ENTERPRISE RISK MANAGEMENT POLICY



Similar documents
Confident in our Future, Risk Management Policy Statement and Strategy

Policy : Enterprise Risk Management Policy

How To Transform It Risk Management

Managing Risk at Bank of America Corporation. Overview

Enterprise Risk Management Framework Strengthening our commitment to risk management

APPENDIX 50. Enterprise risk management - Risk management overview

IFAD Policy on Enterprise Risk Management

COMPLIANCE CHARTER 1

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

How To Manage Risk At Atb Financial

RISK MANAGEMENT FRAMEWORK OKHAHLAMBA LOCAL MUNICIPALITYITY

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Effective risk management

Policy and Procedure Statement

Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE GOVERNANCE OF RISK MANAGEMENT. Session 5

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

Aegon Global Compliance

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

Principles for An. Effective Risk Appetite Framework

Risk Management Framework

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Clarius Group Risk Management Policy and Framework

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Internal Auditing Guidelines

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

Integrated Risk Management:

Board oversight of risk: Defining risk appetite in plain English

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

RSA ARCHER OPERATIONAL RISK MANAGEMENT

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

International Diploma in Risk Management Syllabus

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

Enterprise Risk Management

IT Governance. What is it and how to audit it. 21 April 2009

ENTERPRISE RISK MANAGEMENT POLICY

Operational Risk Management Program Version 1.0 October 2013

Avondale College Limited Enterprise Risk Management Framework

Issued on: 1 March Risk Governance

Risk Management. Group Standard

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Feature. Developing an Information Security and Risk Management Strategy

SAI GLOBAL LIMITED Risk Management Policy

Strategic Risk Management for School Board Trustees

Risk Management Policy Adopted by:

Public Sector Pension Investment Board

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

engage ERM ADVISORY Insurer Management Risk Committee Practices

Risk management and the transition of projects to business as usual

Risk Management Policy

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

Bridgend County Borough Council. Corporate Risk Management Policy

The PNC Financial Services Group, Inc. Business Continuity Program

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

The multisourcing approach to IT consolidation

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

Effective Enterprise Risk Management with ErmsCo ERM Foundation

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Organizational Change Management: A Best Practice to Effective ERM Implementation

Business Resilience and Risk Management

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

The PNC Financial Services Group, Inc. Business Continuity Program

WFP ENTERPRISE RISK MANAGEMENT POLICY

IT Governance Regulatory. P.K.Patel AGM, MoF

A Risk Management Standard

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

RISK AND COMPLIANCE COMMITTEE CHARTER

Framing the future of corporate governance Deloitte Governance Framework

Transforming risk management into a competitive advantage kpmg.com

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

The Lowitja Institute Risk Management Plan

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Transcription:

ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February 2008 and adopted by resolution of the Board on 6 March 2008 Revisions approved by the Risk Management Committee on 21 November 2014 and adopted by resolution of the Board on 04 December 2014

Contents Page A. Introduction 1 B. Statement of Policy 1 C. Objective 1 D. Enterprise Risk Management (ERM) Framework 2 E. ERM Process 3 F. ERM Governance Structure 4 Attachment 1: ISO 31000:2009 Risk Management Principles and Guidelines

VERSION NO. 3 REVISION NO. 2 PAGE NO. 1 of 7 A. Introduction Apart from the diversity of operations within the Ayala Group of Companies (herein referred to as the Group, its accountability to its stakeholders is further heightened with the incessant changes in the social, economic and political environment in the Philippines. To address the threats stemming from this situation, while also harnessing business opportunities as they arise, Ayala Corporation (herein referred to as the Company ), established an Enterprise Risk Management (ERM) Process that will provide a focused and disciplined approach in (1) identifying and analyzing risks on entering new investments; (2) managing the financial and operational stability of the Company; and, (3) recognizing risks inherent in the companies in its portfolio. The Company believes that risk management is an essential function for adopting strategic decisions, and having the proper approaches in place will pave the way for sustainable and resilient business operations for all its stakeholders B. Statement of Policy In general, risk affects the achievement of a Company s goals and objectives. With proper risk management in place, effects of negative risks may be alleviated, while positive risks may be capitalized, providing greater chances of enhancing the Company s value for all its stakeholders. Given the benefits provided by risk management, the Company strongly commits to the implementation of risk management within its organization. It shall utilize its risk management capabilities to maximize the value from its assets, business portfolio and other strategic business opportunities. The Group shall also embed it into their critical business activities, functions and processes to encourage enterprise and innovation. With a solid platform and strong commitment to risk management, the Company believes that they will be able to establish sustainable competitive advantage, optimize risk management cost, and pursue strategic growth opportunities with greater speed, skill and confidence. C. Objectives The ERM Policy provides the necessary foundation and organizational arrangements for managing risks across the Company. This document: Outlines the formal policies and procedures that will govern an integrated and enterprise-wide risk management process within the Company; States the key elements of the ERM framework that will assist in the effective implementation of the risk management process; Sets out a consistent approach for managing risks across the Company, aligned with relevant standards and industry s best practices; Presents the risk governance structure who will be responsible for the implementation of this policy; and,

VERSION NO. 3 REVISION NO. 2 PAGE NO. 2 of 7 Establishes the roles and responsibilities of each party at Ayala Corporation with regard to risk management. D. Enterprise Risk Management (ERM) Framework The approach to risk management is contained within and applied through Ayala Corporation s ERM Framework that is based on ISO 31000:2009 Risk Management Principles and Guidelines (refer to Attachment 1). This framework will assist in the effective application of the risk management process and shall ensure that relevant information for decision-making is timely and adequately reported. The components of the framework are as follows: Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Figure 1. Ayala Corporation s Enterprise Risk Management Framework Adapted from ISO 31000:2009 Risk Management Principles and Guidelines The continuing success and effectiveness of risk management largely depends on the strong and sustained commitment to it by the Company s management, supported by strategic and rigorous planning to achieve involvement at all levels of the organization and a risk-aware culture. As the ultimate champion in risk management, the Chief Risk Officer (CRO), with the assistance of the (GRMU), has the main responsibility in the implementation of risk management within the Company. In order to ensure that the program in place is effective and facilitates the achievement of the Company s goals and objectives, the GRMU must continuously monitor and periodically review the risk management framework. Based on the results of framework monitoring and review, recommendations for improvement may be provided by all personnel in the organization. All recommendations must then be consolidated by the GRMU for review by the CRO and approval by the BOD.

VERSION NO. 3 REVISION NO. 2 PAGE NO. 3 of 7 E. ERM Process Similar to the framework, Ayala Corporation s ERM Process also follows ISO 31000:2009. To be effective, this process shall be an integral part of management and embedded in Ayala s culture and practices. The activities comprising Ayala Corporation s ERM Process are as shown below: Establishing the context Communication and consultation Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitoring and review Figure 2. Ayala Corporation s Enterprise Risk Management Process Adapted from ISO 31000:2009 Risk Management Principles and Guidelines At all stages of the ERM process, an open communication and interactive consultation between top management and different business units shall take place, as this is a key to easier understanding between stakeholders and those accountable for implementing the risk management process. The Board of Directors (BOD), management committees, CRO, GRMU and different risk owners should have a collaborative effort in discussing the Company s risk management goals and objectives, defining the external and internal parameters to be considered and setting the scope for the remaining process. The GRMU, with the approval of the CRO and BOD, shall establish the Company s strategies, design and required infrastructure to ensure that the risk management capabilities of the Company are adequate. The GRMU shall then ascertain that periodic business risk assessment sessions are part of the annual strategic and business planning activities of the Company to guarantee that all significant risks are identified and evaluated appropriately. The results of risk identification, risk analysis and risk evaluation shall be reviewed periodically by the GRMU, communicated to the CRO, and reported to the BOD.

VERSION NO. 3 REVISION NO. 2 PAGE NO. 4 of 7 Once risk assessment has been completed, risk owners shall recommend the appropriate plan of action for addressing risks in their respective functional areas. Prior to implementation, all risk treatment plans must be duly reviewed by the GRMU. Monitoring and review of the risk management process should be conducted at regular intervals by the GRMU. It should encompass all aspects of the risk management process, and the results of which should be recorded and reported to the Risk Management Committee (RMC). In summary, the following are the key deliverables for the ERM process: Activity Key Deliverable Person Responsible Risk management goals and o Prepared by GRMU objectives o Reviewed by CRO o Approved by BOD Establishing the Context Risk management policy Risk management governance structure Risk Assessment Risk Universe o Prepared by risk Risk Treatment Risk Monitoring and Review Risk Dictionary Risk Portfolio Risk Analysis Report Risk Treatment Plan Updates to Ayala Risk Portfolio Periodic Risk Management Report Annual Risk Management Report owners o Reviewed by GRMU CRO F. ERM Governance Structure To ensure an effective and efficient management of risks within Ayala Corporation, the Company implements a risk governance structure such that an integrated and independent view of risk exposures can be obtained. Board Oversight Risk Governance Audit Policy & Management Board of Directors Risk Management Committee (RMC) Risk Appetite/Tolerance Risk Management Processes Management Committees *Committees created by Management * Internal Audit Chief Risk Officer (CRO) (GRMU)

VERSION NO. 3 REVISION NO. 2 PAGE NO. 5 of 7 Embedded Risk Management ERM Policy Corporate Strategy ERM Program Risk Owners Transactional Risk Management Corporate Resources Monitoring & Reporting Corporate Governance Finance Figure 3. Ayala Corporation s Enterprise Risk Management Governance Structure Reporting Structure Board of Directors Risk Management Committee Line Management Parent Chief Risk Officer Affiliate/Subsidiary Chief Risk Officer Parent Group Risk Management Unit Officer Affiliate/Subsidiary Risk Management Unit The following is the framework of responsibilities for risk management, in consistency with the Company s risk governance structure. a. Board of Directors Approves the Company s risk appetite and risk exposure allocation; Approves the Company s enterprise risk management policy and any revisions thereto; Approves the policies, strategies and systems implemented for the ongoing identification, control and mitigation of risk exposures; and, Reviews report from the Risk Management Committee with regard to the overall effectiveness of the risk management process. b. Risk Management Committee

VERSION NO. 3 REVISION NO. 2 PAGE NO. 6 of 7 Reviews and recommends to the Management the Company s levels of risk appetite and risk exposure allocation; Reviews and assesses the adequacy and sufficiency of the Company s policies and processes for risk identification, assessment and mitigation; Reviews the objectivity, effectiveness and efficiency of the Company s risk management function; and, Establishes a sound risk-aware culture throughout the enterprise. c. Management Committees Provide strategic leadership for the Company s risk management; Provide oversight of the strategic and operational risks for the Company, including reviewing the Company s risk universe and the progress of treatment plans that are being managed by different business units; Regularly identifies risk priorities and aligns business objectives with risk strategies and policies; and, Arbitrates and resolves conflicts arising from different risk mitigation strategies among business units. d. Internal Audit Provides objective and reasonable assurance that the internal control framework is operating effectively; Reports directly to the RMC any risk management issue due to identified internal control deficiencies and provide recommendations for improvement; Reviews the alignment of internal control framework with the identified risk exposures; and, Assists in the enhancement of the understanding of risk and controls among line staff. e. Chief Risk Officer The CRO is the advocate of enterprise-wide risk management at Ayala Corporation and oversees the entire risk management function. He: Works with the management committees, as well as operational units, to integrate risk management within the Company; Ensures that the Company s overall risk exposures are consistent with its risk appetite and are properly covered by risk policies; Strengthens systems and measurement tools needed to provide robust foundation for risk management; Identifies developing or emerging risks, concentrations and other situations that need to be studied through stress testing or other techniques; Ensures that all initiatives related to risk management are monitored and reported to the appropriate members of the organization; Monitors the top risks of the Company and reports status of the implementation of risk management strategies and action plans; and,

VERSION NO. 3 REVISION NO. 2 PAGE NO. 7 of 7 Ensures that the GRMU receives appropriate organizational support to implement enterprise risk management on a day-to-day basis. f. The GRMU has the overall accountability and ownership for the continuity and success of the enterprise risk management function. The GRMU Head, together with its members, shall: Continuously work with the CRO in developing, implementing, reviewing and improving the Company s ERM framework and associated policies and procedures; Formulate an annual risk management plan and coordinate overall enterprise risk management activities within the Company; Assist the Management in determining, evaluating and measuring the Company s risk exposures, risk appetite and risk tolerance; Ensures that developing or emerging risks and interrelationship of new and existing risks are regularly reviewed, updated and reported to the CRO; and, Facilitates continuing education of Company personnel in order to enhance the capacity and capability of all departments to effectively and efficiently manage risk. g. Risk Owners Are ultimately responsible for risks in their functional areas of responsibility; Collect and analyze risk data to provide risk information to the Board, RMC and other departments of the Company; Approve and coordinate risk management efforts and specific strategies in their functional areas; Recommend risk tolerance levels or risk limits with corresponding measurement methods for approval by the Board; Evaluate measurement methodologies used in quantifying risks in their functional areas; and, Evaluate the effectiveness of the infrastructure (e.g., people, systems, support) in place for managing specific risks in their respective functional areas. While the Company has formal risk governance structure, all staff still bear the responsibility to contribute to the continued improvement and enhancement of the Company s risk management capabilities. They shall take all reasonable and practical steps to perform their responsibilities in relation to risk management. Furthermore, they shall report to Management any incidents that may result in unacceptable levels of risk or non-compliance with established procedures for measuring and reporting risk.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information