Enterprise Risk Management Group (ERMG)
The ERMG was created to be primarily responsible for the execution of the enterprise risk management framework.
The ERMG’s main concerns include:
- Recommending risk policies, strategies, principles, framework and limits;
- Managing fundamental risk issues and monitoring of relevant risk decisions;
- Providing support to management in implementing the risk policies and strategies; and developing a risk awareness program.
The Group’s BOD is also responsible for establishing and maintaining a sound risk management framework and is accountable for risks taken by the Group. The Group’s BOD also shares the responsibility with the ERMG in promoting the risk awareness program enterprise-wide.
The ERM framework revolves around the following eight interrelated risk management approaches:
- Internal Environmental Scanning - it involves the review of the overall prevailing risk profile of the Business Unit (BU) to determine how risks are viewed and addressed by the management. This is presented during the strategic planning, annual budgeting and mid-year performance reviews of the BU.
- Objective Setting - the Company’s Board mandates Management to set the overall annual targets through strategic planning activities, in order to ensure that management has a process in place to set objectives that are aligned with the Company’s goals.
- Event Identification – it identifies both internal and external events affecting the Group’s set targets, distinguishing between risks and opportunities.
- Risk Assessment - the identified risks are analyzed relative to the probability and severity of potential loss that serves as basis for determining how the risks will be managed. The risks are further assessed as to which risks are controllable and uncontrollable, risks that require management’s action or monitoring, and risks that may materially weaken the Company’s earnings and capital.
- Risk Response - the Company’s Board, through the oversight role of the Internal Control Group ensures action plan is executed to mitigate risks, either to avoid, self-insure, reduce, transfer or share risk.
- Control Activities - policies and procedures are established and approved by the Company’s Board and implemented to ensure that the risk responses are effectively carried out enterprise-wide.
- Information and Communication - relevant risk management information is identified, captured and communicated in form and substance that enable all personnel to perform their risk management roles.
- Monitoring - the Internal Control Group of the respective Company and BUs as well as Corporate Internal Audit constantly monitor the management of risks through audit reviews, compliance checks, revalidation of risk strategies and performance reviews.
Risk Management Support Groups
The Group’s BOD created the following departments within the Group to support the risk management activities of the Group and the other business units:
- Corporate Security and Safety Board (CSSB) – under the supervision of ERMG, the CSSB administers enterprise-wide policies affecting physical security of assets exposed to various forms of risks.
- Corporate Supplier Accreditation Team (CORPSAT) – under the supervision of ERMG, the CORPSAT administers enterprise-wide procurement policies to ensure availability of supplies and services of high quality and standards to all business units.
- Process Risk Management Department (PRMD) – the PRMD is responsible for the formulation of enterprise-wide policies and procedures.
- Corporate Planning (CORPLAN) – the CORPLAN is responsible for the administration of strategic planning, budgeting and performance review processes of the business units.
- Corporate Insurance Department (CID) – the CID is responsible for the administration of the insurance program of business units concerning property, public liability, business interruption, money and fidelity, and employer compensation insurances, as well as in the procurement of performance bonds.
The Compliance Officer assists the BOD in complying with the principles of good corporate governance.
He shall be responsible for monitoring actual compliance with the provisions and requirements of the Corporate Governance Manual and other requirements on good corporate governance, identifying and monitoring control compliance risks, determining violations, and recommending penalties on such infringements for further review and approval of the BOD, among others.