The ERMG was created to be primarily responsible for the execution of the enterprise risk management framework.
The ERMG's main concerns include:
- recommending risk policies, strategies, principles, framework and limits;
- managing fundamental risk issues and monitoring of relevant risk decisions;
- providing support to management in implementing the risk policies and strategies; and developing a risk awareness program.
ERM Framework
The Group's BOD is also responsible for establishing and maintaining a sound risk management framework and is accountable for risks taken by the Group. The Group's BOD also shares the responsibility with the ERMG in promoting the risk awareness program enterprise-wide.
The ERM framework revolves around the following eight interrelated risk management approaches:
- Internal Environmental Scanning - it involves the review of the overall prevailing risk profile of the business unit to determine how risks are viewed and addressed by management. This is presented during the strategic planning, annual budgeting and mid-year performance reviews of the business unit.
- Objective Setting - the Group's BOD mandates the Group's management to set the overall annual targets through strategic planning activities, in order to ensure that management has a process in place to set objectives which are aligned with the Group's goals.
- Risk Assessment - the identified risks are analyzed relative to the probability and severity of potential loss which serves as a basis for determining how the risks should be managed. The risks are further assessed as to which risks are controllable and uncontrollable, risks that require management's attention, and risks which may materially weaken the Group's earnings and capital.
- Risk Response - the Group's BOD, through the oversight role of the ERMG, approves the Group's responses to mitigate risks, either to avoid, self-insure, reduce, transfer or share risk.
- Control Activities - policies and procedures are established and approved by the Group's BOD and implemented to ensure that the risk responses are effectively carried out enterprise-wide.
- Information and Communication - relevant risk management information are identified, captured and communicated in form and substance that enable all personnel to perform their risk management roles.
- Monitoring - the ERMG, Internal Audit Group, Compliance Office and Business Assessment Team constantly monitor the management of risks through risk limits, audit reviews, compliance checks, revalidation of risk strategies and performance reviews.
Risk Management Support Groups
The Group's BOD created the following departments within the Group to support the risk management activities of the Group and the other business units:
- Corporate Security and Safety Board (CSSB) - under the supervision of ERMG, the CSSB administers enterprise-wide policies affecting physical security of assets exposed to various forms of risks.
- Corporate Supplier Accreditation Team (CORPSAT) - under the supervision of ERMG, the CORPSAT administers enterprise-wide procurement policies to ensure availability of supplies and services of high quality and standards to all business units.
- Process Risk Management Department (PRMD) - the PRMD is responsible for the formulation of enterprise-wide policies and procedures.
- Corporate Planning (CORPLAN) - the CORPLAN is responsible for the administration of strategic planning, budgeting and performance review processes of the business units.
- Corporate Insurance Department (CID) - the CID is responsible for the administration of the insurance program of business units concerning property, public liability, business interruption, money and fidelity, and employer compensation insurances, as well as in the procurement of performance bonds.
Compliance Officer
The Compliance Officer assists the BOD in complying with the principles of good corporate governance.
He shall be responsible for monitoring actual compliance with the provisions and requirements of the Corporate Governance Manual and other requirements on good corporate governance, identifying and monitoring control compliance risks, determining violations, and recommending penalties on such infringements for further review and approval of the BOD, among others.