Enterprise Risk Management

We strive to cultivate an organizational structure that supports strong corporate governance, clearly defines risk-taking responsibility and authority, facilitates ownership and accountability for risk-taking, and ensures the proper segregation of duties.

We strive to sustain the sound processes that facilitate the identification, assessment, quantification, mitigation, management, monitoring, and communication of risks at the enterprise and operational levels. We also regularly review our RM processes and policies continuously and stay abreast of current developments to ensure that we remain robust and relevant, through benchmarking against industry and global best practices.

We strive to nurture a risk-aware culture by setting the appropriate tone at the top, defining clear accountability for risks, espousing transparency and timeliness in sharing risk information, enabling risk-adjusted decisions, recognizing appropriate risk-taking attitudes, and embedding the right risk skills across the organization.

The Board of Directors oversees and conducts an annual review of Globe’s material controls, covering operational, financial, and compliance areas and overall RM systems. The overall responsibility for RM oversight rests with the Board. To enable the Board to effectively discharge Globe’s RM function, various Board committees have been designated to provide RM oversight for specific risk areas.

A Board Risk Oversight Committee (BROC) was created in 2Q 2019 to provide focus and effectively consolidate the decentralized and overlapping risk oversight duties performed by various Board sub-committees. The establishment of the BROC will ensure an integrated and holistic oversight of RM at the Board level. 

The BROC is mandated to assist the Board in fulfilling its oversight responsibilities in relation to Risk Governance in Globe. This ensures that the Board and Globe’s Management will be able to make well-informed and intelligent decisions based on a thorough assessment of risks and opportunities. This includes:
 

• Ensuring that there is an effective, efficient, and integrated risk management process working in place;
• Enabling the identification, analysis, and assessment of key risk exposures and their impact on Globe’s strategic and business objectives, as well as the formulation of an effective RM strategy;
• Cultivating a sound organizational structure with an effective Enterprise Risk Management (ERM) framework working in place;
• Establishing a clear definition of risk-taking authority, ownership, accountability, and proper segregation of duties; and
• Fostering a risk-aware culture that is pervasive throughout Globe, and ensuring transparency in reporting key risks to relevant stakeholders.

The BROC is led by a Chairperson who must be an independent, non-executive director. At present, it is composed of four (4) directors, three (3) of which are independent, non-executive directors. The Board appoints all members of the committee.

The BROC meets on a quarterly basis or as frequently as needed. The BROC also submits and presents a report to the Board at least two (2) times a year containing updates on all actions initiated by the committee at the board meeting following the BROC meetings, as well as a year-end report outlining the committee’s actions for the year, confirmation of how its responsibilities were discharged, the assessment performed on the effectiveness of the committee, and recommendations for improvement.

The BROC has the following roles and responsibilities.
 

• Develop a formal Enterprise Risk Management Framework.
• Provide oversight on Globe’s activities in identifying and managing key enterprise-wide and operational risks (but not limited to): Strategy, Technology, Financial, Credit, Market, Information/Cybersecurity, Data Privacy, Business Disruption, Legal, Regulatory, Fraud, Customer Experience, and other risk areas.
• Through the Enterprise Risk Management Department, exercise oversight and guidance over Globe’s risk management and governance structure.
• Review and approve the annual work plan (i.e., activities and initiatives such as risk assessments, risk embedding programs, etc.) of the ERM Department, based on the priorities and direction of the company, and ensure that it remains relevant, comprehensive, and effective.
• Review disclosures regarding risks and risk management contained in Globe’s Annual Integrated Report and other publicly issued reports and statements as applicable.
• Ensure alignment, on a regular basis, with other assurance providers of Globe on critical risks and control identification and assessment.
• Secure independent expert advice on RM matters where considered necessary or desirable.

With guidance provided by the Board, our Management is fully responsible for decision-making over the day-to-day affairs of Globe. These cover the design, development, and implementation of the RM strategies, policies, and systems intended to address the identified risks.

The President and Chief Executive Officer (CEO) acts as the CRE. He is ultimately responsible for RM priorities, including strategies, tolerances, and policies, which he recommends to the Board for approval.
 

Furthermore, the CRE:
 

• Acts as the final enforcer of the RM process;
• Establishes the organizational structure, assigns authority, and designates the management of key risks to Risk Owners to ensure that the RM activities are carried out effectively;
• Reviews the continuing effectiveness and relevance of the RM framework, processes, organization, and tolerances, as assisted by the Chief Risk Officer; and
• Ensures that RM activities are linked to the Risk Owners’ Key Result Areas.

The Chief Finance Officer (CFO) and concurrent Chief Risk Officer (CRO) supports the CRE at the management level. The CRO ensures that:
 

• There is adequate supervision and guidance over the development, implementation, maintenance, and continuous improvement of RM policies, processes, and documentation.
• Risk Management processes and activities are embedded within the organization’s policies, business cycles, and operational decisions.
• Responsibilities for managing specific risks by Senior Management are clear.
• The level of risk accepted by the company is appropriate.
• An effective control environment exists for the company as a whole.
• In collaboration with the CEO/CRE and Senior Management, the BROC, the Board, and other Stakeholders are provided periodic information on the results of the annual risk assessment exercise and updates on the status of top risks, key risk mitigation activities, key risk and performance indicators and emerging risks that could impact the attainment of Globe’s objectives.

On a quarterly basis, the Board, through the BROC is appraised on the company’s critical risks, control issues, and key mitigation plans by the CRO. Insights on the following are provided:
 

• Risk management processes are working as intended,
• Risk measures and mitigation plans are reported and continuously reviewed by risk owners for effectiveness; and
• Established risk policies and procedures are being complied with.

Outside the quarterly scheduled BROC Meetings, the CRO and the Enterprise Risk Management Department provide regular updates to the BROC Chairwoman via executive sessions, on the status of key risks, management’s risk action plans and strategies, and new or emerging risks needing immediate attention.

The Enterprise Risk Management Department (ERMD) supports the CRO in undertaking her role. Key functions of the ERMD include:
 

• Facilitating Management Team’s annual risk assessment exercise and reporting the results thereof.
• Coordinating with risk owners to gather information and updates on Risk, the status of and its management/mitigation activities
• Facilitating the execution of Line Management’s risk assessment exercise 
• Developing and implementing risk culture-building programs to drive and embed the RM discipline across the organization
• Serve as the BROC secretariat to support the discharge of the BROC’s risk oversight functions.
• Enable the BROC to effectively exercise oversight and guidance over Globe’s risk management and governance structure at the operating level.

The Internal Audit Team provides independent assurance on the effectiveness of RM systems and processes. Internal Audit’s examinations cover a regular evaluation of adequacy and effectiveness of RM and control processes encompassing the company’s governance, operations, information systems, reliability and integrity of financial and operational information, effectiveness, and efficiency of operations, safeguarding of assets and compliance with laws, rules, and regulations.

The Risk Owner has overall accountability for the assigned risk/s and is granted authority to enable the effective management of a particular risk.  His function also includes:
 

• Understanding the risks and determining their drivers;
• Planning for and executing appropriate RM strategies and mitigation plans for key risks identified, including the adoption of the necessary RM framework/s and standard/s;
• Securing required resources needed to effectively manage the risks;
• Monitoring and reviewing the level of risk exposures and continuing relevance of RM strategies and plans; and
• Providing timely updates on the status of RM activities to concerned stakeholders.

Globe’s RM cycle starts with an enterprise-wide assessment of risks performed by the Management Team as part of the annual planning and budgeting process. This process starts with the identification of key risks that threaten the achievement of Globe’s business and strategic objectives at the corporate and business unit levels. Risks are then identified, analyzed, evaluated, and assigned to the appropriate risk owner/s for the development of plans to manage the said risks. The results of which are then reported to and reviewed by the Board via the BROC.
 

The established strategies and mitigation plans to address the risks are continuously developed, updated, improved, and reviewed for effectiveness throughout the year as part of the company’s continuing advocacy of embedding the RM discipline across the organization. To have an enterprise-wide view of both risks and its mitigation plans, Globe through the CRO and ERMD has institutionalized a process to monitor the status of risks with its risk owners and how the said risks impact the organization on an enterprise level through monitoring key risk indicators, key performance indicators, status of mitigation plans, and identification of any emerging risks. On a regular basis, the ERMD, together with the risk owners, provides reports on the status of the said risks to the CRO and management, and on a periodic basis to the board via the BROC and other board committees.
 

Throughout the year, the Management through the ERMD also conducts various coordinated, end-to-end risk assessment studies on identified critical risk areas and emerging risks. Management believes that these studies are essential for a strong RM process as these reinforce the lines of defense while providing relevant insights into both decision-making and the management of Globe’s top enterprise-wide risks. When necessary, the company seeks external technical support from third-party experts to aid management and the board in the performance of their RM duties and responsibilities.

Globe believes that fostering a culture of risk awareness and intelligence across the organization is essential in embedding and ensuring consistent application of sound RM practices in every decision point by every ka-Globe.
 

As a testament of Globe’s risk-aware and intelligent culture, Globe has been assessed to have an advanced level of risk maturity (5.0 on a 1 to 5 scale) in an independent assessment conducted by Aon Risk Consultants, Inc., in late 2018. This places Globe as one of the highest among the Ayala group of companies and belonging to the top 1% of the 1,958 companies interviewed by Aon globally across 25 industries.
 

The ERMD partners with various risk owners to ensure that RM advocacies are effectively cascaded to every employee through culture building and continuous learning activities to further complement the RM advocacy.
 

Various learning sessions, summits, and information drives are organized throughout the year by risk owners and in collaboration with ERMD. These activities provide every ka-Globe with opportunities to understand the latest technologies, solutions, and trends in various fields, and learn about the risks, both at present and in the future, and how they are effectively managed.

Given the accelerated pace of change in the business landscape brought about by business disruptions, global megatrends, and changes in stakeholder mindsets, Globe supports the Ayala vision of integrating RM and Sustainability practices as the way forward. The ERMD, together with Globe’s Sustainability team, has initiated steps to integrate the activities as well as the reporting cadence of these two disciplines. In 2019, the teams’ collaboration led to the first Risk and Sustainability forum and the integration of sustainability material topics into the annual enterprise-wide risk refresh exercise. Further, the Board, through the BROC has been introduced to Globe’s sustainability mandates, framework, principles, programs, and roadmap. Discussions on Globe’s material sustainability topics and strategies to address them were also discussed with the BROC.

The achievement of Globe’s key business objectives can be affected by a wide array of internal and external risk factors. Some of these risk factors are universal while some are unique to the telecommunications industry. The risks vary widely in occurrence and severity, some of which are beyond the company’s control. There may also be risks that are either presently unknown or not currently assessed as significant, which may later prove to be material. Globe aims to manage these exposures by developing appropriate RM strategies, establishing strong internal controls and capabilities, risk transfer methodologies (e.g., insurance covers), and close monitoring of risks (including emerging risks) and mitigation plans.
 

Please refer to pages 64 to 69 of our 2023 Integrated Report for further details.

Globe continues to adapt and enhance its programs in the midst of the continued global warming, and the ramp-up of activities by government regulators to enforce related laws on Occupational Safety & Health, Environment, and Disaster Management. The company initiated projects to ensure that it is able to effectively respond to and recover from major disasters while considering the minimum requirement of government agencies like the Department of Defense on Disaster Management, Department of Labor and Employment on Occupational Safety, Department of Health on Occupational Health, and the Department of Environment and Natural Resources on Environmental Friendliness. The more important initiatives pursued in the previous reporting period are:
 

• Certification of the Business Continuity (ISO22301), Occupational Health and Safety (ISO45001), and Environment Management Systems (14001);
• Digitalization of the aforementioned management systems;
• Operationalization of the Earthquake Response Plan to address risks related to the Big One and establish fully resourced Disaster Response Teams;
• Integrated Exercise of the Globe Crisis Management Plan with the Government; 
• Conduct of audit and integrated exercises with the critical vendors of Globe; 
• Launch of a smoke-free workplace; and
• Pursued projects to support the sustainability program: 
  • Solid and hazardous waste management 
  • Reduction of carbon footprint  
  • Energy and water conservation