Logo

Managing risks and compliance

Telkom continues to execute a solid, flexible and resilient risk and compliance strategy that supports our strategic objectives. Our operating environment – together with unprecedented opportunities and significant, poorly understood threats – requires the Group to balance risks and rewards and constantly monitor strategic risks.

When reviewing the Group’s risks and opportunities, Telkom considers internal and external contexts and the adequacy of key controls and existing regulatory framework controls. We monitor the effectiveness of risk and compliance to identify improvement areas, and track risk metrics to ensure significant efforts are made to mitigate risks.

Maintaining and continuously improving our risk management capabilities is important for strengthening the Group’s performance. We use control self‑assessment exercises and compliance control validation reviews to determine the effectiveness of our risk and compliance management processes. Annual risk and compliance reviews are conducted to ensure we meet the King IV requirements. Any undue or unexpected risks, and those risks outside of our tolerance level, are reported with the necessary mitigating actions.

Risk and compliance management governance

In our dynamic and highly competitive industry, ERM is a strategic imperative. Our ERM framework is meticulously designed to navigate a myriad of risks inherent to the business, from technological advancements and regulatory changes, to cyberthreats and market volatility.

Our ERM strategy is underpinned by a robust governance structure, ensuring that risk management is seamlessly integrated into our strategy and operational processes. All business units, supporting functions, processes, projects, and other controlled entities are subjected to the ERM framework.

According to their mandates, Telkom’s governance structures continued to support risk and compliance management across the Group. There were no material changes during the year.

           
  Board  

Oversees risk and compliance across the Group. Provides an integrated approach to governance and management of risk and compliance, supported by a risk and compliance operating model aligned with Telkom’s business model.

 
       
  Risk, Audit and
Social and Ethics
Committees
 

Monitor and advise the Board on risk and compliance, laws and regulations.

 
       
  Group Exco  

Integrates risk and compliance management, systems, and people across the Group.

 
       
  Integrated Governance,
Risk, Compliance and IT
Steering Committees
 

Assess risks and resulting opportunities within the agreed risk framework. Reduce the impact of regulatory risk by driving compliance awareness for all applicable laws, regulations, and supervisory requirements.

 
       
  Group risk, compliance,
business continuity
management
 

Set policies and standards and provide oversight and control.

 
       
  ERM forum  

Shares best practices and knowledge and monitors key risks and mitigation plans.

 
       
  Business unit
assurance forum
 

Affects the ERM framework through effective risk and compliance management and combined assurance to optimise risk taking.

 
       
  Business unit risk and
compliance management
Business unit
management
 

Implement the risk, compliance and business continuity management policies, standards, and frameworks. Apply and maintain the compliance risk registers, identify mitigating controls, implement action plans and operationalise the business unit assurance forum. All business units’ Excos are accountable for managing risk and compliance within the approved delegation of authority (DoA).

 

The Board committed the Group to an ERM process aligned to the King IV principles, the Committee of Sponsoring Organisations Integrated Enterprise Risk Management Framework, ISO 31000 Risk Management Guidelines, and Control Objectives for Information and Related Technologies Framework.

ERM is an independent function within Telkom that sets out to achieve the following key objectives:

All critical risks and opportunities are identified Group-wide and are managed and monitored under a holistic approach consistent with the Risk Committee’s approved risk appetite statement.

The ownership of risk is assigned to management individuals who are responsible for identifying, evaluating, mitigating, and reporting risk exposures.

The Board, Risk Committee, Group Exco and management have reasonable assurance that all risks and opportunities are being appropriately managed and/or explored within defined governance levels to bring value to Telkom.

The Risk Committee oversees the activities of ERM and is kept abreast of these by management. The Committee also oversees management’s activities to ensure the ERM framework is embedded and adhered to. In managing and dealing with the Group’s risks, Telkom continues to ensure:

  • There is effective risk management as it is key to the Group’s sustainability and underpins our long-term relationships with customers and other stakeholders
  • Risk and opportunity management is clearly and consistently integrated into Telkom’s culture and managed according to best practice
  • People, processes and technology support the strategy, underpinned by governance, risk and compliance requirements
  • Group-wide interdependencies are recognised in enhancing business resiliency by anticipating, observing and responding to the macro- and micro-environments
  • Management’s conscious effort to manage risks ensures the business fulfils its mandate and that there is collaboration among all internal structures
  • The importance of an integrated, proactive and continuous approach is appreciated across all structures
  • Potential reputational risks are managed to ensure that key stakeholders’ needs and expectations are well comprehended and managed

Improvements in FY2024

We aligned out ERM risk assessments with the Telkom strategy and business plan while supporting the OneTelkom mindset. This was done in collaboration with other business units. We also reviewed the risk appetite and tolerances, which are aligned with Telkom’s business drivers. These were approved by the Risk Committee and are implemented and monitored on an ongoing basis.

We are progressing satisfactorily with the ERM strategy, and have made key improvements as part of our journey to becoming a risk-intelligent Group.

To ensure a risk culture is embedded, we promoted Group-wide business continuity awareness through different channels, including live broadcasts.

We identified and reviewed ESG-specific risks and presented them to the ESG Council and governance structures. As part of this, we conducted risk assessments at different regions to establish potential climate change threats and Telkom’s readiness to respond to adverse weather events (see Natural capital). This will help the Group make progress in achieving its ESG strategy.

We also assessed reputation risk, with the outcome of the assessment to be concluded in the first quarter of FY2025 (see Intellectual capital).

Industry collaboration

Telkom continued to share with and learn from the telecommunications industry by participating in conferences.

We also participate in the Communication Risk Information Centre. The centre facilitates the management of risks affecting the telecommunication industry in South Africa, and includes Telkom, MTN, Vodacom, Cell C and Liquid Telecommunications. Among the key risks and challenges being addressed are loadshedding, cybersecurity, physical security and other threats to business continuity.

Telkom participates actively in all the important streams to ensure collaborative efforts to mitigate these threats to the industry.

Business continuity management

The ERM plan for FY2024 focused on strengthening business resilience. The response plans and governance structures were reviewed and communicated, including the crisis communication handbook.

Telkom is committed to collaboration principles, maintaining communication services under adverse conditions, and supporting local and national governments should a crisis arise. The Group ensures that its infrastructure, business processes, and emergency management procedures are flexible enough to protect key stakeholders’ interests and our reputation and brand.

Telkom proactively managed operational risks relating to transformational changes, such as the implementation of S189 which started in FY2023 and continued into FY2024, and did not experience significant events, such as labour unrest. The Group ensured there was minimal disruption of operations or network infrastructure. We conducted a scenario analysis to prepare for the possibility of major events such as national grid failure.

The Group is exposed to certain risks (listed on the next page) relating to events that are already happening or are imminent or inevitable. These risks significantly affect business-as-usual operations and strategy execution, which could have immediate and long-term impacts on the achievement of Telkom’s strategic goals.

Disaster management and response structures, such as the Group Emergency Management Team and the Regional Emergency Management Teams, continue to manage crises effectively. In FY2024, the teams managed:

Power outages and loadshedding

Disruptions due to power outages impair service delivery and erode customer trust, potentially leading to significant financial losses and reputational damage.

Loadshedding continued in FY2024 due to Eskom’s inability to meet demand. However, Telkom managed seamless transitions to alternative power supplies.

Telkom has business continuity and response plans and Emergency Management Teams in place to ensure continuity of service and customer experience through different loadshedding stages. We actively engage ICASA, Eskom, the National Disaster Management Centre, the Communication Risk Information Centre (COMRiC), the Association of Communications and Technology (ACT) and other industry bodies to address loadshedding issues.

The Group is investing in renewable energy sources that will provide greener alternative power and reduce reliance on the national grid. The energy strategy focuses on solar power and lithium-ion batteries, quad generation and hydrogen fuel cells, smart real estate, and heating, ventilation and air-conditioning (HVAC) optimisation.

Severe/extreme weather conditions

Telkom effectively dealt with extreme weather events, avoiding material damage to infrastructure and people due to the controls in place. However, our infrastructure remains at risk of damage and destruction given the increased frequency of events such as extreme heatwaves, heavy rainfalls, storms, excessive lightning, and floods.

Telkom embarked on a disaster risk assessment project nationally to unpack extreme weather threats and impacts on employees, operations, infrastructure and network performance. We foresee this risk continuing and have also placed it on our list of emerging risks.

Water supply challenge

Water supply is a challenge for various municipalities due to ageing infrastructure and drought in some areas. This could have adverse effects on Telkom’s operations and employees. Telkom uses regional assessments to establish the extent of this risk and identify plans to proactively manage it.

Emerging risks in FY2024

Telkom continued to monitor and assess the identified emerging/external risks and opportunities it feels might impact the Group.

Emerging risk   Description
Cost of living crisis  

Inflation and high interest rates continue to drive up costs for consumers and enterprises. Consumers’ disposable income has reduced significantly, exacerbated by high unemployment, slow economic growth and loadshedding.

All these factors lead to reduced spending on Telkom products and services. In response, Telkom focuses on innovative products and services that contribute to revenue generation in challenging economic times.

2024
international and national elections
 

Elections can have profound impacts on the telecommunications industry, shaping policies, regulatory environments and market dynamics.

The 2024 national elections come with uncertainty, which could lead to social and political tension, civil unrest, inefficient and unstable government, and policy uncertainty.

Telkom will monitor developments and adjust its strategies to manage any threats or opportunities that may arise after the elections.

Our strategic risks

Telkom reviewed the Group’s strategic risks based on three dimensions:

1
Macro-environmental risks likely to impact Telkom’s growth opportunities, such as economic conditions and the capability to access funds.  
3
Operational risks with the potential to impact critical operations, such as increased cyberattacks or supply chain disruptions.
2
Strategic risks with the potential to affect Telkom’s business strategy/objectives. These are uncertainties or opportunities that could affect decision-making. They are crucial matters that the Board, shareholders and investors should be concerned about in relation to strategic intent.     Telkom identified the strategic risks in the context of its financial and non-financial strategic objectives. Most of the risk ratings decreased due to improved mitigating actions; others remained the same due to changes in the macro-environment, specifically relating to the negative global economic outlook.

The enterprise risk management and compliance report details Telkom’s material risks according to the governance requirements contained in the JSE Listings Requirements. This report is available online.

The risk heatmaps alongside reflect the residual risk rating, which considers the mitigation controls in place.

The following risk dashboard reflects the movement of strategic risks between FY2023 and FY2024. In FY2022 and FY2023, Telkom reported on the strategic risk of “Unstable and unpredictable regulatory dispensation”. This risk was moved to the operational risk register in FY2024 as it is managed as business as usual with a satisfactory control environment.

  Description Residual risk
exposure
  Trend Reason for risk movement    
    FY2023 FY2024        
1
Market forces and disruption exacerbating competition pressures Very high High The OneTelkom mindset aims to increase competitive ability.    
2
Inability to attract and retain a suitable, resilient and healthy workforce to service and support the changing ecosystem Very high High Telkom is implementing programmes which will contribute to attracting and retaining critical talent.    
3
Increased focus and scrutiny on ESG matters High High There is progress on the ESG strategy and the maturity assessment actions are expected to reduce this risk.    
4
Financial sustainability Very high High Telkom financial performance in terms of revenues and EBITDA has improved compared to FY2023.    
5
Macro-environmental instability Very high Very high The macro-environment is challenged by factors such as geopolitical tensions and economic outlook.    
6
Inability to manage and meet material stakeholder expectations New Medium This risk was raised in FY2024 and improved throughout the year because key stakeholders are engaged systematically and effectively, although the stakeholder engagement framework is still in progress.    

Movement in our strategic risks compared to FY2023 reporting

Risk exposure remained constant Risk exposure deteriorated
Risk exposure improved New risk
Descriptions FY2024
numbering
FY2023
numbering
Market forces and disruption exacerbating competition pressures 1 2
Inability to attract and retain a suitable, resilient and healthy workforce to service and support the changing ecosystem 2 3
Increased focus and scrutiny on ESG matters 3 4
Financial sustainability 4 5
Macro-environmental instability 5 6
Inability to manage and meet stakeholder expectations 6
Unstable and unpredictable regulatory dispensation 1
Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
1
Market forces and disruption exacerbating competition pressures

Telkom operates in a competitive and rapidly changing market. Increases in technological innovation, market deregulation, customer expectations, and new entrants in the connectivity space exacerbate this risk, putting pricing and product offerings under pressure.

Failure to respond swiftly to competitive threats could negatively impact the Group’s prospects, including its market share, relevance, revenue growth and profit margins.

 
  • Continuously monitor the market and competitive landscape, using AI to gain further insights
  • Develop product offerings that appeal to customers and explore upselling opportunities
  • Develop and implement adaptive strategies focused on innovation
  • Investigate strategic partnerships to increase competitive advantage
  • Continuously implement and enhance our employee value proposition to ensure the competition does not poach critical employees
  • Invest in technology that ensures agile and speedy solution delivery
  • Continuously identify and address operational inefficiencies
 

Telkom faces various market forces and disruptions that exacerbate competition pressures.

Competitors are leading market developments in market segments in which Telkom operates, i.e. IT, technology, enterprise, mobile and fibre. Telkom is implementing various strategies to maintain its market position and ensure sustainable growth.

To circumvent the competition, Telkom is working on several innovative digital solutions suitable for our market segments.

Our competitiveness can be improved by empowering the customer service teams, reviewing product design methodologies, fast‑tracking IT transformation, aggressively leveraging fibre assets and expanding the cloud services offering.

Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
2
Inability to attract and retain a suitable, resilient and healthy workforce to service and support the changing ecosystem

The world is undergoing several changes related to how companies work, hybrid working models, customer behaviours, and technology trends. This requires talent that can provide a sustainable competitive advantage. Failure in this regard could result in loss of competitive advantage, increased employee costs and delays in achieving the Group’s strategy.

 
  • Continuously implement the culture transformation journey
  • Review and implement the recruitment strategy to meet the demands of the business while allowing flexibility to the workforce to align with market demand
  • Develop and implement change management processes to keep up with the pace of change and enable a robust working environment
  • Implement future skills programme
 

This risk remains material due to the uncertainty associated with Telkom’s performance compared to competitors, restructuring, and shortage of scarce skills, i.e. AI, data science and other skills.

Telkom continues to implement measures to reduce the impact of this risk. These actions include the learning programmes, future skills development, OneTelkom culture and associated values, and maintaining a hybrid work approach.

Telkom was awarded Top Employer status in 2024. This contributes positively to Telkom’s brand as well as its ability to attract and retain talent.

The key risk indicators (KRIs) for staff turnover are within tolerable levels.

Considering the positive developments experienced in FY2024, the risk was reduced from Very High to High.

See Human capital for more on our HR practices.

Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
3
Increased focus and scrutiny on ESG matters

Increased focus on ESG matters is due to the fast-growing importance of sustainability matters in society, including increased awareness of climate change, social inequality, and corporate misconduct. This could impact Telkom’s financial sustainability and reputation and limit access to opportunities.

 

 
  • Implement the ESG strategy with defined roles and responsibilities
  • Continuously identify and monitor ESG risks
  • Continuously improve ESG maturity
  • Conduct climate risk assessments in all the regions
 

Telkom is progressing on the ESG strategy.

KPMG conducted a maturity assessment of Telkom’s ESG journey in January 2024, and gaps were identified to move from “managerial” to “strategic”. The following will be prioritised:

  • Conduct a stakeholder needs assessment in respect of ESG to align efforts with expectations
  • Expand ESG risk profiles at Telkom business unit level
  • Set risk appetite levels in respect to ESG
  • Conduct a double materiality assessment
  • Conduct benchmarking on ESG reporting

Although progress has been made on these initiatives, this risk remains High as some expected deliverables have not yet been completed.

Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
4
Financial sustainability

Maintaining financial capacity is crucial to sustain and grow operations while building financial resilience to manage unforeseen economic events. This risk is due to:

  • A depressed economic environment
  • Insufficient liquidity and/or cash flow deterioration
  • Inability to generate free cash flow
  • Customers not paying on time
  • Unsustainable leverage ratios
 
  • Monitor our Sustainable Cost Management Programme
  • Launch new products to drive revenue
  • Continue with cash release initiatives, such as the Supply Chain Finance Programme
  • Maintain adequate debt headroom and disciplined capital allocation, with flexible capex investments and secured debt facilities
  • Maintain a sound governance framework that ensures transparent financial and operational frameworks and supportive credit ratios
 

This risk abated in FY2024 due to improved financial performance, as set out in the GCFO’s report on financial performance.

From a macro perspective, there was no meaningful economic growth and loadshedding was experienced in most of FY2024.

Telkom experienced growth in revenue and EBITDA as compared to FY2023. Free cash flow also improved in FY2024. There was sufficient headroom in terms of working capital facility.

For this improvement to be sustainable, Telkom should continue to explore other revenue streams to reduce operational costs and improve profitability.

Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
5
Macro-environmental instability

Socio-economic challenges impact consumers’ quality of life and influence their attitudes, behaviours and preferences. Since consumers are critical to the Group’s success, this instability could lead to levels of profitability and cash generation that are unsustainable. It could also impact our shareholders’ perspective on the Value Unlock Strategy and future growth.

 

 
  • Formulate and implement initiatives and frameworks aligned with the National Development Plan
  • Increase collaborative efforts with social agents and foster private-public partnerships
  • Strengthen corporate social responsibility initiatives
  • Continue to develop and implement a youth employment strategy
  • Monitor macro-economic indicators to guide financial decision-making and strategy execution
  • Monitor geopolitical developments and their effect on strategy execution and operations
  • Develop products and services which remain competitive to meet changing customer needs
 

Challenging economic conditions persisted throughout FY2024 due to slow economic growth and higher interest rates.

Added to this were a deteriorating fiscal situation, unemployment and loadshedding.

Existing and emerging geopolitical conflicts will continue to exacerbate the macro-environmental instability. These factors could lead to social unrest, impacting distribution and trade. The upcoming elections heighten this risk.

Most of these factors are out of Telkom’s control. However, we can ensure that our products and services are competitive enough to meet changing customer attitudes and behaviours.

There are also opportunities to offer products and services to improve the economy, and to partner with communities to address social issues such as the digital divide and growing SMMEs.

Risk definition   Mitigating activities and monitoring   Assessment rationale and opportunities arising from managing risks
6
Inability to manage and meet material stakeholder expectations

Inability to meet stakeholder needs and expectations could result in:

  • Diminished reputation
  • Loss of trust, investor confidence and access to capital
  • Customer dissatisfaction, loss of market share, and diminished brand reputation
  • Public backlash and potential boycotts of our products and services
  • Low employee morale, decreased productivity, and increased employee turnover rates
 
  • Review and enhance the stakeholder management framework
  • Implement effective communication strategies to manage and align expectations
  • Continuously monitor and track performance against stakeholder expectations, creating opportunities to revise plans, collect feedback and adapt to evolving needs to ensure alignment

Read more in the Stakeholder chapter.

 

Telkom identified this risk due to the lack of an effective integrated stakeholder engagement framework, which could result in a siloed approach to stakeholder engagement. This could have an impact on the achievement of strategic objectives, financial performance, and reputation among external stakeholders.

In FY2024, Telkom focused on the following stakeholder matters:

  • Customers: strategy alignment across the Group to ensure customer experience as a key priority across the customer journey and value chain
  • Employees: focused on initiatives supporting employee experience, collaboration, innovation, performance, and training and development
  • Suppliers and business partners: implementation of ESG assessments for suppliers

The stakeholder engagement framework is currently being reviewed and enhanced and will be approved in FY2025.

Compliance governance and oversight

Telkom recognises the pivotal role of compliance in maintaining the integrity and sustainability of our operations within the dynamic industry landscape. We commit to full compliance with all applicable laws and regulations, and support the application of non-binding codes and standards, to foster stakeholder trust and ensure the Group’s long-term viability.

The Board, through the Group Risk Committee, oversees compliance risk management and internal controls to ensure compliance with legislation. We have a specialised team that oversees our compliance landscape, ensuring that regulatory obligations are met and that we stay ahead of emerging legislation and regulations.

We have zero tolerance for regulatory non-compliance, fraud, bribery, and corruption. We are committed to meeting all applicable compliance requirements and fulfilling all disclosure and reporting obligations to maintain our reputation.

Focus areas

The compliance programme focused on:

  • Overseeing implementation of the employment equity plan and tracking of sector-specific targets introduced by the Employment Equity Act amendments. We appointed and onboarded new employment equity forum members
  • Monitoring the Tobacco Products and Electronic Delivery Bill developments
  • Monitoring the impact assessment of the Taxation Laws Amendment Act and Tax Administration Laws Amendment Act

We confirm that no material or repeated regulatory penalties, sanctions, or fines for contraventions of or non-compliance with statutory obligations were reported in FY2024.

This stringent compliance regime supports our combined assurance approach through our three lines of defence and regular reporting. The compliance function also reports to the IT governance structures and the economic crimes forum on data privacy, cybersecurity, and potential areas of non-compliance.

The Group Exco annually reviews and approves the regulatory universe derived from our risk‑based approach. This is an important part of our due diligence, strategic planning, and risk management. It safeguards Telkom’s compliance posture and allows us to seize opportunities to drive innovation and growth within a sound regulatory framework. We also invest in comprehensive employee training to foster a culture of compliance and integrity.

The annual compliance plan supports the ERM strategy and objectives. It sets out plans to enhance the Group compliance culture and monitor compliance risk management. We provide quarterly compliance reports on the status of compliance deliverables to various governance structures, including the ERM forum, integrated governance risk and compliance forum, Risk Committee, and the Board. We appointed an independent assurance service provider in FY2024 to conduct a compliance maturity assessment. The results of the maturity assessment indicated that Telkom’s compliance environment is acceptable with areas of improvement identified.

We monitor and report on the effectiveness of controls to ensure compliance with the National Environmental Management Act and associated regulations. We implemented controls to ensure ongoing compliance with the Carbon Tax Act requirements, and continue to monitor developments relating to the sector emissions reduction plan and targets.

We have intensified efforts to protect personal information amid growing data privacy concerns. Compliance with the data privacy regulations was enforced through policies, regular audits and risk assessments.

We continue to play a proactive and influential role in the regulatory space. We believe active participation is essential for shaping a regulatory environment that fosters innovation, fair competition, and consumer protection. It also helps us to anticipate and adapt to new compliance requirements, reducing the risk of non‑compliance and associated penalties. Our involvement featured:

  • Advocacy for regulatory balance between safeguarding consumer interests and allowing flexibility to innovate and grow
  • Participating in dialogues with regulators and policymakers and contributing our expertise to draft policies that could impact the industry (e.g. RICA and the Cybersecurity Bill)

Challenges and remediation

We respect our customers’, employees’ and service providers’ personal information and are committed to ensuring that the personal information we handle is safeguarded. Data privacy threats have increased globally, and compliance with data privacy legal frameworks and information security standards is Telkom’s priority. Two instances of unauthorised access to personal information (FY2023: 2) were reported to the Information Regulator, with limited exposure. The business immediately enhanced the control environment.

We received five customer complaints (FY2023: 3) from the Information Regulator regarding direct marketing and unauthorised access to information. The business investigated all incidents, reported on the outcomes, and addressed the control environment.

Focus areas FY2025

  • Continue to align strategy, business plan and ERM activities
  • Integration and co‑ordination of all assurance activities through collaboration with other assurance providers
  • Continue to embed and monitor the risk appetite framework
  • Refine business continuity management strategies responding to all possible threats (e.g. climate change risk)
  • Implement the ESG maturity assessment recommendations
  • Monitor the Climate Change Bill developments, develop the compliance risk management plan and identify required controls
  • Monitor the National Heath Bill developments and the possible impact on remuneration contributions and general taxes
  • Integrate the compliance maturity assessment recommendations into the compliance strategy
  • Review the compliance risk management plans of the top 10 laws and update with additional obligations
  • Engage stakeholders to implement controls that will address the Cybercrime Act obligations for ICT service providers
Previous