In today’s rapidly changing world and era of digitalization, solutions by stc remains committed to ensuring the sustainability and resilience of our business. We achieve this by implementing a comprehensive Enterprise Risk Management framework that proactively identifies, analyses, and evaluates potential risks that could impact our strategic objectives and operations. This proactive approach not only helps us prevent disruptions but also enables us to ensure business continuity during any possible crisis.
Risk Management overview
solutions by stc focuses on maintaining and improving advanced risk management practices with strong infrastructure following the well-known international standards ISO 31000 and COSO ERM integrated with solutions by stc’s strategy for enabling strategic risk informed decision-making.
Risk Management processes
Risk Management principles
Risk Management Activities
solutions by stc embeds risk management across every level of the organization to ensure that it is integrated with the decision-making process and supports the delivery of the Company’s business strategy.
By combining a robust risk governance framework with close collaboration and communication among various business units, the business gains a deep understanding of internal and external risks and subsequently develops risk management approaches, strategies, and mitigation to adequately mitigate these risks and ensure alignment with solutions by stc’s overall strategic direction and objectives.
solutions by stc is committed to adopting a comprehensive, highly effective and agile Risk Management program, applying best practices and leading standards. It also seeks to automate elements of the Risk Management process and activate data driven, and technology-based methodologies to aid in decision-making, while leveraging internal and external resources to meet stakeholder expectations to uphold the highest standards in Risk Management.
Risk Governance Framework
solutions by stc’s Board of Directors have the ultimate responsibility of governance and oversight of all Risk Management activities across the Company, in accordance with our approved Enterprise Risk Management Policy.
Risk Management Highlights
solutions by stc seeks to continuously improve its Risk Management approach and capabilities. The Company integrates Enterprise Risk Management with strategic objectives and planning. There is always a focus on identifying and reporting emerging risks arising from global sources and ensuring that the Risk Management function plays its vital and appropriate role in helping to achieve the Company’s strategic objectives.
solutions by stc is committed to adopting best practices of Enterprise Risk Management, which was highlighted this year by maintaining ISO-31000 – Guidelines on Risk Management Certification, which includes passing surveillance audits in addition to increasing Risk Management program maturity.
Internal control review
As part of the Risk Management role to ensure effectiveness and adequacy of the internal control environment, solutions by stc conducts an annual internal control review (ICR) across all divisions, departments, and functions to assess the current controls environment, identify additional risks, test design and operating effectiveness of controls, and provide Management with reasonable assurance over the internal control environment.
Risk Appetite Statement
solutions by stc has established a defined Risk Appetite Statement, which outlines the level of risk an organization is willing to pursue to achieve its objectives. The objectives of having a Risk Appetite Statement are to set clear expectations about how much risk is appropriate to take in the pursuit of solutions by stc’s strategic objectives and provides solutions by stc’s Management with a tool for effective and informed decision-making.
Business Continuity overview
solutions by stc has implemented and maintained a robust Business Continuity to ensure organizational resilience in the face of disruptions.
Management commitment and support: Leadership at solutions by stc is deeply committed to fostering a culture of business continuity. This commitment is reflected in the allocation of resources, active participation in continuity planning, and the establishment of clear objectives that prioritize business resilience.
Business Impact Analysis (BIA) and Threats Risk Assessment (TRA): solutions by stc conducts BIA and TRA exercises on an annual basis to address all critical processes and assess potential threats. This enables solutions by stc to evaluate the impact of disruptions, determine recovery priorities, and develop strategies to mitigate risks.
A Comprehensive Business Continuity Plan (BCP): solutions by stc has implemented a range of BCP’s to address essential areas such as business operations, technology, and facilities. These plans include well defined roles and responsibilities, clear communication protocols, and recovery strategies for critical functions. Through proactive preparation, solutions by stc has also developed robust Crisis Management and Incident Response plans to ensure effective management and swift response to potential incidents. Continuous improvement and review processes are in place to regularly monitor, test, and update these plans based on insights gained from exercises and lessons learned.
Testing, Exercising, and Awareness: solutions by stc conducts regular drills, simulations, and tabletop exercises to validate the effectiveness of the Business Continuity Plan (BCP) and identify areas for improvement. Over 500 employees have received training and awareness sessions to ensure they are consistently prepared in their roles and responsibilities within the BCP and overall organizational resilience, enabling them to respond effectively during any disruption.
2024 Business Continuity achievements
Certified in ISO 22301: Business Continuity Management System
Since 2020, solutions by stc has achieved and maintained ISO 22301 certification. It is reviewed annually to demonstrate our commitment to establishing, implementing, maintaining, and improving a robust Business Continuity Management System (BCMS). This certification ensures effective preparation for, response to, and recovery from disruptive incidents.
Certified in ISO 22320: Emergency Management – Guidelines for Incident Management
Since 2022, solutions by stc has also achieved and maintained ISO 22320 certification. It is reviewed annually to outline essential guidelines for effective incident management during emergencies. This certification exemplifies our commitment to upholding high standards in coordinating and managing incidents, ensuring clear communication, and efficient resource allocation during crises.
Conducted annual full crisis simulation with senior Management participation
solutions by stc orchestrates a comprehensive crisis simulation exercise every year, involving the Executive team. This simulation is designed to test and refine our response strategies in real-time scenarios, ensuring that leadership is well-prepared to make critical decisions under pressure and that the entire solutions by stc team can respond cohesively to potential crises
Ongoing training, awareness, and exercises related to business continuity management
solutions by stc has implemented a continuous program of training and awareness initiatives focused on business continuity management (BCM). This includes regular workshops, drills, and exercises aimed at enhancing the knowledge and preparedness of all employees, ensuring that they understand their roles and responsibilities in maintaining business continuity during disruptions.
Principal Risks
-
Description
The risk of non-compliance with applicable laws and regulations resulting in legal and financial implications
Management response
-
Actively adhered to regulatory requirements, supporting our vision to lead in the ICT sector
-
Maintained a robust compliance management system to enhance Company-wide compliance culture
-
Aimed to set a benchmark in compliance management, meeting regulatory needs and adopting the best practices
-
Strengthened relationships with customers, employees, partners, and investors
-
-
Description
The risk of a decrease in Environmental, Social, and Governance performance leading to a decline in our ESG index ranking, resulting in possibly losing investors and having an adverse reputational impact
Management response
-
A comprehensive strategy and program in place for Sustainability
-
An ESG Committee has been established to oversee the ESG program and its execution
-
ESG performance indicators are defined, tracked, monitored, and reported
-
Communication awareness campaign, and enhancing a sustainability culture and capability
-
-
Description
The risk of negative impacts on operations, trade, and strategic goals arising from complex and dynamic interactions shaped by political, economic, and social factors, resulting in disruptions to supply chains and operational support systems
Management response
-
Established alternative shipping methods with multiple carriers for efficient emergency deliveries
-
Retained the CIPS MENA Procurement Award for excellence in local content
-
Optimized sourcing strategy to adapt to market dynamics
-
-
Description
The risk of the inability to adopt transformative technologies resulting in potential operational inefficiencies, compromising agility and leading to a competitive setback
Management response
-
Continuously monitored business insights across the organization for ICT-related market trends and publications
-
Regularly assessed and prioritized transformative technologies aligned with business goals
-
Used agile methods and partnered with tech companies / experts for swift adoption
-
-
Description
The risk of increasing sophistication and the variety of cyber-attacks, along with the unauthorized disclosure of organizational or personal data, can lead to operational disruptions, reputational harm, regulatory repercussions, and financial losses
Management response
-
The cybersecurity policies and framework are maintained to assess the changing needs of the organization, industry, and regulatory obligations and are used to address the challenges posed by the emerging threats and new complex technologies
-
Maintained robust cybersecurity and data privacy risk and compliance program(s) aligned with regulatory laws / regulations, enterprise risk / compliance and industry leading practices
-
Exceled in identifying, assessing, and mitigating potential incidents and threats to the Company’s digital ecosystems
-
Certified against ISO 27001 Information Security Management System (ISMS) and ISO 27701 Privacy Information Management
-
-
Description
The risk of an increasing footprint by international players and local players continuously striving to gain market share, in addition to an increased number of start-ups in the Kingdom of Saudi Arabia’s IT sector, making the market more fragmented
Management response
-
Expanded digital and IT offerings, entering new business lines to meet diverse customer needs across the IT value chain
-
Achieved growth through strategic acquisitions and internal development, broadening portfolio scope
-
Strengthened product portfolio by building partnerships that introduce complementary solutions
-
Enhanced customer retention by implementing successful bundling and cross-selling strategies, reducing competitive impact
-
Conducted continuous market research to identify updates and changes that could impact our market competitiveness, allowing us to adapt proactively to evolving customer and market needs
-
