Enterprise Risk Management
Globe Telecom, Inc. believes that effective
enterprise risk management (ERM) practices are crucial in the
success of the company. Hence, Globe ensures that risk management
remains a core capability and an integral part of all business units
and activities of the company.
Globe Telecom's risk management philosophy is anchored on three key principles, which also serve as the foundation of the company's risk management approach:
Culture–Globe strives to build a risk-aware culture by setting the appropriate tone at the top, defining clear accountability for risks, espousing transparency, and timeliness in sharing risk information, enabling risk-adjusted decisions, recognizing appropriate risk-taking attitudes, and embedding the right risk skills across the organization.
Structure–Globe strives to establish an organization structure that supports strong corporate governance, clearly defines risk-taking responsibility and authority, facilitates ownership and accountability for risk taking, and ensures proper segregation of duties.
Process–Globe strives to institutionalize sound processes that facilitate the identification, assessment, quantification, mitigation, management, monitoring, and communication of risks at the enterprise and operational level. It also strives to review risk management processes and policies on a continuing basis to ensure that they remain robust and relevant, through benchmarking against industry and global best practices.
Risk Management Approach
An enterprise wide assessment of risks is performed by senior
management and key leaders as part of Globe Telecom's annual planning
cycle. This assessment focuses on identifying the (1) key risks that
threatens Globe Telecom's achievement of its business objectives at
corporate and business unit level and (2) specific plans in the
mitigation of such risks.
Globe Telecom's key risk management activities include the:
- Identification of top enterprise risks
- Prioritization of risks based on the degree of impact to business objectives and the likelihood of occurrence
- Scenario and mitigation planning
- Business continuity planning
- Crisis planning and management
- Monitoring and reporting on the status of risks and corresponding risk management plans
- Identification, assessment, and management of operational risks by Line Management
The established strategies and plans to address the risks are
continuously developed, updated, improved, and reviewed for
effectiveness. Globe Telecom has institutionalized a process to
closely monitor the risk management plans and actions being taken to
addresscritical risks, including the establishment of key indicators
to ensure that critical risks are appropriately managed. This process
includes a review made by the Business Unit and Functional Group level
leaders and a review by Senior Management. The business unit and group
level leaders monitor the operational, legal, and project risks while
senior management monitors enterprise level risks such as strategic
risks, major program risks, and regulatory risks.
Globe also uses an Operational Risk Management (ORM) program which is a cyclical, coordinated end-to-end process to identify, assess, treat, monitor, and report operational risks for effective and informed business decisions. Management believes that ORM is an essential foundation for a strong ERM process as it reinforces the lines of defense against key operational risks.
The ISO 31000 (Risk Management) framework is being used as the basis for Globe Telecom's ERM process. The established processes also ensure that compliance processes and procedures are effectively guided by the risk management policy.
When necessary, Globe Telecom seeks external technical support to aid its Management and Board of Directors in the performance of their duties and responsibilities including risk management.
Roles and Responsibilities
The Board of Directors oversees and conducts an annual review of
Globe Telecom's material controls, covering operational, financial,
and compliance areas and overall risk management systems. The overall
responsibility for Globe Telecom's risk management oversight rests
with the Board of Directors. To enable the Board to effectively
discharge its Risk Management function, various Board committees have
been designated to provide risk management oversight for specific risk
To enable an integrated and holistic approach to risk management oversight at the Board level, the Board has designated the Audit Committee as the overall consolidator of risks for all the committees. The Audit Committee regularly reports to the Board of Directors on Globe Telecom's risk management efforts, thus providing the Board with a single view and effective review of risks across the company and assurance over Globe Telecom's overall risk management that aids the board in making strategic decisions for the company. The Audit Committee in effect functions as a separate level risk committee.
|BOARD RISK MANAGEMENT OVERSIGHT|
|EXECUTIVE COMMITTEE||AUDIT COMMITTEE||FINANCE COMMITTEE|
| || || |
With guidance provided by the Board, Management stands as the locus
of decision-making for the day-to-day affairs of Globe and remains
primarily responsible for the design, development, and implementation
of the risk management strategies, policies, and systems intended to
address the identified risks.
The President and Chief Executive Officer (CEO) acting as the Chief Risk Executive (CRE) is ultimately responsible for ERM priorities, including strategies, tolerances, and policies which he recommends to the Board for approval. The Chief Finance Officer (CFO) and concurrent Chief Risk Officer (CRO) supports the President and CEO/CRE in acting as CRE at the Management level. The CRO reports semi-annually to the Board through the Audit Committee regarding Globe Telecom's critical risks and key mitigation strategies.
The ERM Services Division (ERMSD), headed by a Risk Management Program Officer, supports the CRO in undertaking his role. Meanwhile, the Internal Controls Division provides assurance on the effectiveness of the risk management systems and processes. InternalControl's examinations cover a regular evaluation of adequacy and effectiveness of risk management and control processes encompassing the company's governance, operations, information systems, reliability, and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, rules, and regulations. The Risk Owner has overall accountability for the assigned risk/s and is granted authority to enable effective management of a particular risk.
Business Continuity Management
To mitigate the risk of business disruption and improve the
capabilities to prepare for, respond to, and recover immediately from
any incident that could compromise the safety of its people and
disrupt services, Globe continues to expand and elaborate on the
details of its enterprise-wide Business Continuity Management (BCM)
program. BCM, an integral component of our ERM program, is
internationally certified to British Standards (BS) 25999 in 2011 and
2012, and was recertified with the international business continuity
standard ISO 22301:2012 in 2014. The certification covers 13 network
sites and five corporate sites.
Globe has expanded the scope of its BCM implementation to cover more mission-critical sites across the archipelago. The scope expansion translates to the enhanced BCM capabilities resulting from controls establishment and consistent program implementation, documented procedures that ensure discipline and best practices, and improved preparedness to respond to and recover from incidents.
Globe Telecom's BCM is comprehensive. It encompasses main elements such as employee safety, service continuity and immediate return to normalcy. Ensuring employee safety includes tasks such as Search and Rescue, Sheltering, Mass Care and Security not only of the employees but of their families. For service continuity, deployment of critical resources in strategic locations has become a standard strategy which is executed prior to the onslaught of incoming typhoon to ensure their availability and faster recovery and continuation of network services after the typhoon has passed. Community Disaster Responses are also on hand for relief operations and assistance in terms of communication to keep the affected communities connected.
To ensure uniformity of response to the various kinds of threats such as natural calamities and crashing of hardware and software system, Globe established and maintains an Incident Management Plan (IMP) and formed Business Continuity Task Forces (BCTF), such as Emergency Response Team (ERT), in all critical sites. The IMP undergoes regular monitoring, testing, and improvement and the BCTF members undergo training to improve skills and capabilities in responding to emergencies. Globe recognizes the importance of a well maintained and implemented IMP, wherein quick recovery from anticipated and not anticipated disruptive events is guaranteed.
Globe is not only committed to comply with the requirements of both the government and its regulators, the company also ensures the safety of its people and their immediate families, and the continued delivery of its key products and services to its customers and the communities being served especially during times of need.
Over the years, Globe experienced various natural calamities like super typhoons, floods, and earthquakes. On top of this, Globe had to protect its critical installations from lawless elements in North Luzon and Southern Mindanao. But nothing came close to the challenges that Typhoon Yolanda presented in 2013. Yolanda tested the resiliency of Globe Telecom's people and defied the strength of its network. Services to customers and the affected communities where Globe operated in was challenged. In all these challenges, Globe was able to respond within a reasonable time period under the circumstances and serve as a lifeline for communications to the government and the communities affected.
Typhoon Yolanda presented to Globe a lot of opportunities to improve on network resiliency and how business is conducted. It surfaced gaps in our processes needed to continuously deliver products and services to our customers.
In 2014, Globe conducted a post-disaster assessment of our readiness and capability to respond to and recover from major disasters resulting in a program to: (i) standardize our response process, (ii) formalize our disaster response structure, (iii) properly equip our response teams, and (iv) review our deployment and implementation standards.
One critical result of this post-assessment was the formation of the Crisis Action Team (CAT). The CAT is a group of senior and middle management executives in Globe that convenes, as a working group, to organize and coordinate all response and recovery activities to major business disruptions or disasters. They develop action plans that, as needed, are presented to the Crisis Management Team comprised of a group of senior leaders for approval.
In 2014, this team has been instrumental in improving Globe Telecom's speed of recovery from calamitous events like super typhoons Glenda, Mario, Luis, and Ruby. This team was also responsible in developing strategies to manage the impact of disasters. Just before Super Typhoon Ruby made landfall, the team came up with a strategy to bring down some of our critical equipment along the path of the typhoon, a strategy that allowed us to recover first in Eastern Samar.
For 2014, the focus of the Globe Telecom's BCM program was enhancing our capability as an organization to respond to Large Scale Disasters (LSD), like a major earthquake in Metro Manila.
This includes getting Globe employees ready and well-informed, setting up of the necessary organizational disaster response structure, identifying the needs of the business to both serve and assist our customers especially during disasters, and ensuring resiliency of our technology infrastructure.
Various awareness sessions were conducted nationwide on the impact of major disasters to our business, using the scenario of a 7.2-magnitude earthquake happening in Metro Manila. Information and insights were shared on how line managers should prepare and, as needed, adjust or develop their business continuity plans for their safety so that they can assist in the recovery of Globe Telecom's critical business functions. A business continuity helpdesk serves as the hotline for any disaster-related support needs.
In 2014, Globe simulated the site disaster management plan of The Globe Tower (TGT), alongside the headquarters' fire drill. A total of 3,391 employees and visitors participated in the exercise which comprises 92 percent of the total TGT occupants. To improve on its BCM, Globe willcontinue to test the plan using various scenarios to validate if the procedures will indeed help recover services in the headquarters should a major disaster strike.
The CAT, which was established post-Yolanda to perform the requisite assessments of the potential impact of a typhoon, determines the level of response needed to manage the impact of disasters. Supported by a Crisis Information Center which gathers, collates, analyzes, and releases reports needed by both internal and external stakeholders, CAT is responsible in activating and advising the Crisis Management Team and marshaling resources nationwide. In 2015, the thrust is to integrate all the crisis and disaster management processes and procedures established in 2014 and simulate crisis scenarios to test the plans.
Based also on the simulations done by PHIVOLCS for a possible 7.2-magnitude earthquake scenario in Metro Manila, our Network Group revisited the risk assessment of our network infrastructure in GMA. The Earthquake Response Team was established and a set of action plans was agreed upon to be implemented in 2015.
Globe has also expanded its public and private collaboration for critical disaster support capabilities with external partners, especially in the public sector, like MMDA, NDRRMC, and the LGU's, to establish networks for disaster cooperation. Globe continues to pursue the establishment of critical arrangements like access to government facilities and logistics support for marshaling of resources to affected areas. In return, Globe will provide emergency communications needs as may be practicable for the government especially in times of disaster.
In 2015, the thrust of the BCM program continues to revolve around strengthening Globe Telecom's disaster risk reduction and response capabilities, continuously aligning business continuity planning to address risks in business objectives, strengthening linkages in internal processes for incident detection and escalation, strengthening partnerships and relationships for operational resilience, and enhancing employee readiness and safety for disasters.
Committed to Creating More Value for Shareholders