The Importance of Effective Risk Management

Globe Telecom believes that effective Risk Management (RM) practices are crucial to sustaining its profitability and resiliency as a company. Hence, Globe ensures that RM remains a core capability and an integral part of how decisions are made in the organization to deliver value to shareholders.


The company’s thrust is to embed RM in the daily lives of employees, empowering them to make risk- informed choices when confronted by risks and opportunities.

RISK MANAGEMENT PILLARS

We live out our RM philosophy through these three key pillars.

Structure

We strive to cultivate an organizational structure that supports strong corporate governance, clearly defines risk-taking responsibility and authority, facilitates ownership and accountability for risk-taking, and ensures the proper segregation of duties.

Process

We strive to sustain the sound processes that facilitate the identification, assessment, quantification, mitigation, management, monitoring, and communication of risks at the enterprise and operational level. We also regularly review our RM processes and policies on a continuing basis, and stay abreast of current developments to ensure that we remain robust and relevant, through benchmarking against industry and global best practices.

Culture

We strive to nurture a risk-aware culture by setting the appropriate tone at the top, defining clear accountability for risks, espousing transparency and timeliness in sharing risk information, enabling risk-adjusted decisions, recognizing appropriate risk-taking attitudes, and embedding the right risk skills across the organization.

Roles and Responsibilities


The Board of Directors (“Board”) has overall responsibility for risk management oversight in Globe. The Board oversees and actively discusses the status of key risks including management’s strategies and activities in managing risks such as: Political, Regulatory, IT, Cyber, Data Privacy, Business Disruption, Competition, Financial Markets, People, to name a few.


A Board Risk Oversight Committee (BROC) assists the Board in fulfilling its oversight responsibilities in relation to risk governance in Globe. This includes ensuring Management maintains an effective and efficient risk management system and enabling Management to make well-informed decisions based on prudent assessment of risks and opportunities.


The BROC is enabled by the Chief Risk Officer together with the Enterprise Risk Management Department, working in collaboration with the entire organization to ensure that the risk management agenda set by the BROC are effectively carried out.

Board Risk Oversight Committee (BROC)


The BROC assists the Board in fulfilling its oversight responsibilities in relation to risk governance in Globe. This will ensure that the Board and Top Management will be able to make well-informed decisions based on thorough assessment of risks and opportunities.


This includes:


  • Ensuring that there is an effective, efficient, and integrated risk management process in place.
  • Cultivating a sound organizational structure with an effective Enterprise Risk Management framework working in place.
  • Establishing clear definition of risk-taking authority, ownership, accountability, and proper segregation of duties.
  • Fostering a risk-aware culture that is pervasive throughout Globe, and ensure transparency in reporting of key risks to relevant stakeholders.

Management

With guidance provided by the Board, our Management is fully responsible for decision-making over the day-to-day affairs of Globe. These cover the design, development, and implementation of the RM strategies, policies and systems intended to address the identified risks.

Chief Risk Excutive (CRE)

The President and Chief Executive Officer (CEO) acts as the CRE. He is ultimately responsible for RM priorities, including strategies, tolerances, and policies, which he recommends to the Board for approval.


Furthermore, the CRE:

  • Acts as the final enforcer of the RM process;
  • Establishes the organizational structure, assigns authority, and designates the management of key risks to Risk Owners to ensure that the RM activities are carried out effectively;
  • Reviews the continuing effectiveness and relevance of the RM framework, processes, organization, and tolerances, as assisted by the Chief Risk Officer; and
  • Ensures that RM activities are linked to the Risk Owners’ Key Result Areas.

Chief Risk Officer (CRO)

The Chief Finance Officer (CFO) and concurrent CRO supports the CRE at the management level and ensures that:

  • There is adequate supervision and guidance over the development, implementation, maintenance, and continuous improvement of RM policies, processes, and documentation.
  • RM processes and activities are embedded within Globe's policies, business cycles, and operational decisions.
  • Responsibilities for managing specific risks by the Management are clear.
  • The level of risk accepted by Globe is appropriate.
  • An effective control environment exists for the company as a whole.
  • In collaboration with the CEO/CRE and the Management, the Audit and RPT Committee, the Board, and other stakeholders are provided periodic information on the results of the annual risk assessment exercise and updates on the status of top risks, key risk mitigation activities, key risk and performance indicators, and emerging risks that could impact the attainment of our objectives.

The CRO reports quarterly to the Board through the Audit and RPT Committee regarding our critical risks, control issues, and key mitigation plans, and provides insights on the following:

  • RM processes are working as intended.
  • Risk measures and mitigation plans are reported and continuously reviewed by Risk Owners for effectiveness.
  • Established risk policies and procedures are being complied with.

The CRO also serves as the chairman of our Risk Management Committee.

Enterprise Risk Management Services Division (ERMSD)

The ERMSD, headed by a Risk Management Program Officer, supports the CRO. Its key functions include:

  • Facilitating the Management’s annual risk assessment exercise and reporting the results thereof,
  • Coordinating with Risk Owners to gather updates on the status of risks and RM/mitigation activities,
  • Facilitating the execution of the Management’s risk and controls assessment exercise, and
  • Developing and implementing programs to embed RM discipline and drive sustained risk awareness across the organization.

Role of the Internal Audit (IA)

The IA provides assurance on the effectiveness of RM systems and processes. Their examinations cover a regular evaluation of the adequacy and effectiveness of RM and control processes, which encompass Globe’s governance, operations, information systems, reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, rules, and regulations.

Risk Owner

The Risk Owner has overall accountability for the assigned risk/s and is granted authority to enable the effective management of a particular risk. His function also includes:

  • Understanding the risks and determining their drivers,
  • Planning for and executing appropriate RM strategies and mitigation plans for key risks identified,
  • Securing required resources needed to effectively manage the risks,
  • Monitoring and reviewing the level of risk exposures and continuing relevance of RM strategies and plans, and
  • Providing timely updates on the status of RM activities to concerned stakeholders.

Risk Management Approach

The ISO 31000 framework for RM is used as the basis for Globe Telecom’s RM process. The established framework also ensure that compliance processes and procedures are effectively guided by the RM policy.

Risk Management in Globe

Globe Telecom’s RM cycle starts with an enterprise-wide assessment of risks is performed by the Management team as part of the annual planning and budgeting process. This process starts with the identification of key risks that threaten the achievement of Globe Telecom’s business objectives at corporate and business unit level. Risks are then analyzed, assessed and assigned to various risk owner/s for the development of plans in managing such risks. The results of which are then reported to and reviewed by the Board. The established strategies and plans to address the risks are continuously developed, updated, improved, and reviewed for effectiveness. On a regular basis, the Management Team discusses the current risk levels and status of implementation of mitigation plans and is reported and reviewed by the Board.


As part of our advocacy to embed the RM discipline across the organization, Globe has institutionalized a process to closely monitor with the risk owners the RM plans and actions being taken to address critical risks, including the establishment of key risk indicators and key performance indicators to ensure that critical risks are appropriately managed. Risk owners in various operational risk areas such as IT, Information Security, Data Privacy, Business Continuity, Occupational Health and Safety, Revenue Assurance, and Fraud, to name a few, have operationalized processes to identify, assess, analyze, and manage the risks within their area of responsibility. ERMD provides guidance and oversight on the RM process. On a regular basis, ERMD and the heads of these teams provide updates to the Management team, the CRO and the Audit and RPT Committee on the status of key initiatives addressing risks in their respective areas.


A coordinated end-to-end risk assessment program to identify, assess, treat, monitor, and report risks for effective and informed business decisions is in place. The assessments are focused on the identified most critical operational risk areas in Globe. Management believes that this program is an essential foundation for a strong RM process as it reinforces the lines of defense against key operational risks, while providing relevant insights to some of the top enterprise risks. The Management team is apprised of the results of the assessments, particularly, the most significant risks for inputs on strategies and action plans and guidance on issues needing further review. When necessary, the company seeks external technical support from 3rd party experts to aid the Management team and Board in the performance of their duties and responsibilities including RM.


Globe believes that fostering a culture of risk awareness across the organization is an essential part of ensuring that sound RM practices are observed in every key decision point. ERMD has created various programs in collaboration with key risk owners that both provide continuous learning opportunities on sound RM practices, but also espouse the responsibility of RM to every employee.


Globe believes that these collaborative efforts to build and grow the RM program have resulted to a recognition as finalist in Strategic Risk Asia’s best 2018 Risk Management Program across the region. The company’s RM practices have also been assessed as advanced level of risk maturity (5.0 on a 1 to 5 scale) in Q4 2018 by Aon, an independent Risk Consultant.


Operational Risk Management and Business Protection

Realizing the need to protect the business from losses arising from failures in internal processes, people, and systems or external events, which is an integral part of the company’s RM responsibility, an Operational Risk Management and Business Protection (ORB) department was established. ORB’s primary objective is to provide an end-to-end support for all activities under risk management, overseeing safety, environment, infrastructure hazard management, insurance, as well as enterprise business continuity management. ORB reports to the Head of Logistics and Administrative Services who directly reports to the CFO/CRO. The department is mandated to do the following:


  • Provide hazard identification and risk assessment for Globe Telecom’s operations, activities, events, and infrastructure;
  • Facilitate implementation of risk control and mitigation measures for safety and environmental management, in collaboration with operational and business groups;
  • Provide and facilitate risk transfer and business protection solutions through insurance or contractor liability agreements;
  • Establish an effective framework of business continuity management for the organization to effectively respond to threats such as natural disasters, equipment failure, data breaches, and, in effect, protect its business interests.


Globe Principal Risks

The achievement of Globe Telecom’s key business objectives can be affected by a wide array of risk factors. Some of these risk factors are universal while some are unique to the telecommunications industry. The risks vary widely in occurrence and severity, some of which are beyond the company’s control. There may also be risks that are either presently unknown or not currently assessed as significant, which may later prove to be material. We aim to mitigate these exposures through appropriate RM strategies, strong internal controls and capabilities, close monitoring of risks, and mitigation plans. Our identified principal risk types, listed in no particular order of significance, include political and socio-economic, financial markets, competition, regulatory, customer preference and technology shift, change program, organizational agility, human capital, reputational, cyber, data privacy, business disruption, revenue leakage, and fraud.


Find out the components of each risk type, the mitigation plans, and how we address these in our ERM discussion on pages 108 to 112 of our 2018 Integrated Report.


Manual of Corporate Governance

Board of Directors' Charter

Top