Risk assessment process

Swisscom has a centralised risk management system in place that distinguishes between strategic and operative risks. All identified risks are quantified as a function of the probability of occurrence and possible impact and are set forth in a risk report. The risk report is discussed periodically by the Audit Committee. Management aims to monitor and control risks on an ongoing basis. A risk assessment is undertaken to identify the risks arising from the application of the accounting principles or from financial reporting. Control mechanisms are defined within the scope of the internal control system to minimise the risks connected with financial reporting. Residual risks are classified according to their possible impact and monitored accordingly. See Notes 4 and 33.