Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Enterprise Risk Management in Etisalat

Verified

Added on 2023/06/11

AI Summary

This article explores the Enterprise Risk Management (ERM) process of Etisalat Group and how it offers the right assurance that significant risks are studied and examined. It also discusses the link between strategy, core business activities, financial performance and risk management into a coherent dynamic framework. The article suggests risks and possible responses at each level of the organization and evaluates how the COSO framework can be used to add value to organizational enterprise risk management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: RISK MANAGEMENT 1
Enterprise Risk Management in Etisalat

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2
Table of Contents
Introduction...........................................................................................................................................3
Review of the state-of-the-art in Enterprise Risk Management.............................................................3
Introduction to the company, organization or business unit you have chosen to study. This should also
include a narrative on strategy, core business activities, recent financial performance and corporate
view of risk management.......................................................................................................................5
A narrative on how organisations link strategy, core business activities, financial performance and risk
management into a coherent dynamic framework.................................................................................7
Depending on the nature of the organisation, there are a number of factors that should be considered
when designing and planning an ERM initiative. Details of the risk architecture, strategy and
protocols should be recorded in a risk management policy for the organisation....................................8
Suggest risks and possible responses at each level of the organisation..................................................9
Evaluate how the COSO framework can be used to add value to organisational enterprise risk
management.........................................................................................................................................11
A narrative on the difficulties associated with collating and acting upon risk intelligence as a means
for value creation in organisations.......................................................................................................12
Recommendations for improvement to existing project level risk management activities in project
portfolio management to enhance ERM capability..............................................................................13
References...........................................................................................................................................14

3
Introduction
The Etisalat Group explores the proactive risk management and its importance in
attaining the strategic objectives. In the internal control function of the group, the Enterprise
Risk Management (ERM) process, it makes sure that the main risk is explored, assessed as
well as managed around the Etisalat Group of companies. ERM framework of Etisalat offers
the right assurance that significant risks are studied and examined (Wu & Olson, 2015).
The Etisalat group hires the robust system of ERM that includes three defence lines
environment of internal control. In the day to day risk management, the first defence line
goes around the OpCos. This is highly governed by the previous procedures and policies, and
it also covers up regular perspective on explored risk as well as ongoing risk mitigation
management activities (Olson & Wu, 2010). The next defence line includes the corporate
functions that continue their accountability for monitoring and oversight of risks. Deducted
tasks like Finance (Revenue assurance and fraud management), legal, regulatory affairs, and
internal control (compliance and ERM) includes different activities to reduce and manage the
massive range of risks. Along with this, capabilities of agreement in the functions of internal
control are set up or emphasizing over the legal compliance issues like corruption and anti-
bribery.
The last line of defence offers the personal assurance about the company’s internal
control environment through conducting an internal audit, along with other functions of
reliability that are outlined in second defence line (Choi, Ye, Zhao & Luo, 2015). Both the
internal audit and internal control functions continue to move independently from the report
functionally and executive management to Etisalat Group Audit committee that is authorized
by the board of directors, to supervise the area.

4
Review of the state-of-the-art in Enterprise Risk Management
Enterprise risk management (ERM) holds the holistic approach towards the company
risk. A holistic approach is considered as the risk in the context of the group, gathered
components of risks or either the combination of risks for viewing the individual issue. While
analysing the enterprise risk management through the perspective of practitioners, who can
apply as well as practice any concepts related to management in the actual business world. In
the case of enterprise risk, one is a Casual actuarial society (CAS), as per CAS committee,
ERM is explained as a discipline through which companies in assessing the industry,
exploits, controls, monitors, and finance from every source, with an aim to enhance the
companies both short and long-term stakeholders value (Sun, Apley & Staum, 2011). To
undertake the detailed analysis of enterprise risk management in the context of this study, it is
essential to have an understanding of the critical viewpoints of risk management from
practitioner’s perspective.
The perception of the practitioners provides an ability to analyse the actual time
involved in organization risk management and differentiation in risk management in context
of practical and conceptual application. Therefore, this literature includes the few views of
practitioners over risk management. ERP is the new term that has come up as an ultimate
approach towards managing risk (Ansaripoor, Oliveira & Liret, 2014). This strategy has also
proved by the adequate performance, and the same make the company move from traditional
risk management towards ERP. The other definition of ERM for practitioners is that, it’s a
process through which companies methodically examine the risk related with activities. This
is usually known as enterprise risk management, and its aim is to increase the highest value in
these activities. As per Ho, Wu & Olson (2009), enterprise risk assists in managing the
complete organization activities in an aggregate way, which is different from the traditional
risk problems individually. Besides this, ERM emphasizes risk and mention it as a potential

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5
risk alternative, instead of stressing over controlling risks. This is the main reason for the
companies to move from traditional risk towards ERM. Various authors hold common
approach towards ERM, as per Zhang, Avasarala & Subbu (2010), a company can efficiently
manage risk in two variant ways, and manage it at single time, which is referred as traditional
approach and manage all risks by considering every factor, while risk assessment is
conducted, and the same is known as holistic approach.
Factors such as increase in quantity of complicated issues like hazard risks that is
considered as pure risk, financial risk is known as business that enhances the uncertainty
between the corporate world, and create the corporate risks, as well as external pressure, for
example corporate governance like risk regulation, intervention of government in corporate
area by insisting the top management to ensure about holistic way, and develop the
combination of different parts of risk by collecting risk, that is considered a portfolio of risks
(Xu, Zhou & Wu, 2011). In case of Enterprise risk management, developing a risk portfolio
is the core objective, and it sums up the threat, a portfolio of risk by analysing the individual
components of risk within groups. One of the main features related to enterprise risk
management is seen as an opportunity for making advantages at an early stage, instead of
taking the measures to control it (Bogatai & Bogatai, 2007). In the today’s business world,
enterprise risk management has become new trends.
Introduction to the company, organization or business unit you have chosen to study.
This should also include a narrative on strategy, core business activities, recent financial
performance and corporate view of risk management
Core business activities
Etisalat is the famous and largest telecommunication company offering corporation in
the GCC. Its headquarters are located in Abu Dhabi, UAE. The company serves around 11.6

6
million customers, and they have more than 300000 large, small, and medium enterprise and
government customers in the country (Enterprise Risk management, 2017).
Finances
A corporate view of risk management
Operational threats
Cybersecurity threats- the external cyber-attack threat around Etisalat network as well as
information technology infrastructure will continue, especially in North Africa and Middle
East areas. Both the IT and network security team try to proactively monitor all the activities
going around the group network for exploring and reducing the expected threats of
cybersecurity and breach of data privacy (Goh, Lim & Meng, 2007).

7
The pressure of competition and prices- the Etisalat market operates are featured through the
increased competition level, including both new and existing, along with a reduction in cost,
substitution of technology, product and market convergence, as well as customer churn. The
group within the company try to analyse and monitor the market trends and invest in the
products, networks, and services provide to compete in an effective manner (Gaudenzi &
Borghesi, 2006).
Financial Risks
Exposure of foreign exchange- Etisalat is highly exposed towards the prevailing uncertainty
of international rate of exchange volatility in individual countries, in which they are working.
Mainly, this volatility might impact the consolidated outcome and total Etisalat investment
value in foreign operations. Group finances have also set up the policies, tools, and
procedures for monitoring, managing as well as reporting the exposures.
Other exposure to finance- Both the financial assets and liabilities of the group are exposed to
the different economic threats, which includes liquidity, the rate of interest as well as credit
risks (Wu, Blackhurst & Chidambaram, 2006).
The Etisalat internal control group functions try to develop the yearly plan, by
outlining the enterprise risk management as well as compliance activities that are approved
by the audit committee. Its primary objective is to strengthen the lying three defence model
lines by measuring the ERM maturing process as well as it also coordinates with compliance
activities around the group.
A narrative on how organisations link strategy, core business activities, financial
performance and risk management into a coherent dynamic framework.
Risk management is the primary function related to project-based companies, as well
as its ultimate aim to create the corporation value. In current years, various project-based
companies have tried to implement the system of project risk management for measuring and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
managing the associated project risk. The Etisalat group hire the system of robust ERM that
creates the part of three defence lines within the internal control environment. The first
defence line is related to regular risk management around the (Blackhurst, Scheibe, &
Johnson, 2008). This is highly governed by the previous policies and procedures and also
cover up the day to day review of explored risks and regular risk mitigation activities
management.
The second defence line includes the corporate functions that are responsible towards
the monitoring and oversight of risks. Committed tasks like finance (revenue assurance and
fraud management), internal control (compliance and ERM), legal and regulatory affairs, that
conduct the different activities for reducing and managing the enormous risks (Heckmann,
Comes & Nickel, 2015). Along with this, compliance capabilities in the function of internal
control is set up for emphasizing over the legal compliance matters like corruption and anti-
bribery needs.
Depending on the nature of the organisation, there are a number of factors that should
be considered when designing and planning an ERM initiative. Details of the risk
architecture, strategy and protocols should be recorded in a risk management policy for
the organisation.
The process of ERM includes the identification, management, assessment as well as
regular review of the risks and uncertainties that can negatively create influence over Etisalat
ability for attaining the strategic aim. Evaluation of ordinary risk around different areas in
which Etisalat group operate through considering the explained tolerance level and risk
appetite. Assessment of risk and reduction is the essential part of group yearly business
budgeting and planning process. The ERM framework of Etisalat is linked with the global
best practices like ISO 31000 standards (Hult, Craighead & Ketchen, 2010). The Etisalat
group also monitor and conduct a review of risk principle that can impact the business,

9
reputation and financial performance. While various other risks are existing, it even
breakdown different and essential threats are going around different operations of the
company.
Suggest risks and possible responses at each level of the organisation
The risk radar of Etisalat depict the business risk in the telecommunication sector
through categorizing the risk in around four quadrants, which correspond towards the
universe risk model, these quadrants are related with compliance threats, which originate in
law, policies, and corporate governance; operational threats that affect the process, people,
system and complete business value chain; strategic threats that are related with competitors,
customers and investors, and financial threats that stemmed through the market vitality in the
actual economy (Demarzo, Fishman, He & Wang, 2012). Below is the figure that shows the
risk ongoing in telecom sectors in the year 2014.

10
These risk relate to failure in realizing the new roles associated with evolving
structure of market; failure to having regulatory certainty over new structure of market;
avoiding the new privacy and security imperatives; failure in enhancing the agility of
organization; failure to have data integrity for driving efficiency and growth; inability to have
performance measurement in driving the execution; lack of understanding about value of
customers; inability in adequately extracting the value from the network assets; wrongly
explaining the inorganic agenda of growth; and failure to adopting the innovative routes
(Nejad & Kuzgunkaya, 2015).
As noted, telecom business looks quite comparatively in managing the risks of
information security. Etisalat had started taking action for achieving the improved ongoing
insight level and ecosystem intelligence in the dynamic threats and vulnerabilities. Telecom
companies are boosting their information related to security budgets importantly. In this year,
the survey explored that the average of security budgets was US$5.4 billion, which includes
the gain of 35% by the year 2012 (Nejad & Kuzgunkaya, 2015). In the context of complete,
IT was spending increased to an average of US$162 million by the year 2013, which included
the rise of 17% in the last year. Despite this rise, the budgets of information security depict

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

11
the 3.4% of total IT spending, which is relatively less investment and had even stayed
constant in current years (Sawik, 2011).
Other progress measures that were taken by Etisalat was gleaned through how
correctly executives understand their program of organization security with the business
strategy and entire spending. In this manner, the optimism of Etisalat was robust. In this
context, 72% of the survey participants mention that security strategy is linked to the
particular requirements of the business (Wakolbinger & Cruz, 2011). This kind of feedback
depicts from top to bottom, and in this security had become elemental components related to
corporate culture and excellent business imperative, but simultaneously, it was a challenge
for IT.
Evaluate how the COSO framework can be used to add value to organisational
enterprise risk management
The committee of sponsoring organizations of the Treadway Commission (COSO)
had published the standards of enterprise risk management in the year 2004. The ERM cube
of COSO is popularly known as practitioners of risk management, and it offers a framework
for undertaking the ERM practices. It had attained considerable profitable influence, after
linking with the Sarbanes Oxley needs for organizations listed in America. In the year 2009,
ISO 31000 has also published the globally agreed standards for implementing the principles
of risk management (Nejad & Kuzgunkaya, 2015). Previously, ERM practices were applied
to emphasize the value protection and functions of risk with exploring the organization
business objectives threats. Rapidly, it had included different external threats, while assessing
the underlying issues to understand how the business is undertaken (Wu, Huang, Blackhurst,
Zhang & Wang, 2013). But during this implementation, the focus of ERM over the dangers,
risk down siding, missing upside, when it was made the essential element in the process of
decision making. It also consults the ability to spot and assess the risks of helping the

12
organization in developing the value and seizing the competitive benefits. Through COSO
2004 publication of ERM, the risk management undertook the essential steps. The framework
came as the base for conducting conventional risk thinking. Buts its implementation in
various companies emphasizes over isolation, mitigation, and management of known risks
(Giannakis & Louis, 2011).
In the last few years, Etisalat operating environment had expanded as complex, highly
technologically driven, international, as well as involved risk and business leaders that needs
high ability to explore, assess as well as prepare the external focuses that might impact the
strategy of organization; shift the conditions that might affect the strategy assumptions, and
risk that might came through carrying out the procedure (Giannakis & Louis, 2011).
A narrative on the difficulties associated with collating and acting upon risk intelligence
as a means for value creation in organisations.
The risk intelligence is referred as the subset of the executive team of management.
Its primary role is to come together for examining the risks of enterprise and actions that are
taken for reducing them, review and aggregate the information of risk from various groups in
business and even escalate the risk problems to the board, in case it’s required. The problem
is that, in fact of risk intelligence, responsibilities are pass on to the existing executive
committee, if the company had a proper mix of members (Giannakis & Louis, 2011). In risk
intelligence, just like various companies approach towards enterprise risk management act as
an essential part of managing the strategy and operations of the enterprise, or either as the
soloed process. In the risk intelligent enterprise management, it is analysed that the
executives dissect every action that can help in creating value and undertake the potential
risk. They also identify the discussion on risk and value cannot be separated, and therefore,
risk is viewed as the decision driver, instead of results of decision that is already taken.

13
The primary challenge related to risk intelligence during its process of creating value
in the company is the gap that exists among the requirements as well as resources that are
made available for examining the risks. It also generates challenge on manual vs. automated
information technology. It also causes a problem on maturity enterprise risk management
level, and finally, it’s the regulatory environment that is impacted by risk intelligence
(Giannakis & Louis, 2011). It also create issues for the risk partners, as they disconnect them
from the business process. It also create problems for the ineffective and inefficient result
fragmentation, technology as well as ad-hoc technology. Along with this it’s also create
issues related with silo mentality among the functions; interpret the risks and also try to
control the uniformity. The approach towards addressing the risks are not standard, and
overlapping of risk coverage, and technological uncertainty (Giannakis & Louis, 2011).
Risk intelligence issues often take place due to a reduction in staff, or either increased
in the workload of the staff members in the company. It also occurs due to change in control
systems or either implementation in the new program and policy. It also happens due to the
attitude of the staff and inadequate training provided to employees. It also occurs due to the
ineffective controls and processes. All these risks create dissatisfaction among the employees
and demotivate them to work in the company (Giannakis & Louis, 2011). Along with
internal conditions of the company, issues occur in risk intelligence, but simultaneously
external circumstances and changes also impact the company through increasing problems.
Due to economic pressure increase over the business employees and partners, problems
usually occur; rise, or either turn in the regulatory or business to business needs also enhances
the risk. It also happens due to audits took by the external agencies and attacks conducted for
achieving the access to systems and information through groups (Wu & Olson, 2010).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

14
Recommendations for improvement to existing project level risk management activities
in project portfolio management to enhance ERM capability
Project portfolio managers applying for the project portfolio management should
optimize the value of the business. It is recommended that they should enhance the odds of
all success through emphasizing over supporting companies in creating a well-informed
selection of investment. They are also advised to pursue the level if the company needs the
enterprise-wise changes as well as capabilities (Micheli, Mogre & Perego, 2014). It’s entirely
worth to note the efforts, where enterprise PPM practices are constructed. It is also
recommended that they should use the enterprise objectives and goals as the input to
formulate and to drive the plans of PPM improvement.

15
References
Ansaripoor, A.H, Oliveira, F.S., & Liret, A. (2014). A risk management system for
sustainable fleet replacement. European Journal of Operational Research, 237(2),
701-712.
Blackhurst, J.V., Scheibe, K.P, & Johnson, D.J. (2008). Supplier risk assessment and
monitoring for the automotive industry. International Journal of Physical
Distribution & Logistics Management, 38(2), 143-165.
Bogatai, D., & Bogatai, M. (2007). Measuring the supply chain risk and vulnerability in
frequency space. International Journal of Production Economics, 108(1/2), 291-301.
Choi, Y., Ye, X., Zhao, L., & Luo, C. (2015). Optimizing enterprise risk management: a
literature review and critical analysis of the work of Wu and Olson. Annals of
Operations Research
Demarzo, P.M., Fishman, M.J., He, Z., & Wang, N. (2012). Dynamic agency and the q
theory of investment. Journal of Finance, 67(6), 2295-2340.
Enterprise Risk management. (2017). Retrieved from,
http://o2.ae/clients/etisalat/annualreport2017/en/iar.html
Gaudenzi, B, & Borghesi, A. (2006). Managing risks in supply chain using the AHP method.
The International Journal of Logistics Management, 17(1), 114-136.
Giannakis, M., & Louis, M. (2011). A multi-agent based framework for supply chain risk
management. Journal of Purchasing & Supply Management, 17(1), 23-31.
Goh, M., Lim, J.Y.S, & Meng, F. (2007). A stochastic model for risk management in global
supply chain networks. European Journal of Production Economics, 182(1), 164-173.
Heckmann, I., Comes, T., & Nickel, S. (2015). A critical review on supply chain risk –
Definition, measure and modeling. Omega, 52, 119-132.

16
Ho, C-T., Wu, D.D., & Olson, D.L. (2009). A risk scoring model and application to
measuring internet stock performance. International Journal of Information
Technology and Decision Making, 8(1), 133-149.
Hult, G.T.M., Craighead, C., & Ketchen, D.J. (2010). Risk uncertainty and supply chain
decisions: A real options perspective. Decision Sciences, 41(3), 435-458.
Micheli, G.J.L., Mogre, R., & Perego, A. (2014). How to choose mitigation measures for
supply chain risks. International Journal of Production Research, 52(1), 117-129
Nejad, A.E., & Kuzgunkaya, O. (2015). On the value of response time characteristics in
robust design of supply flow. Journal of Manufacturing Technology Management,
26(2), 213-230.
Olson, D.L, & Wu, D.D. (2010). Enterprise Risk Management Models. Heidelberg: Springer
Sawik, T. (2011). Selection of a dynamic supply portfolio in make-to-order environment with
risks. Computers & Operations Research, 38(4), 782-796.
Sun, Y., Apley, D.W., & Staum, J. (2011). Efficient nested simulation for estimating the
variance of a conditional expectation. Operations Research, 59(4), 998-1007.
Wakolbinger, T., & Cruz, J.M. (2011). Supply chain disruption risk management through
strategic information acquisition and sharing and risk-sharing contracts. International
Journal of Production Research, 49(13), 4063-4084
Wang, S., & Huang, G.H. (2014). An integrated approach for water resources decision
making under interactive and compound uncertainties. Omega, 44, 32-90.
Wu, D.D, & Olson, D.L. (2015). Enterprise Risk Management in Finance. Basingstoke,
Hampshire: Palgrave Macmillan 2015.
Wu, D.D., & Olson, D. (2010). Enterprise risk management: A DEA VaR approach in vendor
selection. International Journal of Production Research, 48(16), 4919-4932.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

17
Wu, T., Blackhurst, J., & Chidambaram, V. (2006). A model for inbound supply risk
analysis. Computers in Industry, 57, 350-365.
Wu, T., Huang, S., Blackhurst, J., Zhang, X., & Wang, S. (2013). Supply chain risk
management: An agent-based simulation to study the impact of retail stockouts. IEEE
Transactions on Engineering Management, 60(4), 676-686.
Xu, J., Zhou, X., & Wu, D.D. (2011). Portfolio selection using λ mean and hybrid entropy.
Annals of Operations Research, 185(1), 213-229.
Zhang, J, Avasarala, V., & Subbu, R. (2010). Evolutionary optimization of transition
probability matrices for credit decision-making. European Journal of Operational
Research, 200(2), 557-567.

1 out of 17

+13062052269

info@desklib.com

Enterprise Risk Management in Etisalat

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Mitigating Risks in HSBC: A Study on Risk Management Strategies

Theories Of Issues In Accounting And Finance

Governance Risk and Compliance: Importance, Scope and Management

Regulations & Compliances

Issues Of Accounting Finance Report

Risk Management at Woolworths: Principles, Approach and Process