Risk management
The telecommunications sector continues to undergo a structural shift, with demand for traditional voice services maturing while data traffic and digital usage grow at pace. This evolution is supported by accelerating adoption of advanced connectivity, cloud-enabled services, and digital platforms, which is reshaping customer expectations and business models and increasing the need for continuous innovation across the industry.
In an increasingly competitive market, differentiation depends on delivering reliable connectivity, compelling digital services, and seamless customer experiences. At the same time, sustained investment in resilient infrastructure, strong data protection, and consistent compliance with regulatory requirements remain essential. stc group’s enterprise risk management (ERM) is embedded in its strategic framework, informing planning and performance evaluation and integrating risk considerations into key decisions to protect value, support disciplined execution, and enhance long-term resilience.
At the forefront of stc group’s commitment to trust and integrity, the Board of Directors provides active sponsorship and oversight of privacy and data security initiatives. This governance helps ensure that risk-informed strategies, effective controls, and ongoing assurance practices protect stakeholders and reinforce stc group’s position as a trusted leader in responsible data management.
Enterprise risk management
Enterprise risk management governance
The Board of Directors is committed to maintaining strong corporate governance through ongoing review of relevant best practices and their appropriate implementation. The Board Risk Committee provides dedicated oversight of the enterprise risk management framework, related strategies and policies and the effectiveness of stc group’s risk management system. As part of its mandate, the Committee reviews stc group’s risk families across a wide range of exposures, assesses the principal risks and evaluates management’s approach to monitoring, controls and risk treatment.
During the year, stc group further elevated and enhanced its risk appetite to ensure it remains aligned with stc group strategic direction and decision making. The updated approach strengthens consistency across stc group by cascading risk appetite principles and metrics to subsidiaries and enabling a consolidated group view of risk capacity and tolerance. This supports clearer accountability, more consistent risk-based decisions and improved oversight across stc group and its subsidiaries.
The risk management function operates independently of business groups and sectors and continues to refine its strategic roadmap in line with the Board approved risk strategy, strengthening capabilities and advancing risk management maturity across stc group.
Enterprise risk management framework
The ERM framework defines the principles and governance that guide proactive risk management across stc group through a comprehensive and dynamic approach. It enables stc group to identify, assess, prioritize and manage risks consistently across operations, supporting a holistic view of risk and enabling meaningful comparisons that inform decision making and delivery of strategic objectives.
Quarterly risk assessments are a core part of the cycle, underpinned by clear roles and responsibilities and a consistent end to end process for risk identification, evaluation, treatment and reporting.
stc group continues to enhance risk visibility and responsiveness by strengthening data driven detection and better understanding interconnected risks. ISO 31000 attestation reinforces alignment with recognized practices. A standardized risk scoring methodology supports consistent evaluation and reporting, enabling consolidated results and clearer identification of stc group’s principal risks and uncertainties.
To ensure comprehensive coverage, stc group structures its risk universe into risk families that capture the full range of exposures across stc group. These families provide a consistent way to categorize risks across five core domains and their related sub-families, supporting clear ownership, oversight and aggregation of risk information.
Enterprise risk management highlights
Over the past year, stc group advanced its risk management capabilities to support resilience and informed decision making. A key milestone was the review and reassessment of stc group’s risk appetite to ensure alignment with strategic priorities and provide a clearer basis for governing risk taking activities.
stc group also strengthened oversight by introducing automated monitoring indicators across key risks, improving visibility and enabling more proactive management. In addition, stc group attained ISO 31000 certification for enterprise risk management and ISO 27001 certification for information security, reinforcing alignment with recognized practices.
To further embed a strong risk culture, stc group delivered training and awareness initiatives across the organization, supporting improved accountability. stc group also continued to broaden risk coverage, strengthen controls, and enhance mitigation strategies to address a dynamic risk environment.