Enterprise Risk Management
Enterprise Risk Management Group (ERMG)
The ERMG was created to be primarily responsible for the execution of the enterprise risk management framework.
The ERMG’s main concerns include:
- Recommending risk policies, strategies, principles, framework and limits;
- Managing fundamental risk issues and monitoring of relevant risk decisions;
- Providing support to management in implementing the risk policies and strategies; and developing a risk awareness program.
The Company’s BOD is also responsible for establishing and maintaining a sound risk management framework and is accountable for risks taken by the Company. The Company’s BOD also shares the responsibility with the ERMG in promoting the risk awareness program enterprise-wide.
The ERM framework revolves around the following eight interrelated risk management approaches:
- Internal Environmental Scanning - it involves the review of the overall prevailing risk profile of the Company to determine how risks are viewed and addressed by the management. This is presented during the strategic planning, annual budgeting and mid-year performance reviews of the Company.
- Objective Setting - the Company’s Board mandates the management to set the overall annual targets through strategic planning activities, in order to ensure that management has a process in place to set objectives that are aligned with the Company’s goals.
- Event Identification – it identifies both internal and external events affecting the Company’s set targets, distinguishing between risks and opportunities
- Risk Assessment - the identified risks are analyzed relative to the probability and severity of potential loss that serves as basis for determining how the risks should be managed. The risks are further assessed as to which risks are controllable and uncontrollable, risks that require management’s attention, and risks that may materially weaken the Company’s earnings and capital.
- Risk Response - the Company’s Board, through the oversight role of the Internal Audit Group ensures action plan is executed to mitigate risks, either to avoid, self-insure, reduce, transfer or share risk.
- Control Activities - policies and procedures are established and approved by the Company’s Board. These are implemented to ensure that the risk responses are effectively carried out enterprise-wide.
- Information and Communication - relevant risk management information is identified, captured and communicated in form and substance which enable all personnel to perform their risk management roles.
- Monitoring - the Internal Audit Group, Compliance Office and Business Assessment Team constantly monitor the management of risks through risk limits, setting-up risk appetite & tolerance, audit reviews, compliance checks, revalidation of risk strategies and performance reviews.
Risk Management Support Groups
The Company’s BOD created the following departments within the Group to support the risk management activities of the Company:
- Corporate Security and Safety Board (CSSB) – under the supervision of ERMG, the CSSB administers enterprise-wide policies affecting physical security of assets exposed to various forms of risks.
- RLC Supplier Accreditation Team (CORPSAT) – under the supervision of ERMG, the CORPSAT administers enterprise-wide procurement policies to ensure availability of supplies and services of high quality and standards to all companies.
- Finance – Controls and Compliance Department (FCC) – the FCC is responsible for the formulation of enterprise-wide policies and procedures.
- Financial Planning & Analysis (FP&A) – the FP&A is responsible for the administration of strategic planning, budgeting and performance review processes of the company.
- Corporate Insurance Department (CID) – the CID is responsible for the administration of the insurance program of companies concerning property, public liability, business interruption, money and fidelity, and employer compensation insurances, as well as in the procurement of performance bonds.
The Compliance Officer assists the BOD in complying with the principles of good corporate governance.
He shall be responsible for monitoring actual compliance with the provisions and requirements of the Corporate Governance Manual and other requirements on good corporate governance, identifying and monitoring control compliance risks, determining violations, and recommending penalties on such infringements for further review and approval of the BOD, among others.