Risk and opportunity management system As one of the world’s leading providers in the telecommunications and information technology industry, we are subject to all kinds of uncertainties and change. In order to operate successfully in this ongoing volatile environment, we need to anticipate any developments at an early stage and systematically identify, assess and manage the resulting risks. It is equally important that we recognize and exploit opportunities. We therefore consider a functioning risk and opportunity management system to be a central element of value-oriented corporate governance. A risk and opportunity management system of this kind is not only necessary from a business point of view; it is also required by laws and regulations, in particular § 91 (2) of the German Stock Corporation Act (Aktiengesetz – AktG). The Audit Committee monitors the effectiveness of the internal control system and the risk management system as required by § 107 (3) sentence 2 AktG. Our Group-wide risk and opportunity management system covers strategic, operational, financial, and reputational risks as well as the corresponding opportunities for our fully consolidated entities. The aim is to identify these risks and opportunities early on, monitor them, and manage them in accordance with the desired risk profile. We base our system on an established standard process (see the following graphic). Once risks and opportunities have been identified, we move on to analyze and assess them in more detail; the effects of risks and opportunities are not offset against each other. We then decide on the specific course of action to be taken, for example, in order to reduce risks or seize opportunities. The respective risk owner implements, monitors, and evaluates the associated measures. All steps are repeatedly traversed and modified to reflect the latest developments and decisions. Risk and opportunity management system Our risk and opportunity management system is based on the globally applicable risk management standard of the International Standards Organization (ISO). ISO standard 31 000 “Risk management – Principles and guidelines” is regarded as a guideline for internationally recognized risk management systems. Our Internal Audit unit reviews the functionality and effectiveness of our risk management system at regular intervals. The external auditor mandated by law to audit the Company’s annual financial statements and consolidated financial statements in accordance with § 317 (4) of the German Commercial Code (Handelsgesetzbuch – HGB) examines whether the risk early warning system is able to identify at an early stage risks and developments that could jeopardize the Company’s future. Our system complies with the statutory requirements for risk early warning systems and conforms to the German Corporate Governance Code. In addition, our Group Controlling unit specifies a series of Group guidelines and processes for the planning, budgeting, financial management, and reporting of investments and projects. These guidelines and processes guarantee both the necessary transparency during the investment process and the consistency of investment planning and decisions in our Group and operating segments. They also provide the Board of Management and the Board of Management Asset Committee with support in reaching their decisions. This process also includes the systematic identification of strategic risks and opportunities. Organization of the risk and opportunity management system The Group Risk Governance unit (formerly Group Risk Management) defines the methods for the risk and opportunity management system that is applied Group-wide and for the associated reporting system, in particular the Group risk report. Our Germany, United States, Europe, Systems Solutions, and Group Development operating segments as well as the Group Headquarters & Group Services segment are connected to the central risk and opportunity management system of the Group via their own risk and opportunity management systems. The Group risk report, which primarily aggregates the contents provided by our segments, is approved by the Board of Management on a quarterly basis and presented to the Audit Committee of the Supervisory Board of Deutsche Telekom. The relevant risk owners in each of the operating segments and the Group Headquarters & Group Services segment are responsible for identifying, assessing, and continuously monitoring risks. Management takes potential opportunities into account in the annual planning process and continuously develops them further during business operations. Risk identification and reporting Each operating segment produces a quarterly risk report in accordance with the standards laid down by the central risk management and based on specific materiality thresholds. These reports assess risks, taking into account their extent in terms of impact on results of operations or financial position, as well as their probability of occurrence, and they identify action to be taken and suggest or initiate measures. The assessment additionally includes qualitative factors that could be important for our strategic positioning and reputation, and that also determine the aggregate risk. We base our assessment of risks on a period of two years. This is also the length of our forecast period. The Group risk report, which presents the main risks, is prepared for the Board of Management on the basis of this information. The Board of Management informs the Supervisory Board. The Audit Committee of the Supervisory Board also examines this report at its meetings. If any unforeseen risks arise outside regular reporting of key risks, they are reported ad hoc. Identification and assessment of opportunities in the annual planning process The systematic management of risks is one side of the coin; securing the Company’s long-term success by means of integrated opportunities management is the other. That is why identifying opportunities and subjecting them to a strategic and financial assessment is an essential part of our annual planning process. It allows us to factor those opportunities into our forecasts for financial and non-financial performance indicators. The short-term monitoring of results and the medium-term planning process help our operating segments and Group Headquarters identify and seize the opportunities in our business throughout the year. While short-term monitoring of results mainly targets opportunities for the current financial year, the medium-term planning process focuses on opportunities that are strategically important for our Group. In this context we distinguish between two types of opportunity: External opportunities, i.e., those with causes over which we have no influence, for example, the revocation of additional taxes in Europe. Internal opportunities, i.e., those that arise within the Company, for example by focusing our organizational structure on innovation and growth areas and products, or through business partnerships and collaborations from which we expect to reap synergies. We are constantly enhancing the efficiency of our planning process so as to gain greater scope for action. This puts the organization in a position to identify and seize new opportunities and generate new business. The preliminary plans of our operating segments form the basis for a concentrated planning phase during which members of the Board of Management, business leaders, senior executives, and experts from all business areas intensively discuss the strategic and financial focus of our Group and our operating segments, and from all of which they ultimately produce an overall picture. The identification of opportunities from innovation and their strategic and financial assessment play a major role throughout this process. This “brainstorming” may result in opportunities being rejected, passed back to the respective working groups for revision, or adopted and transferred to the organization.