Enterprise Risk Management
Globe Telecom believes that effective Risk Management (RM) practices are crucial to sustaining its profitability and resiliency as a company. Hence, we ensure that RM remains a core capability and an integral part of how decisions are made in Globe to deliver value to our shareholders.
We live out our RM philosophy via three key pillars - Structure, Process, and Culture.
|We strive to cultivate an organizational structure that supports strong CG, clearly defines risk taking responsibility and authority, facilitates ownership and accountability for risk taking, and ensures proper segregation of duties.||We strive to sustain sound processes that facilitate the identification, assessment, quantification, mitigation, management, monitoring and communication of risks at the enterprise and operational level. We also regularly review our RM processes and policies on a continuing basis and stay abreast of current developments to ensure that we remain robust and relevant, through benchmarking against industry and global best practices.||We strive to nurture a risk aware culture by setting the appropriate tone at the top, defining clear accountability for risks, espousing transparency and timeliness in sharing risk information, enabling risk-adjusted decisions, recognizing appropriate risk-taking attitudes, and embedding the right risk skills across the organization.|
Roles and Responsibilities
Board of Directors
The Board of Directors oversees and conducts an annual review of our material controls, covering operational, financial and compliance areas and overall RM systems. The overall responsibility for our RM oversight rests with the Board.
Given the complexity of our business, there are three (3) committees that oversee Globe’s RM approach – the Finance Committee which oversees all risks related to the finance and investment; Executive Committee which oversees all risks related to operations; and the Audit and RPT Committee which oversees financial statement reporting, internal controls, legal and regulatory compliance, CG, risk management and fraud.
To enable an integrated and holistic approach to RM oversight at the Board level, our Board designated the Audit and RPT Committee as the overall consolidator of risks for all the committees. The Audit and RPT Committee regularly reports to the Board of Directors on Globe’s RM efforts. Having three (3) committees looking into the risk factors of Globe shows how much importance we place on RM and how much value we put on transparency focus and independent judgment.
At the Management level, we also have the RM Committee headed by our Chief Risk Officer. Click here for our Charter of the Risk Management Committee.
|BOARD RISK MANAGEMENT OVERSIGHT|
|EXECUTIVE COMMITTEE||AUDIT AND RPT COMMITTEE||FINANCE COMMITTEE|
| || || |
With guidance provided by the Board, our Management is fully responsible for decision-making over the day-to-day affairs of Globe including the design, development and implementation of the RM strategies, policies and systems intended to address the identified risks.
Chief Risk Executive
The President and CEO acting as the Chief Risk Executive (CRE) is ultimately responsible for RM priorities, including strategies, tolerances and policies which he recommends to the Board for approval. The CRE:
- Acts as the final enforcer of the RM process;
- Establishes organizational structure, assigns authority and designates Management of key risks to Risk Owners to ensure that the RM activities are carried out effectively;
- Reviews the continuing effectiveness and relevance of the RM framework, processes, organization and tolerances, as assisted by the CRO;
- Ensures that RM activities are linked to the Risk Owners’ Key Result Areas.
Chief Risk Officer
The CFO and concurrent CRO supports the CRE at the management level. The CRO ensures that:
- There is adequate supervision and guidance over the development, implementation, maintenance and continuous improvement of RM policies, processes and documentation.
- RM processes and activities are embedded within Globe’s policies, business cycles and operational decisions.
- Responsibilities for managing specific risks by Management are clear.
- The level of risk accepted by Globe is appropriate.
- An effective control environment exists for the company as a whole.
- In collaboration with the CEO/CRE and Management, the Audit and RPT Committee, the Board, and other stakeholders are provided periodic information on the results of the annual risk assessment exercise and updates on the status of top risks, key risk mitigation activities, key risk and performance indicators and emerging risks that could impact the attainment of our objectives.
The CRO reports quarterly to the Board through the Audit and RPT Committee regarding our critical risks, control issues and key mitigation plans and provides insights on the following:
- RM processes are working as intended,
- Risk measures and mitigation plans are reported and continuously reviewed by Risk Owners for effectiveness; and
- Established risk policies and procedures are being complied with.
The CRO also serves as the chairman of our Risk Management
Enterprise Risk Management Services Division
The Enterprise Risk Management Services Division (ERMSD), headed by a Risk Management Program Officer, supports the CRO in undertaking her role. Key functions of the ERMSD include:
- Facilitating Management Team’s annual risk assessment exercise and reporting the results thereof
- Coordinating with Risk Owners to gather updates on the status of risks and RM/mitigation activities
- Facilitating the execution of Management’s risk and controls assessment exercise
- Developing and implementing programs to embed RM discipline and drive sustained risk awareness across the organization.
The Internal Audit Team (IA) provides assurance on the effectiveness of RM systems and processes. IA’s examinations cover a regular evaluation of adequacy and effectiveness of RM and control processes encompassing Globe’s governance, operations, information systems, reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets and compliance with laws, rules and regulations.
The Risk Owner has overall accountability for the assigned risk/s and is granted authority to enable effective management of a particular risk. The Risk owner’s function also includes:
- Understanding the risk/s and determining its drivers
- Planning for and executing appropriate RM strategies and mitigation plans for key risks identified
- Securing required resources needed to effectively manage the risks
- Monitoring and reviewing the level of risk exposures and continuing relevance of RM strategies and plans
- Providing timely updates on the status of RM activities to concerned stakeholders.
Risk Management Approach
The ISO 31000 framework for Risk Management is used as the basis for our RM process. The established framework also ensure that compliance processes and procedures are effectively guided by the RM policy.
Globe has institutionalized a process to closely monitor the RM plans and actions being taken to address critical risks, including the establishment of key risk indicators and key performance indicators to ensure that critical risks are appropriately managed. This process includes a review made by the Management Team, Business Team and Group Heads. The Management Team monitors enterprise level risks such as strategic risks, major program risks, and regulatory risks while the business team and group heads monitor the operational, legal, and project risks.
Our key RM activities include:
- Identification of top enterprise risks including (but not limited to) those that relate to economic, environmental, social and governance, that can impact the achievement of Globe’s key objectives
- Prioritization of risks based on the degree of impact to business objectives and the likelihood of occurrence based on pre-defined risk categories and parameters
- Scenario and mitigation planning
- Business continuity planning
- Crisis planning and management
- Program risk management
- Monitoring and reporting on the status of risks and corresponding RM plans
- Establishing a risk register with clearly defined, prioritized and residual risks
- Identification, assessment and management of operational risks by line management
- Establishment of operational risk thresholds for monitoring
- As necessary, contract independent reviews by third party consultants to assess/identify risk exposures and the verify the soundness of controls.
An enterprise wide assessment of risks is performed by the Management and business teams as part of our annual planning and budgeting process, results of which are reported to and reviewed by the Board. This assessment focuses on identifying the key risks that threaten the achievement of our business objectives at corporate and business unit level, as well as the assignment of Risk Owner/s and development of plans in managing such risks. The established strategies and plans to address the risks are continuously developed, updated, improved, and reviewed for effectiveness. On a regular basis, Management discusses the current risk levels and status of implementation of mitigation plans.
We also established a coordinated end-to-end operational risk assessment program to identify, assess, treat, monitor and report risks for effective and informed business decisions. Management believes that this program is an essential foundation for a strong RM process as it reinforces the lines of defense against key operational risks, while providing relevant insights to some of the top enterprise risks. Management is apprised of the results of the assessments, particularly, the most significant risks for inputs on strategies and action plans and guidance on issues needing further review.
When necessary, we seek external technical support from third party experts to aid our Management and Board in the performance of their duties and responsibilities including RM.
Globe Principal Risks
The achievement of our key business objectives can be affected by a wide array of risk factors. Some of these risk factors are universal while some are unique to the telecommunications industry. The risks vary widely in occurrence and severity, some of which are beyond our control. There may also be risks that are either presently unknown or not currently assessed as significant, which may later prove to be material. At Globe, we aim to mitigate the exposures through appropriate RM strategies, strong internal controls and capabilities, close monitoring of risks and mitigation plans. Political and Socio-Economic Risks, Financial Markets Risk, Competition Risk, Regulatory Risk, Customer Preference and Technology Shift Risk, Change Program Risk, Organizational Agility Risk, Human Capital Risks, Reputational Risk, Compliance Risks and Operational Risks were identified as principal risk types applicable to Globe.
Find out the components of each risk type, are mitigation plans and how we address these in our RM discussion included in our 2016 ASR (pp. 146-153).
Committed to Creating More Value for Shareholders