Enterprise Risk Management (ERM)
The role of ERM is to oversee that a sound ERM framework is in place to effectively identify, monitor, assess and manage key business risks. The risk management framework shall guide the Board in identifying units/business lines and enterprise-level risk exposures, as well as the effectiveness of risk management strategies.
Internal Controls
With the leadership of the Company’s Chief Financial Officer (CFO), internal control is embedded in the operations of the company and in each business unit (BU), thus increasing their accountability and ownership in the execution of the BU’s internal control framework. To accomplish the established goals and objectives, BUs implement robust and efficient process controls to ensure:
- Compliance with policies, procedures, laws and regulations,
- Economic and efficient use of resources,
- Check and balance and proper segregation of duties,
- Identification and remediation control weaknesses,
- Reliability and integrity of information, and
- Proper safeguarding of company resources and protection of company assets through early detection and prevention of fraud.
Accountability and Audit
The Board ensures that its Shareholders are provided with a balanced and comprehensible assessment of the Company’s performance, position and prospects on a quarterly basis. Interim and other reports that could adversely affect its business are also made available in the Company website, including its submissions and disclosures to the SEC and to the Philippine Stock Exchange (PSE). Management formulates the rules and procedures on financial reporting and internal control for presentation to the Audit Committee in accordance with the following guidelines:
- The extent of its responsibility in the preparation of the financial statements of the Company, with the corresponding delineation of the responsibilities that pertain to the External Auditor, should be clearly defined;
- An effective system of internal control that will ensure the integrity of the financial reports and protection of the assets of the Company for the benefit of all Shareholders and other Stakeholders;
- On the basis of the approved Internal Audit Plan, Internal Audit examinations should cover, at the minimum, the evaluation of the adequacy and effectiveness of controls that cover the Company’s governance, operations and information systems, including the reliability and integrity of financial and operational information, effectiveness and efficiency of operations, protection of assets, and compliance with contracts, laws, rules, and regulations;
- The Company consistently complies with the financial reporting requirements of the SEC;
- The External Auditor shall be rotated or changed every five (5) years or earlier, or the signing partner of the External Auditing firm assigned to the Company, should be changed with the same frequency. The Corporate Internal Audit Head should submit to the Audit Committee and Management an annual report on the Corporate Internal Audit Department’s activities, responsibilities, and performance relative to the Internal Audit Plan as approved by the Audit and Risk Committee. The annual report should include significant risk exposures, control issues, and such other matters as may be needed or requested by the Board and Management. The Corporate Internal Audit Head should certify that he conducts his activities in accordance with the International Standards on the Professional Practice of Internal Auditing. If he does not, the Corporate Internal Audit Head shall disclose to the Board and Management the reasons why he has not fully complied with the said documents; and
- The Board, after consultations with the Audit Committee shall recommend to the Shareholders an External Auditor duly accredited by the SEC who shall undertake an independent audit of the Company, and shall provide an objective assurance on the matter by which the financial statements shall be prepared and presented to the Shareholders.
Internal Audit
The Corporate Internal Audit is focused on delivering its mandate of determining whether the governance, risk management and control processes, as designed and represented by Management, are adequate and functioning in a manner that provides a reasonable level of confidence that:
Opportunities for improving management control, profitability, and the Company’s reputation may be identified during audits.
- Employees’ actions are compliant with policies, standards, procedures, and applicable laws and regulations;
- Quality and continuous improvement are fostered in the control processes;
- Programs, plans, and objectives are achieved;
- Resources are acquired economically, used efficiently, and protected adequately;
- Significant financial, managerial, and operating information is accurate, reliable, and timely;
- Significant key risks are appropriately identified and managed; and
- Significant legislative or regulatory issues impacting the Company are recognized and properly addressed.