes
• Newly formed Corporate Services division brings together governance, risk & compliance roles to enable more focus on enhancement of JT’s control environment
• Internal audit and compliance checks of controls and assurance reporting to JT’s Audit & Risk Committee
• Executive oversight and response to audit actions and opinions