Telkom continues to execute a solid, flexible and resilient risk and compliance strategy that supports our strategic objectives. Our operating environment – together with unprecedented opportunities and significant, poorly understood threats – requires the Group to balance risks and rewards and constantly monitor strategic risks.
When reviewing the Group’s risks and opportunities, Telkom considers internal and external contexts and the adequacy of key controls and existing regulatory framework controls. We monitor the effectiveness of risk and compliance to identify improvement areas, and track risk metrics to ensure significant efforts are made to mitigate risks.
Maintaining and continuously improving our risk management capabilities is important for strengthening the Group’s performance. We use control self‑assessment exercises and compliance control validation reviews to determine the effectiveness of our risk and compliance management processes. Annual risk and compliance reviews are conducted to ensure we meet the King IV requirements. Any undue or unexpected risks, and those risks outside of our tolerance level, are reported with the necessary mitigating actions.
In our dynamic and highly competitive industry, ERM is a strategic imperative. Our ERM framework is meticulously designed to navigate a myriad of risks inherent to the business, from technological advancements and regulatory changes, to cyberthreats and market volatility.
Our ERM strategy is underpinned by a robust governance structure, ensuring that risk management is seamlessly integrated into our strategy and operational processes. All business units, supporting functions, processes, projects, and other controlled entities are subjected to the ERM framework.
According to their mandates, Telkom’s governance structures continued to support risk and compliance management across the Group. There were no material changes during the year.
Board |
Oversees risk and compliance across the Group. Provides an integrated approach to governance and management of risk and compliance, supported by a risk and compliance operating model aligned with Telkom’s business model. |
|||||||
Risk, Audit and Social and Ethics Committees |
Monitor and advise the Board on risk and compliance, laws and regulations. |
|||||||
Group Exco |
Integrates risk and compliance management, systems, and people across the Group. |
|||||||
Integrated Governance, Risk, Compliance and IT Steering Committees |
Assess risks and resulting opportunities within the agreed risk framework. Reduce the impact of regulatory risk by driving compliance awareness for all applicable laws, regulations, and supervisory requirements. |
|||||||
Group risk, compliance, business continuity management |
Set policies and standards and provide oversight and control. |
|||||||
ERM forum |
Shares best practices and knowledge and monitors key risks and mitigation plans. |
|||||||
Business unit assurance forum |
Affects the ERM framework through effective risk and compliance management and combined assurance to optimise risk taking. |
|||||||
Business unit risk and compliance management Business unit management |
Implement the risk, compliance and business continuity management policies, standards, and frameworks. Apply and maintain the compliance risk registers, identify mitigating controls, implement action plans and operationalise the business unit assurance forum. All business units’ Excos are accountable for managing risk and compliance within the approved delegation of authority (DoA). |
The Board committed the Group to an ERM process aligned to the King IV principles, the Committee of Sponsoring Organisations Integrated Enterprise Risk Management Framework, ISO 31000 Risk Management Guidelines, and Control Objectives for Information and Related Technologies Framework.
ERM is an independent function within Telkom that sets out to achieve the following key objectives:
All critical risks and opportunities are identified Group-wide and are managed and monitored under a holistic approach consistent with the Risk Committee’s approved risk appetite statement.
The ownership of risk is assigned to management individuals who are responsible for identifying, evaluating, mitigating, and reporting risk exposures.
The Board, Risk Committee, Group Exco and management have reasonable assurance that all risks and opportunities are being appropriately managed and/or explored within defined governance levels to bring value to Telkom.
The Risk Committee oversees the activities of ERM and is kept abreast of these by management. The Committee also oversees management’s activities to ensure the ERM framework is embedded and adhered to. In managing and dealing with the Group’s risks, Telkom continues to ensure:
We aligned out ERM risk assessments with the Telkom strategy and business plan while supporting the OneTelkom mindset. This was done in collaboration with other business units. We also reviewed the risk appetite and tolerances, which are aligned with Telkom’s business drivers. These were approved by the Risk Committee and are implemented and monitored on an ongoing basis.
We are progressing satisfactorily with the ERM strategy, and have made key improvements as part of our journey to becoming a risk-intelligent Group.
To ensure a risk culture is embedded, we promoted Group-wide business continuity awareness through different channels, including live broadcasts.
We identified and reviewed ESG-specific risks and presented them to the ESG Council and governance structures. As part of this, we conducted risk assessments at different regions to establish potential climate change threats and Telkom’s readiness to respond to adverse weather events (see Natural capital). This will help the Group make progress in achieving its ESG strategy.
We also assessed reputation risk, with the outcome of the assessment to be concluded in the first quarter of FY2025 (see Intellectual capital).
Telkom continued to share with and learn from the telecommunications industry by participating in conferences.
We also participate in the Communication Risk Information Centre. The centre facilitates the management of risks affecting the telecommunication industry in South Africa, and includes Telkom, MTN, Vodacom, Cell C and Liquid Telecommunications. Among the key risks and challenges being addressed are loadshedding, cybersecurity, physical security and other threats to business continuity.
Telkom participates actively in all the important streams to ensure collaborative efforts to mitigate these threats to the industry.
The ERM plan for FY2024 focused on strengthening business resilience. The response plans and governance structures were reviewed and communicated, including the crisis communication handbook.
Telkom is committed to collaboration principles, maintaining communication services under adverse conditions, and supporting local and national governments should a crisis arise. The Group ensures that its infrastructure, business processes, and emergency management procedures are flexible enough to protect key stakeholders’ interests and our reputation and brand.
Telkom proactively managed operational risks relating to transformational changes, such as the implementation of S189 which started in FY2023 and continued into FY2024, and did not experience significant events, such as labour unrest. The Group ensured there was minimal disruption of operations or network infrastructure. We conducted a scenario analysis to prepare for the possibility of major events such as national grid failure.
The Group is exposed to certain risks (listed on the next page) relating to events that are already happening or are imminent or inevitable. These risks significantly affect business-as-usual operations and strategy execution, which could have immediate and long-term impacts on the achievement of Telkom’s strategic goals.
Disaster management and response structures, such as the Group Emergency Management Team and the Regional Emergency Management Teams, continue to manage crises effectively. In FY2024, the teams managed:
Disruptions due to power outages impair service delivery and erode customer trust, potentially leading to significant financial losses and reputational damage.
Loadshedding continued in FY2024 due to Eskom’s inability to meet demand. However, Telkom managed seamless transitions to alternative power supplies.
Telkom has business continuity and response plans and Emergency Management Teams in place to ensure continuity of service and customer experience through different loadshedding stages. We actively engage ICASA, Eskom, the National Disaster Management Centre, the Communication Risk Information Centre (COMRiC), the Association of Communications and Technology (ACT) and other industry bodies to address loadshedding issues.
The Group is investing in renewable energy sources that will provide greener alternative power and reduce reliance on the national grid. The energy strategy focuses on solar power and lithium-ion batteries, quad generation and hydrogen fuel cells, smart real estate, and heating, ventilation and air-conditioning (HVAC) optimisation.
Telkom effectively dealt with extreme weather events, avoiding material damage to infrastructure and people due to the controls in place. However, our infrastructure remains at risk of damage and destruction given the increased frequency of events such as extreme heatwaves, heavy rainfalls, storms, excessive lightning, and floods.
Telkom embarked on a disaster risk assessment project nationally to unpack extreme weather threats and impacts on employees, operations, infrastructure and network performance. We foresee this risk continuing and have also placed it on our list of emerging risks.
Water supply is a challenge for various municipalities due to ageing infrastructure and drought in some areas. This could have adverse effects on Telkom’s operations and employees. Telkom uses regional assessments to establish the extent of this risk and identify plans to proactively manage it.
Telkom continued to monitor and assess the identified emerging/external risks and opportunities it feels might impact the Group.
Emerging risk | Description | |
Cost of living crisis | Inflation and high interest rates continue to drive up costs for consumers and enterprises. Consumers’ disposable income has reduced significantly, exacerbated by high unemployment, slow economic growth and loadshedding. All these factors lead to reduced spending on Telkom products and services. In response, Telkom focuses on innovative products and services that contribute to revenue generation in challenging economic times. |
|
2024 international and national elections |
Elections can have profound impacts on the telecommunications industry, shaping policies, regulatory environments and market dynamics. The 2024 national elections come with uncertainty, which could lead to social and political tension, civil unrest, inefficient and unstable government, and policy uncertainty. Telkom will monitor developments and adjust its strategies to manage any threats or opportunities that may arise after the elections. |
Telkom reviewed the Group’s strategic risks based on three dimensions:
1
|
Macro-environmental risks likely to impact Telkom’s growth opportunities, such as economic conditions and the capability to access funds. |
3
|
Operational risks with the potential to impact critical operations, such as increased cyberattacks or supply chain disruptions. | |
2
|
Strategic risks with the potential to affect Telkom’s business strategy/objectives. These are uncertainties or opportunities that could affect decision-making. They are crucial matters that the Board, shareholders and investors should be concerned about in relation to strategic intent. | Telkom identified the strategic risks in the context of its financial and non-financial strategic objectives. Most of the risk ratings decreased due to improved mitigating actions; others remained the same due to changes in the macro-environment, specifically relating to the negative global economic outlook. |
The risk heatmaps alongside reflect the residual risk rating, which considers the mitigation controls in place.
The following risk dashboard reflects the movement of strategic risks between FY2023 and FY2024. In FY2022 and FY2023, Telkom reported on the strategic risk of “Unstable and unpredictable regulatory dispensation”. This risk was moved to the operational risk register in FY2024 as it is managed as business as usual with a satisfactory control environment.
Description | Residual risk exposure |
Trend | Reason for risk movement | ||||
FY2023 | FY2024 | ||||||
1 |
Market forces and disruption exacerbating competition pressures | Very high | High | The OneTelkom mindset aims to increase competitive ability. | |||
2 |
Inability to attract and retain a suitable, resilient and healthy workforce to service and support the changing ecosystem | Very high | High | Telkom is implementing programmes which will contribute to attracting and retaining critical talent. | |||
3 |
Increased focus and scrutiny on ESG matters | High | High | There is progress on the ESG strategy and the maturity assessment actions are expected to reduce this risk. | |||
4 |
Financial sustainability | Very high | High | Telkom financial performance in terms of revenues and EBITDA has improved compared to FY2023. | |||
5 |
Macro-environmental instability | Very high | Very high | The macro-environment is challenged by factors such as geopolitical tensions and economic outlook. | |||
6 |
Inability to manage and meet material stakeholder expectations | New | Medium | This risk was raised in FY2024 and improved throughout the year because key stakeholders are engaged systematically and effectively, although the stakeholder engagement framework is still in progress. |
Movement in our strategic risks compared to FY2023 reporting
Risk exposure remained constant | Risk exposure deteriorated | ||
Risk exposure improved | New risk |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||
1
Market forces and disruption exacerbating competition pressures |
||||
Telkom operates in a competitive and rapidly changing market. Increases in technological innovation, market deregulation, customer expectations, and new entrants in the connectivity space exacerbate this risk, putting pricing and product offerings under pressure. Failure to respond swiftly to competitive threats could negatively impact the Group’s prospects, including its market share, relevance, revenue growth and profit margins. |
|
Telkom faces various market forces and disruptions that exacerbate competition pressures. Competitors are leading market developments in market segments in which Telkom operates, i.e. IT, technology, enterprise, mobile and fibre. Telkom is implementing various strategies to maintain its market position and ensure sustainable growth. To circumvent the competition, Telkom is working on several innovative digital solutions suitable for our market segments. Our competitiveness can be improved by empowering the customer service teams, reviewing product design methodologies, fast‑tracking IT transformation, aggressively leveraging fibre assets and expanding the cloud services offering. |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||||
|
||||||
The world is undergoing several changes related to how companies work, hybrid working models, customer behaviours, and technology trends. This requires talent that can provide a sustainable competitive advantage. Failure in this regard could result in loss of competitive advantage, increased employee costs and delays in achieving the Group’s strategy. |
|
This risk remains material due to the uncertainty associated with Telkom’s performance compared to competitors, restructuring, and shortage of scarce skills, i.e. AI, data science and other skills. Telkom continues to implement measures to reduce the impact of this risk. These actions include the learning programmes, future skills development, OneTelkom culture and associated values, and maintaining a hybrid work approach. Telkom was awarded Top Employer status in 2024. This contributes positively to Telkom’s brand as well as its ability to attract and retain talent. The key risk indicators (KRIs) for staff turnover are within tolerable levels. Considering the positive developments experienced in FY2024, the risk was reduced from Very High to High. See Human capital for more on our HR practices. |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||
3
Increased focus and scrutiny on ESG matters |
||||
Increased focus on ESG matters is due to the fast-growing importance of sustainability matters in society, including increased awareness of climate change, social inequality, and corporate misconduct. This could impact Telkom’s financial sustainability and reputation and limit access to opportunities.
|
|
Telkom is progressing on the ESG strategy. KPMG conducted a maturity assessment of Telkom’s ESG journey in January 2024, and gaps were identified to move from “managerial” to “strategic”. The following will be prioritised:
Although progress has been made on these initiatives, this risk remains High as some expected deliverables have not yet been completed. |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||
4
Financial sustainability |
||||
Maintaining financial capacity is crucial to sustain and grow operations while building financial resilience to manage unforeseen economic events. This risk is due to:
|
|
This risk abated in FY2024 due to improved financial performance, as set out in the GCFO’s report on financial performance. From a macro perspective, there was no meaningful economic growth and loadshedding was experienced in most of FY2024. Telkom experienced growth in revenue and EBITDA as compared to FY2023. Free cash flow also improved in FY2024. There was sufficient headroom in terms of working capital facility. For this improvement to be sustainable, Telkom should continue to explore other revenue streams to reduce operational costs and improve profitability. |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||
5
Macro-environmental instability |
||||
Socio-economic challenges impact consumers’ quality of life and influence their attitudes, behaviours and preferences. Since consumers are critical to the Group’s success, this instability could lead to levels of profitability and cash generation that are unsustainable. It could also impact our shareholders’ perspective on the Value Unlock Strategy and future growth.
|
|
Challenging economic conditions persisted throughout FY2024 due to slow economic growth and higher interest rates. Added to this were a deteriorating fiscal situation, unemployment and loadshedding. Existing and emerging geopolitical conflicts will continue to exacerbate the macro-environmental instability. These factors could lead to social unrest, impacting distribution and trade. The upcoming elections heighten this risk. Most of these factors are out of Telkom’s control. However, we can ensure that our products and services are competitive enough to meet changing customer attitudes and behaviours. There are also opportunities to offer products and services to improve the economy, and to partner with communities to address social issues such as the digital divide and growing SMMEs. |
Risk definition | Mitigating activities and monitoring | Assessment rationale and opportunities arising from managing risks | ||
6
Inability to manage and meet material stakeholder expectations |
||||
Inability to meet stakeholder needs and expectations could result in:
|
Read more in the Stakeholder chapter. |
Telkom identified this risk due to the lack of an effective integrated stakeholder engagement framework, which could result in a siloed approach to stakeholder engagement. This could have an impact on the achievement of strategic objectives, financial performance, and reputation among external stakeholders. In FY2024, Telkom focused on the following stakeholder matters:
The stakeholder engagement framework is currently being reviewed and enhanced and will be approved in FY2025. |
Telkom recognises the pivotal role of compliance in maintaining the integrity and sustainability of our operations within the dynamic industry landscape. We commit to full compliance with all applicable laws and regulations, and support the application of non-binding codes and standards, to foster stakeholder trust and ensure the Group’s long-term viability.
The Board, through the Group Risk Committee, oversees compliance risk management and internal controls to ensure compliance with legislation. We have a specialised team that oversees our compliance landscape, ensuring that regulatory obligations are met and that we stay ahead of emerging legislation and regulations.
We have zero tolerance for regulatory non-compliance, fraud, bribery, and corruption. We are committed to meeting all applicable compliance requirements and fulfilling all disclosure and reporting obligations to maintain our reputation.
The compliance programme focused on:
We confirm that no material or repeated regulatory penalties, sanctions, or fines for contraventions of or non-compliance with statutory obligations were reported in FY2024.
This stringent compliance regime supports our combined assurance approach through our three lines of defence and regular reporting. The compliance function also reports to the IT governance structures and the economic crimes forum on data privacy, cybersecurity, and potential areas of non-compliance.
The Group Exco annually reviews and approves the regulatory universe derived from our risk‑based approach. This is an important part of our due diligence, strategic planning, and risk management. It safeguards Telkom’s compliance posture and allows us to seize opportunities to drive innovation and growth within a sound regulatory framework. We also invest in comprehensive employee training to foster a culture of compliance and integrity.
The annual compliance plan supports the ERM strategy and objectives. It sets out plans to enhance the Group compliance culture and monitor compliance risk management. We provide quarterly compliance reports on the status of compliance deliverables to various governance structures, including the ERM forum, integrated governance risk and compliance forum, Risk Committee, and the Board. We appointed an independent assurance service provider in FY2024 to conduct a compliance maturity assessment. The results of the maturity assessment indicated that Telkom’s compliance environment is acceptable with areas of improvement identified.
We monitor and report on the effectiveness of controls to ensure compliance with the National Environmental Management Act and associated regulations. We implemented controls to ensure ongoing compliance with the Carbon Tax Act requirements, and continue to monitor developments relating to the sector emissions reduction plan and targets.
We have intensified efforts to protect personal information amid growing data privacy concerns. Compliance with the data privacy regulations was enforced through policies, regular audits and risk assessments.
We continue to play a proactive and influential role in the regulatory space. We believe active participation is essential for shaping a regulatory environment that fosters innovation, fair competition, and consumer protection. It also helps us to anticipate and adapt to new compliance requirements, reducing the risk of non‑compliance and associated penalties. Our involvement featured:
We respect our customers’, employees’ and service providers’ personal information and are committed to ensuring that the personal information we handle is safeguarded. Data privacy threats have increased globally, and compliance with data privacy legal frameworks and information security standards is Telkom’s priority. Two instances of unauthorised access to personal information (FY2023: 2) were reported to the Information Regulator, with limited exposure. The business immediately enhanced the control environment.
We received five customer complaints (FY2023: 3) from the Information Regulator regarding direct marketing and unauthorised access to information. The business investigated all incidents, reported on the outcomes, and addressed the control environment.