Further development of the compliance management system through regular risk assessment
To identify, analyze, and assess compliance risks to the company and derive risk-oriented measures to prevent breaches of laws and regulations, our central compliance management organization conducts a high-level CRA (compliance risk assessment) each year. It also covers Deutsche Telekom’s subsidiaries. For this we have established a compliance risk assessment process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. The 2022 compliance risk assessment had the following detailed outcomes:
The companies that participated in the CRA were selected according to a model based on risk and maturity and dependent on governance.
In 2022, 69 units (61 companies and 8 Group headquarters units) went through this process. This equates to a coverage level of 93.6 percent (by FTE/full-time equivalents) of fully consolidated companies as of December 2021.T-Mobile US uses a different system for its risk assessment.
We list potential risks to our company in a Group risk map. This enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2022, the core risk categories were revised and partly consolidated. In 2022, the risk map covered 22 risk categories, including such categories as corruption, anti-trust law violations, and human rights violations. All national companies can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.
Responsibility for conducting the CRA lies with the respective company or Group unit. Based on the results, management approves a compliance program for the coming year that includes appropriate local measures and responsibilities. The central compliance organization supports them with this and provides a standardized methodology. This means the findings from the CRA can be used to derive risk-oriented Group-wide measures.
The Board of Management and the Audit Committee of the Supervisory Board of Deutsche Telekom are notified of the results of the compliance risk assessment.
The central compliance department monitors the execution of measures from the compliance program.
To identify, analyze, and assess compliance risks to the company and derive risk-oriented measures to prevent breaches of laws and regulations, our central compliance management organization conducts a high-level CRA (compliance risk assessment) each year. It also covers Deutsche Telekom’s subsidiaries. For this we have established a compliance risk assessment process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. The 2022 compliance risk assessment had the following detailed outcomes:
- The companies that participated in the CRA were selected according to a model based on risk and maturity and dependent on governance.
- In 2022, 69 units (61 companies and 8 Group headquarters units) went through this process. This equates to a coverage level of 93.6 percent (by FTE/full-time equivalents) of fully consolidated companies as of December 2021. T-Mobile US uses a different system for its risk assessment.
- We list potential risks to our company in a Group risk map. This enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2022, the core risk categories were revised and partly consolidated. In 2022, the risk map covered 22 risk categories, including such categories as corruption, anti-trust law violations, and human rights violations. All national companies can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.
- Responsibility for conducting the CRA lies with the respective company or Group unit. Based on the results, management approves a compliance program for the coming year that includes appropriate local measures and responsibilities. The central compliance organization supports them with this and provides a standardized methodology. This means the findings from the CRA can be used to derive risk-oriented Group-wide measures.
- The Board of Management and the Audit
Committee of the Supervisory Board of Deutsche Telekom are notified of the results of the compliance risk assessment. - The central compliance department monitors the execution of measures from the compliance program.
Reporting against standardsGlobal Reporting Initiative (GRI)