Vodafone Group Plc Annual Report 2025 55
Strategic report
Governance
Financials
Other information
Principal risks and uncertainties Our principal risks
In today’s uncertain and volatile environment our business faces numerous risks. However, through robust processes and a strong risk culture, we effectively manage these challenges to achieve our strategic objectives. Governance and identifying our risks The Board has the overall responsibility for establishing and maintaining an effective risk management framework. They also advise on the level of risk we are willing to take in achieving our strategic goals. The Audit and Risk Committee (‘ARC’), on behalf of the Board, reviews and approves the Group’s principal and emerging risks. The risk function aims to integrate risk considerations into strategy execution, enabling informed decision-making across our business. See diagram (Overview of the risk governance structure) for an overview of the governance structure. The global risk management framework standardises the way in which risk is managed across our operations. Our end-to-end approach starts with risk identification. As part of this process, local markets and Group entities identify and evaluate risks to their local strategy. The Group risk team centrally assesses and challenges these risks. A comprehensive list of risks, along with external risk scanning findings and key risk drivers, are presented to the Directors and executives for analysis and identification of significant risks. The proposed principal (pages 55 to 57 ), watchlist, and emerging (page 58 ) risks are agreed by our Risk and Compliance Committee (‘RCC’) before being submitted to the ARC and the Board for review and approval.
Building strong foundations Managing risk is at the heart of business decision- making and supports our objective to build a strong foundation for future success. That is why we continue to mature our global risk management framework, promoting consistency across the markets in which we operate and enhancing our approach to managing risk across the Group. Over the course of the past year some of the key initiatives to evolve our global risk management framework included: – Updating our global risk management framework to align closer with international standards and good practice as well as to reflect the changes to our risk management process; – Review and refresh of our enterprise risk strategy with the aim to set clear future objectives and to prioritise key initiatives; – Conducting a maturity assessment of our risk management framework and processes; – Maturing the risk-based approach to assurance across the Group; – Enhancing the process for assessing risk appetite and tolerance for the Group principal risks; – Further evolving our approach to operational risk management across the Group, building a consistent framework for comparing risks; – Continuing a number of initiatives associated with ESG , including quantitative climate scenario analysis, materiality assessments and programmes related to our disclosure obligations; and – Strengthening the risk community across the organisation through a combination of digital and in-person training as well as risk awareness events.
Key changes to our principal risks: – The Adverse changes in macroeconomic conditions risk has increased due to the unpredictable nature of geopolitical events, which impact the global economy. – The Adverse market competition risk has increased due to the competitive activity in some European markets. – The Adverse political and policy environment risk has been replaced. Relevant content on politics and geopolitics will be reflected in other principal risks and as key risk drivers. A new risk, Adverse regulatory and policy environment , has been added to cover policy aspects. – The Disintermediation risk has decreased as we have strengthened relationships and partnerships with some large technology companies. – The Technology resilience and future readiness risk has been split between IT resilience and transformation and Network resilience and infrastructure competitiveness to provide better focus for our resilience and modernisation programmes. – As most of our large portfolio transformations are nearing completion, the Portfolio transformation and governance of joint ventures risk was changed to focus on the Governance and performance of investments and moved to the watchlist category.
Overview of the risk governance structure
Board/Audit and Risk Committee – Provide oversight for Vodafone Group – Discuss, challenge and make a robust assessment of principal and emerging risks – Embed appropriate risk culture throughout the organisation
Assurance functions Review and provide assurance over selected controls for the Group and local markets Internal audit Supports the Audit and Risk Committee in reviewing the effectiveness of the global risk management framework and management of individual risks
Group risk owners – ExCo risk owners have the accountability and responsibility for the management of the risks assigned to them – Risk champions identify and implement mitigating actions
Group risk team – Responsible for the application of the global risk management framework – Supports the Board/ExCo by creating programmes to strengthen our risk culture
Risk and Compliance Committee – Reviews principal, watchlist and emerging risks – Reviews effectiveness of risk management across the Group
Vodafone Group
Local oversight committees Provide oversight for the local risk management programme Discuss, challenge, and make a robust assessment of the local risks and significant operational risks Local market CEOs Set local objectives, identify local priority risks and align tolerance levels with the Vodafone Group guidance Approve and are accountable for the risk treatment options selected for their local risks Local risk owners Are responsible for local risks and the local risk programme to manage, measure, monitor, and report on the risks Local risk managers Are the contact point for each market/entity on risk, and facilitate all activities as defined by the global risk management framework
Local markets or Group entities
Powered by FlippingBook