JSC «Kazakhtelecom» realizes that the corporate governance risk is a modern, dynamically developing administrative technology. In the conditions of a changing business environment Enterprise Risk Management System is the basis of a guarantee of purposes’ achievement, continuity and safety of business of any organization.

For this reason after working out of Risk Management methodology Kazakhtelecom has made the decision on necessity of automation of Enterprise Risk Management System processes.

Following the results of the tender in November, 2009 «Key_Century» has started «Automation of Enterprise Risk Management System of JSC «Kazakhtelecom» project based on SAP BusinessObjects Risk Management solution.

The project lasted 6 months from December, 2009 till May 2010. On July, 1st, 2010 direction about “Automated Risk Management System (ARMS) running” was signed.

Obtainment of an integrated automated system that can provide informational and instrumental support for analysis, decision making, and risk management processes became the purpose of the project.

«Key_Century» used an integrated approach for automation of risk management system: usage of integration advantages with already used SAP solutions in JSC «Kazakhtelecom».

Architecture of Kazakhtelecom’s ARMS includes:

• Risk management subsystem (SAP BusinessObjects Risk Management solution);
• Data conversion and storage subsystem (SAP BW, SAP BW-BPS and SAP SEM BCS solutions);
• Visualization subsystem (SAP Enterprise Portal solution);
• Source systems (SAP ERP solution).

Following risk management cycles were main objects of automation:

1. Company’s tolerance level determination (preparatory phase);
2. Risk identification - Determination of risk management environment + identify and aggregate risks;
3. Risk assessment - Analysis and risk assessment;
4. Risk management - Choosing most effective risk mitigation methods (responses);
5. Monitoring - Continually track risks and evaluate response effectiveness.

Each cycle of the risk management process has been broken into certain steps, within which users carryout corresponding activities:

1. Company’s tolerance level determination:

• Automatic calculation of tolerance measures on the basis of the data in the integrated systems;
• Formation of the reporting by the results of calculation.

2. Risk identification:

• Maintaining of the company’s organizational structure hierarchy;
• Conducting catalogues of the reasons, classifications, purposes, loss categories;
• Assignment of responsible users;
• Surveys for revealing of new risks/updating of the current risks register;
• Maintaining of risk data;
• «Risk Validation» procedure;
• Users’  interaction on the basis of document workflow and automatic notifications.

3. Risk assessment:

• Surveys for risks assessment;
• Automatic calculation of average values of risk measures (probability, loss, control level);
• Qualitative and quantitative methods of evaluation;
• Ranging of risks (creation and automatic updating of maps and risks matrix);
• Possibility of reassessment;
• Users’  interaction on the basis of document workflow and automatic notifications.

4. Risk management:

• Maintaining of response data;
• Assignment of responsible users;
• «Response update» automatic procedures;
• Assessment of response effectiveness and completeness;
• Automatic recalculation of planned and current risk measures;
• Users’  interaction on the basis of document workflow and automatic notifications.

5. Monitoring:

• Registration of incidents and losses;
• Monitoring of response efficiency;
• Risk management reporting formation in “real-time” mode;
• Users’ interaction on the basis of document workflow and automatic notifications.

In the near future JSC «Kazakhtelecom» plans to carry out duplicating ARMS into all branches and the affiliated organizations.

In the long term ARMS JSC «Kazakhtelecom» will provide:

• Integration with ScoreCard System;
• Integration with Internal control procedure management system on the basis of SAP BusinessObjects Process Control solution.