Back to Home Page
Home MTN today Review of operations Sustainability review Corporate governance Annual financial statements Shareholders' information
Annual Report : Risk Management   Next : Glossary
Increase font size Decrease font size Print this page Email this page

Corporate governance - Contents

Risk Management

Risk Philosophy

“Enterprise is the undertaking of risk for reward. A thorough understanding of the risks accepted by a company in the pursuance of its objectives, together with those strategies employed to mitigate those risks, is thus essential for a proper appreciation of the company’s affairs by the board and stakeholders.”

King II Report on Corporate Governance

As a company that operates in emerging markets, MTN believes that risk management is fundamental to effective corporate governance and the development of a sustainable business. The Group has adopted a risk philosophy that is aligned to King II and is aimed at maximising business success and shareholder value by effectively balancing risk and reward.

MTN’s overall governance structure and integrated risk management framework guides the operations of our business units, which are primarily responsible and accountable for risk management.

back to top

Risk Management Objectives

We focus on improving our risk management process and embedding this into the business.

To manage the Group’s key risks, measurable objectives have been defined. They are:

  • Proactively identifying and understanding the risk factors and events that may have an impact on our business objectives.
  • Developing appropriate response strategies for risks, including taking calculated risks or managing risk through various initiatives.
  • Continuously monitoring and reporting risks.
  • Ensuring that risk management is a performance measurement for all managers.
  • Continually striving to embed risk management in day-to-day activities and Group values.

In the reporting period, MTN has continued to make progress towards achieving these objectives.

back to top

Risk Management Framework

Our board-approved framework is the foundation of Group risk management, and is guided by the risk philosophy and objectives. The framework is constantly revised to ensure alignment with industry developments on risk management.

  • Roles and responsibilities for risk management have been defined.
  • Appropriate structures ensure a continuous focus on risk management which is supported by an escalation structure for appropriate action and monitoring.
  • A defined process facilitates the identification, evaluation and reporting of risks and ensures appropriate responses.
  • Current focus in the Group is to embed the risk management process into the operational management of the Group.

back to top

Risk Management Information Flow

Risk Management Information Flow

(1) The role of the risk committees in most of our operations is fulfilled by the audit committee of the respective operations

back to top

Roles and Responsibilities

By devolving risk management to every level of the Group, we are developing an awareness about risk that is fundamental to our business operations.

  • Group board: The board has the ultimate responsibility for risk management. It considers risk reports from the group risk management and corporate governance committee and input from the group audit committee in assessing the effectiveness of MTN’s risk management.
  • Risk management and corporate governance committee: This board sub-committee is the oversight body for risk management. It sets and approves the Group risk management framework, and reviews the overall effectiveness of risk management structures and practices. It reviews the Group risk profile and management’s reports on the mitigation of key risks, and oversees reporting on risk matters to stakeholders. This committee and those for each country operation meet regularly.
  • Group risk officer: The Group risk officer reports to the Group CEO, risk management and corporate governance committee and group audit committee. The risk management function is an independent specialist function that ensures an effective framework is maintained throughout the Group. This includes:
    • Assisting executive management and operating committees to perform risk management processes.
    • Providing a central source of information and guidance on risk management.
    • Heightening awareness of risk management throughout the Group.
    • Ensuring consistency in evaluating and reporting risks to facilitate comparison at organisational level.
    • Co-ordinating and collating risk reports for assessment by management and board committees.
  • Operational risk and audit committees: These are the oversight bodies for each country operation and are sub-committees of the boards of the operations. In South Africa, this function is performed by the risk management and corporate governance committee. In all other countries, the audit committee fulfils the role of the risk committee with a separate agenda for risk management.
  • The chief executive and management of each operation take ownership for day-to-day management of the operation and its risks, supported by the local risk manager or head of internal audit. Management is responsible for identifying new risks, determining mitigating strategies and actively tracking progress. Management also has to ensure that risk management and operational management within individual areas of responsibility are integrated. Each operation reports regularly to the relevant board risk committees and to the Group. Operational chief executives have defined key performance indicators for ensuring that the Group risk management framework is implemented and that risks are well managed.

back to top

Risk Identification

Risks are continuously identified through focused discussion and the use of a robust risk model.

MTN’s risk model (overleaf ) ensures that all operations consider the same types of risk but in the context of their own operating environments. Risk scenarios relating to these risk types are identified, considered, debated and prioritised according to their impact on the organisation. Appropriate response strategies are integrated into operational management.

back to top

MTN Enterprise Risk Model

Political/environment Financial Market/pricing/customer Technology Operations
Political instability
International pressure
Natural hazards
Interest rates
Repatriation of earnings
Market research
Product development
Advertising and promotion
Customer service
Customer management
Pricing of products/services
Service level support
Process and data integrity
Process flow effectiveness
Process capacity
Billing and collections
Supply chain relationships
Distribution channel
Quality control
Service level support
Revenue assurance
Strategic and structural Reputation Human resources Continuity/interruption Information
Strategic planning and execution
Governance structure
Organisational structure
Policy development
Project management
Product quality
Customer service
Financial reporting
Regulatory compliance
Social responsibility
Governmental relations
Customer privacy
Electromagnetic radiation
Training and development
Skills and experience
Key dependencies
Employee actions
Performance management
Systems failure
Network failure
Data loss
Natural disasters
Loss of facilities
Loss of people
Legal and regulatory   Cultural    
Regulatory change
Employment compliance
Contractual liabilities
Privacy and confidentiality
  Ethics and values
Goal alignment
Change readiness

back to top

Risk Evaluation

Risks are evaluated for their potential impact on the organisation and probability of occurrence.

The impact of risks is assessed on quantitative and qualitative guidelines. Inherent risk and residual risk factors are calculated based on these assessments. Risks are classified as either strategic or business risks, depending on their impact on the organisation:

  • Strategic risks are monitored by the executive committee and the board
  • Business risks are managed and monitored by operational management

back to top

Response Strategies

Response strategies are developed or reconfirmed for key risks.

Responses are determined by considering the risk appetite of the relevant operation as well as the inherent impact and probability of occurrence of each risk. Response strategies depend on the nature of the risk and may often combine various actions, including insurance, outsourcing, risk avoidance or active risk management through people, processes and systems.

The cost of risk mitigation is considered in determining response strategies. Certain risks are accepted based on their impact to the organisation and the Group risk appetite. Risks such as political, economic, currency and regulatory are largely beyond MTN’s control and mitigation is limited to responsive actions to counter their impact. This could include continuous monitoring, compliance, insurance, diversification, hedging or acceptance of the risk.

back to top

Monitoring and Reporting

Continuous monitoring and regular reporting of risks take place.

In addition to the risk management structures detailed earlier, internal audit provide independent assurance of a sound risk management framework across the MTN Group.

Risk management software in each operation assists management with recording and evaluating risks and controls, tracking mitigating strategies and reporting to the various risk management structures.

A key reporting forum is the quarterly operations review, where operational chief executives report on the status of the top risks in each operation. 

Key Strategic Risks

The table below summarises those risks assessed as key strategic risks because of the impact they could have on the organisation if not well mitigated. The risks are not listed in order of priority or severity.

back to top

Operating environment risk
Description Response strategy/control measures
MTN has expanded its business into various countries in recent years. The Group is planning to continue its expansion programme.

The possibility of a change in the stability of the operating environments and the impact on MTN’s profits and strategic objectives is an inherent risk to a company such as ours which operates in varied markets.

The operating environment in most of the countries in which we have operated to date has been stable. However, our entry over the past year into Côte d’Ivoire, Republic of Congo (Brazzaville) and Iran in the Middle East could increase our perceived political risk profile.

Continuing sporadic instability in the DRC could impact the operating environments in Rwanda and Uganda, which have generally been stable.

In Côte d’Ivoire, the UN and AU-sponsored peace negotiations have been threatened by sporadic violence. This is as a result of the respective political forces not yet having reached a peaceful resolution. Elections are due to be held in 2006.

Instability is expected to continue in the short to medium term until a solution is found.

In the Middle East, tensions between Iran and the major Western powers, mostly centring around nuclear issues, have heightened. Should the UN proceed with the imposition of sanctions against Iran, it could increase the operational challenges expected in a start-up operation of this nature.

  • Extensive due diligence assessments are performed before investments in new countries are finalised
  • Operations are sufficiently ring-fenced to limit the systemic risk from possible failure in operations
  • Continuous monitoring and re-assessment of the political environment in operating countries
  • Corporate citizenship and social responsibility programmes in each country
  • Relationship management with governments and regulators
  • Careful selection of business partners

Current areas of focus

Republic of Congo (Brazzaville)

Côte d’Ivoire


back to top

Regulatory risk
Description Response strategy/control measures
The telecommunications industry, in South Africa and the other countries in which we operate, is highly regulated. Regulatory changes in tariffs and licence conditions might affect our business.

Sudden, unexpected changes in regulation could put our business at risk, especially in countries where regulatory bodies are not fully formed or are under-resourced.

  • Strict compliance with regulations
  • Legal and regulatory compliance functions in each country
  • Active participation in establishing regulatory frameworks
  • Active participation in regulation and rule-making procedures
  • Policy-lobbying actions at legislative, executive and ministerial level where appropriate
  • Relationship management with governments and regulators
Specific regulatory risks include:
South Africa

The Convergence Bill, to be promulgated as the Electronic Communications Act, could have an impact on all telecoms companies, particularly on the types of services to be provided and the tariffs for these services.

Mobile number portability will come into effect in June 2006. Network operators will have to allow subscribers to change from one service provider to another while retaining their existing cellphone numbers. This could affect subscriber churn of all operators either positively or negatively depending on customers’ view of the quality of service.

  • Adapting business models to mitigate impact and take advantage of business opportunities
  • Working on various strategies to reduce dependence on interconnect
  • A continuous focus on customer service and other initiatives to mitigate the potential impact of number portability

The introduction of a unified licence regime in Nigeria is expected in the short to medium term. This will allow operators like MTN the authority to expand the services provided in Nigeria. These could include fixed-line services, international gateway and long-distance services. This will open up the market to more competition but is also an opportunity for MTN.

Interconnect rates are currently being reviewed by network operators and the local regulator.

  • Participation in the regulatory process to introduce the regime
Cameroon and Uganda

Regulatory changes might result in more competition being allowed into these markets.

  • Continuous efforts to grow market share ahead of new competition
Other operations

Various regulatory changes with a medium to low potential impact on the Group.

Current areas of focus

Electronic Communications Act in South Africa.

back to top

Marketing and pricing risk
Description Response strategy/control measures
Marketing and pricing risk refers to the risk of losing market share or the possibility of price erosion in countries where we operate. This could result from current competitor actions or the entry of new competitors into the market.

Markets in all countries are highly competitive and likely to become more so.

  • Marketing and brand-building strategy
  • Constant market research and environment scan
  • Customer feedback and customer service
  • Innovative and proactive product design and speed to market
  • Quality coverage with maximum availability
  • Focus on customer service
  • Deeper penetration of entry-level market through “low costs/no frills” offerings
  • Least-cost operator initiatives to improve capex and opex management and overall efficiency
MTN’s mature South African business is well established and focused on maintaining and growing market share. With the liberalisation of the market and the entry of new competitors, competition has become fierce. As a result, pressure on profit margins is increasing. There is also growing pressure from the regulator to reduce telecommunications costs.

In Nigeria, aggressive competition has caused prices to fall, which, together with below-inflation tariff increases, has put pressure on margins. The business has, however, still grown beyond expectation.

In Côte d’Ivoire, Zambia and Republic of Congo (Brazzaville), we aim to establish the MTN brand as soon as possible. Barriers to entry in these markets are relatively high.

Failure to achieve our objectives could result in underperforming investments.

In other African countries, continuing to grow market share will remain a key focus.

However, the probability of new competition entering these markets is high.

  • South African operations have been restructured to provide differentiated products to the various market segments

back to top

Technology risk
Description Response strategy/control measures
Emerging technology in the telecommunications industry involves the convergence of traditional voice and data into the so-called third- and fourth-generation wireless broadband technologies.

Technologies such as 3G and WiMax offer both opportunities and risks to MTN. They allow new entrants into the market at a low cost of entry.

The data market in particular is an opportunity for growth.

  • Continuous research into emerging technologies and their impact on the market
  • Market analysis
  • A strategy to ensure that the right technology is provided at the right time
  • Maintaining a balance between the implementation of the newer, operationally more efficient technologies and the optimisation of current technologies
  • Organisational agility and speed to market
  • In-house development teams
  • Project management and change management processes
Increased competition is likely in the 3G market, particularly in South Africa where our competitors are investing heavily.
  • 3G roll out strategy
Network performance risk in Nigeria has reduced significantly over the last year, but remains a concern.
  • Continual improvements to the network
  • Optic fibre backbone rollout in Nigeria to improve network performance
Licence conditions in Iran include fairly rapid network roll out obligations. Failure to meet these obligations could result in MTN being in breach of our licence conditions. The consequences could include penalties and reputational damage.
  • Full roll out project and team on the ground in Iran with a defined critical path to achieve licence conditions

Current areas of focus

3G expansion in South Africa

Network roll out in Iran

Network improvements in Nigeria

back to top

Reputational risk
Description Response strategy/control measures
Reputational damage to the MTN brand could be caused by various factors, including:
  • Poor product development
  • Poor customer service
  • Over-pricing of products or services
  • Fraud or corruption
  • Financial misstatement
  • Non-compliance with regulations
  • Insensitivity to local issues
  • Inadequate social responsibility programmes
  • Leakage of confidential customer information
  • Electromagnetic radiation
  • Group marketing and brand management
  • Corporate communications
  • Mature product development processes
  • Stable networks and disaster recovery plans
  • Constant market research and environmental scans
  • Strict compliance with regulations
  • External and internal audits
  • Risk management processes
  • Information security/handling processes
  • Compliance with WHO standards

Current areas of focus

Enhancement of information security and handling processes in line with various regulations.

back to top

Relationship and partnership risk
Description Response strategy/control measures
MTN’s business partners and shareholders in subsidiaries fulfil an important role in establishing good relations with local regulatory bodies and our customer base, and are a key strength.

A breakdown in these relationships or loss of financial strength by current partners could have a negative impact on our business or cause reputational damage.

  • Careful selection of partners and shareholders
  • Shareholder representation on the board of each operation
  • Comprehensive shareholder agreements
  • Regular interaction and discussions between local shareholders/directors and the MTN Group

back to top

Financial risk
Description Response strategy/control measures

Compliance with relevant tax laws in the countries in which the Group operates is of paramount importance. Non-compliance or significant changes in tax legislation could have a meaningful impact on the Group.

  • Strict compliance with local tax laws
  • Group tax function to advise and ensure consistency
  • External and internal audits
  • Use of external tax advisers whenever necessary
  • Lobbying/influencing changes in tax laws
Repatriation of earnings

Changes in regulations or fiscal policies regarding repatriation of earnings to South Africa in the countries in which we operate could have an impact on the Group.

Although this risk is closely linked with political risk, it requires different mitigation strategies and is treated as a separate risk. Payment of management fees from operations as well as dividends from operations have flowed as intended.

  • The Group endeavours to invest in countries where the regulatory/exchange control framework is such that foreign direct investment and repatriation of returns are allowed at the time of investment. This aspect is a key consideration before investment decisions are finalised. Changes in regulations are closely monitored
  • Compliance with import, export, foreign investment, foreign exchange and tax regulations in each country
  • Legal and regulatory compliance functions in each country
  • Ring-fencing of operations as far as possible to limit the impact of possible failure in operations

Procurement risk refers to the risk of fraud and wasted expenditure as a result of inadequate procurement practices and lack of proper controls over capital expenditure.

  • Procurement policy and supporting procedures
  • A Group procurement function
  • Implementation of supply chain management best practice, which includes strategic sourcing processes
  • Formal tender processes
  • Preferred supplier list
  • Delegation of authority structures
  • Budgetary control
  • Anti-fraud strategy
  • Gift policy addressing the declaration and acceptance of gifts from suppliers
  • Compliance with BEE requirements in South Africa and localisation requirements in other countries

This risk refers to potential losses caused by currency fluctuations in our operating countries.

Currency devaluation is outside MTN’s control and response strategies are limited to mitigating the impact of short-term devaluations.

  • Hedging strategies to reduce the impact of short-term devaluation, within the constraints of exchange control regulations
  • Transferring some risk to suppliers by negotiating pricing in local currency
(Refer to the Chief Financial Officer’s report here for more detail on currency risk.)
Credit risk

This risk refers to potential losses relating to the recoverability of debts owed to MTN by customers or trading partners.

Credit risk from subscribers is not a significant risk due to MTN’s large prepaid customer base. Collectability of postpaid debt is under control.

The recoverability of interconnect debt from other operators in certain of MTN’s operating countries has been problematic. This has, however, not had a material impact on the Group.

  • Credit vetting and control processes on postpaid subscribers
  • Debt management processes
  • Constant focus on interconnect collection
  • Constant liaison with interconnect debtors and governments
Revenue assurance

Revenue leakage as a result of process or information systems inadequacies is a risk.

  • Revenue assurance processes are in place in major operations, but require improvement

This is the risk of financial loss due to fraudulent acts by staff members or subscribers or collusion by top management and staff.

  • Focus by Group forensic department on fraud investigation and prevention
  • Zero tolerance policy in our operations
  • Fraud hotlines in place in most operations
  • Fraud prevention strategies

Current areas of focus

Enhancement of revenue assurance processes.

Improvement of fraud prevention strategies.

Interconnect debt.

back to top

Investment risk
Description Response strategy/control measures
Given the high upfront investment required in the mobile telephony business, it is crucial that investment decisions are based on proper due diligence studies and that the risk involved is understood and factored into risk/return calculations. Failure in this regard could result in significant losses to the Group. (MTN’s bids for licences in Africa and the Middle East have been based on these principles.)

As a company with a vision to be the leading telecoms provider in emerging markets, it is of vital importance to exploit opportunities in these markets while balancing reward and risk.

  • Continual economic and political risk assessments, in co-operation with external consultants
  • Market research to assess market size potential
  • Financial impact assessment
  • Detailed business plans
  • US dollar-based return requirements
  • Assistance from financial advisers including international investment banks where required
  • Board approval process supported by investment steering committee

back to top

Human resource risk
Description Response strategy/control measures
The rapid expansion of the Group is putting pressure on available human resource capacity as well as on the depth of management in some operations.

An inability to attract, develop and retain the right staff could adversely affect the Group’s performance.

  • Group human resource function
  • Integrated performance management and development programmes
  • Individual development plans
  • Bonus incentive and share option schemes
  • Succession planning
  • The Y’ello Leader Academy, geared to developing leadership skills in the Group

Current areas of focus

Specific recruitment programmes to staff new operations.

Redeployment of expatriates from current to new operations.

Restructuring Group functions to meet future needs.

back to top

Physical and interruption risk
Description Response strategy/control measures
Network quality and availability

A key inherent risk is the unexpected failure of networks or their components due to disasters, hardware or software failure, sabotage, etc. Intensive proactive management of this risk in all operations is crucial.

  • Network planning
  • Proactive maintenance
  • Network management centres in each operation
  • Continuous and controlled upgrade of network equipment and software
  • Disaster recovery and business continuity plans, including network redundancy measures
  • Service-level agreements with suppliers
  • Continuous research into technology changes
  • Physical security protection of network infrastructure
  • Insurance on assets and revenue for specific insurable risk exposures
Information systems

MTN depends on information systems to ensure excellent customer service, accurate billing and financial management of the business.

Control over information systems to ensure availability and continuity, confidentiality of information and data integrity is crucial. Failure of these mechanisms could result in significant losses.

  • Information technology governance processes, including:
    • disaster recovery plans
    • capacity management
    • information security processes

Current areas of focus

Focus on single points of failure in newer operations.

back to top

Governance risk
Description Response strategy/control measures
Poor governance practices could result in financial losses and reputational damage to the Group.
  • Focus on governance in all operations
  • Operational management
  • Operational policies and procedures
  • Risk management and corporate governance committee (board sub-committee)
  • Risk and audit committee for each country operation
  • Risk management framework for the Group and all operations
  • Code of ethics
  • Group risk management function
  • Internal audit functions in each operation as well as at Group level
  • External audits

Current areas of focus

New operations in Côte d’Ivoire, Republic of Congo (Brazzaville), Zambia and Iran are currently being brought into the Group’s governance structures.

back to top