The Importance of Effective Risk Management

We believe that the effective practice of Risk Management (RM) is crucial to sustaining profitability and resiliency. As such, it remains a core capability and an integral part of how we make decisions to deliver value to our shareholders.


We live out our RM philosophy through these three key pillars.


We strive to cultivate an organizational structure that supports strong corporate governance, clearly defines risk-taking responsibility and authority, facilitates ownership and accountability for risk-taking, and ensures the proper segregation of duties.


We strive to sustain the sound processes that facilitate the identification, assessment, quantification, mitigation, management, monitoring, and communication of risks at the enterprise and operational level. We also regularly review our RM processes and policies on a continuing basis, and stay abreast of current developments to ensure that we remain robust and relevant, through benchmarking against industry and global best practices.


We strive to nurture a risk-aware culture by setting the appropriate tone at the top, defining clear accountability for risks, espousing transparency and timeliness in sharing risk information, enabling risk-adjusted decisions, recognizing appropriate risk-taking attitudes, and embedding the right risk skills across the organization.

Roles and Responsibilities

Get to know the officers and committees tasked to enforce Risk Management practices at Globe.


The Board of Directors oversees and conducts an annual review of our material controls, covering the operational, financial, and compliance areas and the overall RM systems. The overall responsibility for our RM oversight rests with the Board.

Given the complexity of our business, there are three committees that oversee Globe’s RM approach: Finance Committee, which oversees all risks related to finance and investment; Executive Committee, which oversees all risks related to operations; and Audit and Related Party Transaction (RPT) Committee, which oversees financial statement reporting, internal controls, legal and regulatory compliance, corporate governance, risk management, and fraud.

To enable an integrated and holistic approach to RM oversight at their level, our Board also designated the Audit and RPT Committee as the overall consolidator of risks for all committees. The Audit and RPT Committee regularly reports to the Board of Directors on Globe’s RM efforts.

Board Risk Management Oversight

Here are the duties of the committees that look into our risk factors.

Risk Management Committee


With guidance provided by the Board, our Management is fully responsible for decision-making over the day-to-day affairs of Globe. These cover the design, development, and implementation of the RM strategies, policies and systems intended to address the identified risks.

Chief Risk Excutive (CRE)

The President and Chief Executive Officer (CEO) acts as the CRE. He is ultimately responsible for RM priorities, including strategies, tolerances, and policies, which he recommends to the Board for approval.

Furthermore, the CRE:

  • Acts as the final enforcer of the RM process;
  • Establishes the organizational structure, assigns authority, and designates the management of key risks to Risk Owners to ensure that the RM activities are carried out effectively;
  • Reviews the continuing effectiveness and relevance of the RM framework, processes, organization, and tolerances, as assisted by the Chief Risk Officer; and
  • Ensures that RM activities are linked to the Risk Owners’ Key Result Areas.

Chief Risk Officer (CRO)

The Chief Finance Officer (CFO) and concurrent CRO supports the CRE at the management level and ensures that:

  • There is adequate supervision and guidance over the development, implementation, maintenance, and continuous improvement of RM policies, processes, and documentation.
  • RM processes and activities are embedded within Globe's policies, business cycles, and operational decisions.
  • Responsibilities for managing specific risks by the Management are clear.
  • The level of risk accepted by Globe is appropriate.
  • An effective control environment exists for the company as a whole.
  • In collaboration with the CEO/CRE and the Management, the Audit and RPT Committee, the Board, and other stakeholders are provided periodic information on the results of the annual risk assessment exercise and updates on the status of top risks, key risk mitigation activities, key risk and performance indicators, and emerging risks that could impact the attainment of our objectives.

The CRO reports quarterly to the Board through the Audit and RPT Committee regarding our critical risks, control issues, and key mitigation plans, and provides insights on the following:

  • RM processes are working as intended.
  • Risk measures and mitigation plans are reported and continuously reviewed by Risk Owners for effectiveness.
  • Established risk policies and procedures are being complied with.

The CRO also serves as the chairman of our Risk Management Committee.

Enterprise Risk Management Services Division (ERMSD)

The ERMSD, headed by a Risk Management Program Officer, supports the CRO. Its key functions include:

  • Facilitating the Management’s annual risk assessment exercise and reporting the results thereof,
  • Coordinating with Risk Owners to gather updates on the status of risks and RM/mitigation activities,
  • Facilitating the execution of the Management’s risk and controls assessment exercise, and
  • Developing and implementing programs to embed RM discipline and drive sustained risk awareness across the organization.

Role of the Internal Audit (IA)

The IA provides assurance on the effectiveness of RM systems and processes. Their examinations cover a regular evaluation of the adequacy and effectiveness of RM and control processes, which encompass Globe’s governance, operations, information systems, reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, rules, and regulations.

Risk Owner

The Risk Owner has overall accountability for the assigned risk/s and is granted authority to enable the effective management of a particular risk. His function also includes:

  • Understanding the risks and determining their drivers,
  • Planning for and executing appropriate RM strategies and mitigation plans for key risks identified,
  • Securing required resources needed to effectively manage the risks,
  • Monitoring and reviewing the level of risk exposures and continuing relevance of RM strategies and plans, and
  • Providing timely updates on the status of RM activities to concerned stakeholders.

Risk Management Approach

The ISO 31000 framework for Risk Management is used as the basis for our RM process. This ensures that compliance processes and procedures are effectively guided by the RM policy.

Risk Management in Globe

Globe institutionalized a process to closely monitor the RM plans and actions being taken to address critical risks, including the establishment of key risk indicators and key performance indicators, to ensure these are appropriately managed. This process includes a review made by the Management and Business teams, and Group Heads. The Management monitors enterprise level risks such as strategic risks, major program risks, and regulatory risks while the business team and group heads monitor the operational, legal, and project risks.

Our key RM activities include:

  • Identifying top enterprise risks—including (but not limited to) those that relate to economic, environmental, social, and governance—that can impact the achievement of Globe's key objectives;
  • Prioritizing risks based on the degree of impact to business objectives and the likelihood of occurrence based on predefined risk categories and parameters;
  • Scenario and mitigation planning;
  • Business continuity planning;
  • Crisis planning and management;
  • Program risk management;
  • Monitoring and reporting on the status of risks and corresponding RM plans;
  • Establishing a risk register with clearly defined, prioritized, and residual risks;
  • Identifying, assessing, and managing operational risks by line management;
  • Establishing operational risk thresholds for monitoring; and
  • As necessary, contract independent reviews by third party consultants to assess/identify risk exposures and verify the soundness of controls.

An enterprise-wide assessment of risks is performed by the Management and business teams as part of our annual planning and budgeting process, with the results of which reported to and reviewed by the Board. This assessment focuses on identifying the key risks that threaten the achievement of our business objectives at corporate and business unit level, as well as the assignment of Risk Owner/s and the development of plans in managing such risks. The established strategies and plans to address the risks are continuously developed, updated, improved, and reviewed for effectiveness. On a regular basis, the Management discusses the current risk levels and status of implementation of mitigation plans.

We also established a coordinated end-to-end operational risk assessment program to identify, assess, treat, monitor, and report risks for effective and informed business decisions. The Management believes this program is an essential foundation for a strong RM process as it reinforces the lines of defense against key operational risks, while providing relevant insights to some of the top enterprise risks. The Management is apprised of the results of the assessments, particularly, the most significant risks for inputs on strategies and action plans and guidance on issues needing further review.

When necessary, we seek external technical support from third-party experts to aid our Management and Board in the performance of their duties and responsibilities including RM.


The achievement of our key business objectives can be affected by a wide array of risk factors, with some being universal and others unique to the telecommunications industry. The risks vary widely in occurrence and severity, some of which are beyond our control. There may also be risks that are either presently unknown or not currently assessed as significant, which may later prove to be material. At Globe, we aim to mitigate the exposures through appropriate RM strategies, strong internal controls and capabilities, close monitoring of risks, and mitigation plans.

Some of principal risk types that are identified as applicable to Globe are: political and socio-economic, financial markets, competition, regulatory, customer preference and technology shift, change program, organizational agility, human capital, reputational, compliance, and operational.

Find out the components of each risk type, the mitigation plans, and how we address these in our RM discussion on pages 146 to 153 of our 2016 Annual Sustainability Report.

Manual of Corporate Governance

Board of Directors' Charter