العربية

Download
stc
Annual Report
menu image 1
menu image 1
menu image 1
menu image 1
menu image 1
menu image 1
menu image 1
 

A brief overview of stc
Group

 

,The performance, activities

and investments of stc Group

and its subsidiaries during

the year 2022

 

Risks management

and transactions with

related parties

 

Board of Directors and
Committees

 

Dividends Policy and Distribution

and Board Recommendations and

Compensation

 

Conclusion

 

Financial Consolidated

Statements

A brief overview of stc Group The performance, activities, and
nvestments of stc Group and
its subsidiaries during the year 2022 Risks management and transactions
with related parties Board of Directors and Committees Dividends Policy and
Distribution and Board
Recommendations and Compensation Conclusion Financial Consolidated
Statements
Enterprise Risk Management

Enterprise Risk

Management

Telecommunication industry is facing significant headwinds to grow from the structural decline in demand for voice in favor of the expansion of data demand. The digital marketplace is dynamic and evolving rapidly, an evolution that the pandemic has accelerated in many ways. Other drivers of this dynamism include the ongoing and likely accelerating impact of new disruptive technologies across the entire business ecosystem, threatening both established and potential new revenue streams.

Financial Risk

Management

enterprise-risk

  • Risk Management Governance:

    The Board of Directors ensures the highest standard of corporate governance is maintained by regularly reviewing governance development best practices and ensuring they are duly adopted. As a result, the board has established the Board Risk Committee, which plays a key role in overseeing the implementation of risk management framework, risk strategy, related risk management policies and monitoring stc Group’s risk management system, review of the top risks, and the management of those risks. The risk management function is independent and separate from stc’s business groups and sectors; the function has completed its first waves of measures this year as per the risk strategy that the board has approved to uplift its current practices and maturity.

  • Identifying our risks:

    All stc Group entities identify and assess their own risks that could affect stc Group’s strategy and operations. A consolidated list of these risks is then presented to a selection of stc Group senior leaders and executives, alongside the outputs from an external environment scan and related benchmarks. Applying a Group-wide perspective, these executives evaluate and determine top risks and which emerging threats warrant further exploration. The proposed top risks, emerging risks, and risk watchlist are defined and agreed by Risk Management Committee before being submitted to the Board Risk Committee and the Board for the final review and approval.

  • Managing our risks:

    During the risk evaluation phase, we assign each of our risks is assigned to a category (corporate, technology, operational, financial, and compliance). This approach enables a better understanding of how we should treat the risk and ensure the right level of oversight and assurance are provided. The assigned executive risk owners are accountable for ensuring adequate controls are in place and implementing the necessary treatment plans to bring the risk within an acceptable tolerance.

    We continue to monitor the status of risk treatment strategies across the year and hold in-depth reviews of our risks. We also develop a comprehensive assessment of the related scenarios for each of the top risks, providing additional insights into possible threats and enabling a better risk treatment strategy.

  • Business continuity:

    stc business continuity, data centers, mobile communications network, other network infrastructure and facilities, and the safety of its employees and customers are among the most important priorities of stc. stc implements an immediate and appropriate response to disaster and emergency incidences. stc also carries out Business Continuity Plans (BCP) tests for critical operations systematically and periodically according to the business impact analysis (BIA) of all critical systems in order to ensure the effectiveness of the plans developed. stc Group has recently been recertified for the international standard for business continuity management (ISO 22301:2019); this comes as a testament to the diligent approach taken by stc Group to implement protocols and guidelines to maintain all Business-related operations.

  • Covid-19:

    Category Risks Mitigation Measures
    Technology

    Cyber Security Threats:

    The rise of advanced malware and DDOS botnets is reshaping the threat landscape and forcing enterprises to reassess how they protect themselves. This threat exists not only within stc but upstream through vulnerabilities in stc vendors and suppliers, and downstream, where vulnerabilities in stc may be leveraged by cyber-criminals to attack stc customers. Third-party access management is also a significant matter as we rely heavily on 3rdparty contractors with multiple Incidents reported by stc.

     

    stc Group continues to strengthen the cybersecurity unit, internal systems and policies are developed, levels of security procedures are raised, awareness is intensified, and the effectiveness of information security plans is tested.

    stc Group has established robust Cyber Assurance practices adopted for information protection and asset management as well as Established advanced penetration testing and vulnerability management capabilities.

    Data Privacy

    One of the biggest challenges faced by any organization is managing privacy as data volumes continue to grow and regulatory and customer scrutiny increases. It is more important than ever to be clear on the privacy risks we face to handle PII, or an individual’s right to determine what kind of data can be collected, stored, protected, and can be shared with third parties

     

    stc Group has established a privacy framework containing policies and procedures relating to the privacy of personal information address data classification, record management, retention, and destruction as well as implemented technical solutions to set different permission levels for employees based on what PII they need to access, such as Public, Private, and Restricted Access

    Resilience following Disaster, Crisis or events impacting Business Continuity:

    Telcos have experienced significantly higher network demand globally during the crisis, with the initial lockdowns triggering reported traffic spikes. Partial or full-scale non-availability or quality degradation of ICT services due to telecom network failures or business support systems and other key systems. Key considerations include Disaster Preparedness Planning, Exchange equipment, undersea cable communications, and fibreoptic cable problems.

     

    stc Group has established entity-wide written programs that address and validate the continuity of the institution’s missioncritical operations. We have recertified the organization against ISO 22301:2019 and taken all required steps to comply with any relevant regulatory requirements.

    stc Group has proposed additional projects to strengthen disaster recovery (DR) systems to ensure business and services continuity, taking into account various possibilities. The Emergency Response Team oversees major contingency planning work and periodically conducts virtual experiments.

    Compliance

    Unfavorable Regulatory Changes Impacting our Current Business Model

    Regulations over our current obligations are increasing both in number, frequency, and impact and are evolving in their nature. The potential impact of these new regulations could have serious negative implications for stc’s profitability, market position and include penalties or financial liabilities.

     

    stc Group studies the regulatory legislation on an ongoing basis, coordinates efforts with sectors related to it inside and outside stc Group, and applies the best standards to ensure the provision of the best services to its clients in a manner that achieves the objectives of the national plans. A dedicated administrative organization is established for the regulatory affairs sector to contribute to enhancing stc Group’s capabilities in the regulatory field.

    Operational

    Supply chain disruptions:

    Material shortages and supply risks to rare earth minerals and other key components for chip manufacturing may have far-reaching consequences for continued stc technology leadership, including our ability to provide essential services and next-generation mobility as well as meet the demands of infrastructure projects upon which we have engaged.

     

    stc Group diversifies its supply chains so that it does not depend on limited numbers of suppliers, and it also emphasizes in its contracts that the systems are compatible with each other regardless of the supplier. It also reviews the conditions of contracted companies and sets legislation to ensure their financial and operational suitability for stc Group’s requirements, in line with technological development and the integrity of their business plans

    Corporate

    Strategy Implementation in a Dynamic Market

    In order to succeed in this highly competitive and dynamic environment, it is essential to have agile strategic development, maintenance, and implementation processes capable of providing stc with a strategy for success, but also one with the agility to meet the demands on the markets in which we operate.

     

    stc Group’s strategy is updated on a 3-yearly basis and refreshed annually to ensure that it remains current and relevant. The timing of the annual refresh and 3-yearly updates is flexible in line with context, dynamics & stakeholders’ inputs as well as we have conducted a 360-degree environmental scan competition, industry trends, regulation, socio-economic and stc performance.