1.5 Corporate governance and risk management
- 2016 Annual Report
- MANAGEMENT’S DISCUSSION AND ANALYSIS
- REPORTS ON INTERNAL CONTROL
- CONSOLIDATED FINANCIAL STATEMENTS
- NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
Corporate governance philosophy
The BCE Board and management believe that strong corporate governance practices contribute to superior results in creating and maintaining shareholder value. That is why we continually seek to strengthen our leadership in corporate governance and ethical business conduct by adopting best practices, and providing full transparency and accountability to our shareholders.
Key governance strengths and actions in support of our governance philosophy include:
- Separation of the Board Chair and Chief Executive Officer (CEO) roles
- Director independence standards
- Audit Committee, Management Resources and Compensation Committee (Compensation Committee) and Corporate Governance Committee (Governance Committee) of the Board composed of independent directors
- Annual director effectiveness and performance assessments
- Ongoing reporting to Board committees regarding ethics programs and the oversight of corporate policies across BCE
- Share ownership guidelines for directors and executives
- Executive compensation programs tied to BCEs ability to grow its common share dividend
For more information, please refer to BCEs most recent notice of annual general shareholder meeting and management proxy circular (the Proxy Circular) filed with the Canadian provincial securities regulatory authorities (available at sedar.com) and with the United States Securities and Exchange Commission (available at sec.gov), and available on BCEs website at BCE.ca.
Risk governance framework
BCEs full Board is entrusted with the responsibility for identifying and overseeing the principal risks to which our business is exposed and seeking to ensure there are processes in place to effectively identify, monitor and manage them. These processes seek to mitigate rather than eliminate risk. A risk is the possibility that an event might happen in the future that could have a negative effect on our financial position, financial performance, cash flows, business or reputation. While the Board has overall responsibility for risk, the responsibility for certain elements of the risk oversight program is delegated to Board committees in order to ensure that they are treated with appropriate expertise, attention and diligence, with reporting to the Board in the ordinary course.
Risk information is reviewed by the Board or the relevant committee throughout the year, and business leaders present regular updates on the execution of business strategies, risks and mitigation activities.
- The Audit Committee is responsible for overseeing financial reporting and disclosure as well as overseeing that appropriate risk management processes are in place across the organization. As part of its risk management activities, the Audit Committee reviews the organizations risk reports and ensures that responsibility for each principal risk is formally assigned to a specific committee or the full Board, as appropriate. The Audit Committee also regularly considers risks relating to financial reporting, legal proceedings, the performance of critical infrastructure, information, cyber and physical security, journalistic independence, privacy and records management, business continuity and the environment.
- The Compensation Committee oversees risks relating to compensation, succession planning, and health and safety practices.
- The Governance Committee assists the Board in developing and implementing BCEs corporate governance guidelines and determining the composition of the Board and its committees. In addition, the Governance Committee oversees matters such as the organizations policies concerning business conduct, ethics and public disclosure of material information.
- The Pension Fund Committee (Pension Committee) has oversight responsibility for risks associated with the pension fund.
RISK MANAGEMENT CULTURE
There is a strong culture of risk management at BCE that is actively promoted by the Board and the companys President and CEO at all levels within the organization. It has become a part of how the company operates on a day-to-day basis and is woven into its structure and operating principles, guiding the implementation of the organizations strategic imperatives.
The President and CEO, selected by the Board, has set his strategic focus through the establishment of six strategic imperatives, and focuses risk management around the factors that could impact the achievement of those strategic imperatives. While the constant state of change in the economic environment and the industry creates challenges to be managed, the clarity around strategic objectives, performance expectations, risk management and integrity in execution ensures discipline and balance in all aspects of our business.
RISK MANAGEMENT FRAMEWORK
While the Board is responsible for BCEs risk oversight program, operational business units are central to the proactive identification and management of risk. They are supported by a range of corporate support functions that provide independent expertise to reinforce implementation of risk management approaches in collaboration with the operational business units. The Internal Audit function provides a further element of expertise and assurance, working to provide insight and support to the operational business units and corporate support functions, while also providing the Audit Committee with an independent perspective on the state of risk and control within the organization. Collectively, these elements can be thought of as a Three Lines of Defence approach to risk management, that is aligned with industry best practices and is endorsed by the Institute of Internal Auditors.
FIRST LINE OF DEFENCE OPERATIONAL MANAGEMENT
The first line refers to management within our operational business segments (Bell Wireless, Bell Wireline and Bell Media), who are expected to understand their operations in great detail and the financial results that underpin them. There are regular reviews of operating performance involving the organizations executive and senior management. The discipline and precision associated with this process, coupled with the alignment and focus around performance goals, create a high degree of accountability and transparency in support of our risk management practices.
As risks emerge in the business environment, they are discussed in a number of regular forums to share details and explore their relevance across the organization. Executive and senior management are integral to these activities in driving the identification, assessment, mitigation and reporting of risks at all levels. Formal risk reporting occurs through strategic planning sessions, management presentations to the Board and formal enterprise risk reporting, which is shared with the Board and the Audit Committee during the year.
Management is also responsible for maintaining effective internal controls and for executing risk and control procedures on a day-today basis. Each operational business unit develops its own operating controls and procedures that fit the needs of its unique environment.
SECOND LINE OF DEFENCE CORPORATE SUPPORT FUNCTIONS
BCE is a very large enterprise with approximately 48,000 employees, multiple business units and a diverse portfolio of risks that is constantly evolving based on internal and external factors. In a large organization, it is common to manage certain functions centrally for efficiency, scale and consistency. While the first line of defence is often central to identification and management of business risks, in many instances operational management works both collaboratively with, and also relies on, the corporate functions that make up the second line of defence for support in these areas. These corporate functions include Finance, Corporate Security and Corporate Risk Management, as well as others such as Legal and Regulatory, Corporate Responsibility, Human Resources, Real Estate and Procurement.
Finance function: BCEs Finance function plays a pivotal role in seeking to identify, assess and manage risks through a number of different activities, which include financial performance management, external reporting, pension management, capital management, and oversight and execution practices related to the United States Sarbanes-Oxley Act of 2002 and equivalent Canadian securities legislation, including the establishment and maintenance of appropriate internal control over financial reporting. BCE has established and maintains disclosure controls and procedures to ensure that the information it publicly discloses, including its business risks, is accurately recorded, processed, summarized and reported on a timely basis. For more details concerning BCEs internal control over financial reporting and disclosure controls and procedures, refer to the Proxy Circular and section 10.3, Effectiveness of internal controls of this MD&A.
Corporate Security function: This function is responsible for all aspects of security, which requires a deep understanding of the business, the risk environment and the external stakeholder environment. Based on this understanding, Corporate Security sets the standards of performance required across the organization through security policy definitions and monitors the organizations performance against these policies. In high and emerging risk areas such as cybersecurity, Corporate Security leverages its experience and competence and, through collaboration with the operational business units, develops strategies intended to mitigate the organizations risks.
Corporate Risk Management function: This function works across the company to gather information and report on the organizations assessment of its principal risks and the related exposures. Annually, senior management participates in a risk survey that provides an important reference point in the overall risk assessment process.
In addition to the activities described above, the second line of defence is also critical in building and operating the oversight mechanisms that bring focus to relevant areas of risk and reinforce the bridges between the first and second lines of defence, thereby seeking to ensure that there is a clear understanding of emerging risks, their relevance to the organization and the proposed mitigation plans. To further coordinate efforts between the first and second lines of defence, BCE has established a Security, Environment and Health & Safety (SEHS) Oversight Committee. A significant number of BCEs most senior leaders are members of this committee, whose purpose is to oversee BCEs strategic security (including cybersecurity), environmental, health and safety risks and opportunities. This cross-functional committee seeks to ensure that relevant risks are adequately recognized and mitigation activities are well-integrated and aligned across the organization and are supported with sufficient resources.
THIRD LINE OF DEFENCE INTERNAL AUDIT FUNCTION
Internal Audit is a part of the overall management information and control system and has the responsibility to act as an independent appraisal function. Its purpose is to provide the Audit Committee and management with objective evaluations of the companys risk and control environment, to support management in delivering against BCEs strategic imperatives and to maintain an audit presence throughout BCE and its subsidiaries.