TIM's new image

A new image with a dynamic style, modern colours and people occupying almost the entire scene. Read more

Q1 2025 Financial Results Presentation

Follow the on demand

Sustainability for TIM

The Report 2024 incorporates the principles of the Corporate Sustainability Reporting Directive (CSRD) and is included in the Financial and Sustainability Report. Read more

Latest press releases

Redazione ufficio stampa

Read the latest press releases and search the archives of TIM Group's Press Office. Read more

tag

Risk Management


Our Group adopts an Enterprise Risk Management model (hereinafter ERM) that follows the international reference regulations and standards and integrates with the strategic and operative planning processes. The ERM model is designed to identify the potential events that may affect the business, identify and manage the connected risks within acceptable limits and provide awareness to Top Management.

Risk management activities have been centralized exclusively in the Enterprise Risk Management function. This structure constitutes the second control level of our Internal Control System and reports to the Chief Financial Officer[1], who reports directly to the Chief Executive Officer. The Function ensures independence from the Organization's business lines in the analysis and assessment of risks at the Group level.

We conduct a periodic review of the risk scenarios, not only when defining the Industrial Plan, but also upon the occurrence of significant changes in the internal and external context or new risk scenarios.

[1] Within the TIM Group's risk management system, the CFO in essence acts as Chief Risk Officer.

ERM has identified and mapped the risks of our Group into 12 continuously evolving clusters(1).


The risks included in the ESG area are an integral part of the clusters identified.

(1) For ERM, risk is defined as a possible event that can jeopardize the achievement of the Industrial Plan targets or the proper functioning of business processes and that, if identified and assessed well in advance, can generate value. The level of low, medium, and high ERM risk is based on the impact on Industrial Plan targets and processes as well as the probability of the event occurring (Risk = Impact x Probability). The impact on Plan targets is assessed for current risk as Equity Free Cash Flow at risk.

Detailed information

  • Business Continuity Management System - Download and read the document

  • TIM Group Enterprise Risk Management Insights - Download and read the document

Emergencies and crises, by definition, cannot be avoided nor predicted. Businesses, however, must be ready to face them and prevent them where possible, deploying a clever combination of strategy, careful planning, best practices and training. In this sense, TIM’s crisis management system is one of the most evolved in Italy, representing some of the key business values of the company: protecting human resources both inside and outside the Group, safeguarding tangible and intangible assets, providing continuity of service.

TIM’s crisis management strategy unfolds across four stages, from preventing emergencies to reinstating normal business via crisis management planning and handling. When looking at crisis management, the first port of call is being able to promptly identify an emergency. From a business perspective, an emergency is any event that threatens the resources and assets of the Group, preventing the normal functioning of routine practices and requiring effective and fast remedial action, across a number of business functions and involving several external subjects.

What we have handled in 2022

10

emergencies

On our national territory

1

health emergency  (Covid-19 which involved all Italian regions)

1

humanitarian emergency (Ukrainian refugees in Italy)

1

fire emergency (Friuli Venezia Giulia, Altipiano del Carso)

1

environmental emergency (uncontrolled reentry of space debris involving Campania, Calabria, Puglia, Basilicata regions)

4

weather and flood emergencies (Marche, Campania, Sicilia regions)

1

volcanic emergency (Sicily)

1

seismic emergency (Marche, Pesaro and Urbino)

The best answer to crisis

Although it is impossible to predict every scenario that may lead to a crisis, some can be outlined in advance, in order to optimise response: natural calamities, terrorist attacks, epidemics, sabotage, war and other types of attacks – as well as damages or malfunctioning (at times intentional) that may pose a threat to the ICT system. Effective crisis management is structured across three axes: training, organisation and procedural planning.

Firstly a company must be able to foster a business culture that looks after its own resources, by sharing its best practices. This can be achieved by educating and training staff through awareness-raising classes and continuing professional education; above all by carrying out emergency drills to prepare everyone involved to be ready to face an emergency or a sudden crisis, maintaining a constant state of readiness.

To this purpose, it is pivotal to implement a system of governance that encompasses a Crisis Management Committee, able to outline a crisis management strategy, an Operational Crisis Team, taking care of the operational coordination of critical events across the territory, Business Representatives reporting back to institutional bodies both on a centralised and localised level and the provision of useful tools to cope with crisis.

The 4 stages of crisis management

This way, a business is able to count on an effective superstructure that can be provisionally superimposed on the ordinary structure, should extraordinary circumstances arise that require urgent and necessary action. Such a structure must be simple and flexible to cope with unpredictable and diverse events in a timely and effective manner, whatever the context. This is why any planning documents outlining the mode of intervention, must be drawn independently from the extent, entity and cause of prospective crisis phenomena, as such factors cannot be clearly predicted in advance. Furthermore, crisis management instructions must be written in a clear and simple language, to foster immediate communication and efficient collaboration, throughout all the stages of crisis management.

Such stages unfold from ‘regular working time’, in which planning, prevention, training, vulnerability analysis and emergency drills must be undertaken, to the pre-emergency stage, in which the company must identify the assets that need protecting and the necessary means and people it should alert to contrast the crisis, according to the type of emergency that has arisen. Subsequently, it is necessary to enact the best response/management strategy to deal with the emergency proper, coordinating the actions of all subjects involved in order to successfully reach the recovery stage. Once the crisis is over, the company enters the post-emergency stage, in which feedback, financial assessment and reports all count towards restoring the status quo preceding the critical event.

These four phases constitute a perfect circle, in which crisis management action is constantly being undertaken. After overcoming a crisis, a company must immediately start planning for the next one, making use of the new information for prevention, training and drill purposes, setting a virtuous cycle into motion that will enable it to deal with crisis scenarios in ever-effective new ways.