Scribd Logo
Upload

Welcome to Scribd!

  • Erm in The Philippine Setting

    Uploaded by

    Angela Conde
    516 views42 pages
    Presentation

    Original Title

    erm in the philippine setting

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Presentation

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    516 views42 pages

    Erm in The Philippine Setting

    Uploaded by

    Angela Conde
    Presentation

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 42
    ERM: Creatin ig Stronger Governance and Competitive Edge Learning Objectives: > Be able to describe how ERM works in the Philippine setting. > e ee illustrate the similarities of the standards as used by ERM in local setting to accepted international standards li oe standards like ISO31000 and > Understand that ERM is governed by standards and models accepted globally. > Know how to apply the ERM framework in local business operations. Learning Onteomess Y Apply the principles, concept, and process in handling business challenges that are tailored-fit to the local business industry. Y Use analytical and decisi industries face different kinds of risks. reness in controlling risks wn to the accepted standards. jon-making skills to decipher that different Y Develop awat as it is applied in areas of consideration and in relatior Oana) len ‘Scanned with CamScanner ERM: Creating Stronger Governance and. Competitive Edge has been observed in the Milliman Research Pro tas been an increased focus by many repulat jnsurers to enhance the role of risk managem: decision making”. ject Report that “globally there lors, industry associations and ent in the companies’ strategic Rochelle C, Dichaves, writing about “The ERM Agenda: 2018 and beyond” last July 4, 2018 in the bworldonline.com noted that the ERM landscape is being reshape by the “greater awareness among business leaders of the relationship between risk and value”. She added that there “is more to it beyond mere value protection. In fact, risk management, when properly embedded into the organizational DNA, can potentially result in value creation” ‘This direction is being felt in the Philippine setting as “there has been a renewed effort by Philippine regulators to further promote the importance of enterprise risk management as a tool for the continued sustainable growth of the Philippine business environment”. Dichaves added two important developments in the local scene relative to ERM: 1. Financial institutions falling under the supervision of Bangko Central ng Pilipinas (BSP) has issued BSP Circular 971: Guidelines on Risk Governance, which requires banks and non-bank financial institutions alike to establish their own enterprise-wide risk governance framework with the ultimate goal of ensuring these institutions possess risk management capabilities that are commensurate with their size, complexity, risk profile and systemic importance. 2. Publicly-listed companies in the Philippines, on the other hand, may be more familiar with Principle 12 of the 2016 Code of Corporate Governance for Publicly-Listed Companies issued by the Securities and Exchange Commission (SEC), which similarly requires these companies to have an enterprise risk management framework to help sustain safe and sound operations as well as implement management policies to attain corporate goals. ‘Scanned with CamScanner 115 wee ee ee ot ERM: Creating Stronger Governance and Competii02 Bdge 3 . ne integrated annual co Hereunder are the details of principle 12 under # TPO, governance report of SEC. and Risk ‘Management Framework em , and proper governance, Principle 12: To ensure the integrity: Cee eee ing conduct of its affairs, the company shoul ent framework. inten control system and enterprise risk manag Internal Control Syst (eon tole Non- Compliant ernance Responsibilities The Board’s Gov Ree Coe ea 1. Company has an List quality service adequate and programs for the internal effective internal audit functions. control system in the conduct of its Indicate frequency of business. review of the internal control system 116 ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Cont'd. INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT orate Non- orate Additional Information Explanation The Board’s Governance Responsibilities el et . Company has an Identify international adequate and framework used for effective Enterprise Risk Mgt. enterprise risk Provide information or management reference to a document framework in containing information the conduct of on: its business. 1. Company's risk management procedures and processes 2. Key risks the company is currently facing 3. How the company manages the key risks Indicate frequency of review of the enterprise risk management framework. 47 ‘Scanned with CamScanner etitive Edge Jj ERM: Creati Creating Stronger Governance and Comp’ 121 ier one Creo information onor tink/ reference € 4 document containing the say's compliance rogram covering a ith laws and provide 1. Company has a formal comprehensive enterprise-wide compliance program covering compliance with laws and relevant regulations that is annually reviewed. The program includes appropriate training and awareness initiatives to facilitate understanding, acceptance and compliance with the said issuances. compat ance Wi Indicate frequency OF review. we ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT oor ASCs PCIe E LNT ett Explanation Compliant The Board’s Governance Responsibilities Optional: Recommendation 12.1 Bacompany has a Provide information on IT Err issues Lisi governance process a including disruption, cyber security, and disaster recovery, to ensure that all managed and teported to the board. us ‘Scanned with CamScanner wowee- tive Edge ERM: Creating Stronger Governance and Competit INTEGRATED ANNUAL corroRATE GOVERNANCE REPORT ne ppbatermnuta tome Cony yiculs FaCHits The Board's Governance Responsibilities Disclose if the internal audit is in-house or outsourced. If outsourced, identify external firm. 1. Company has in place an independent internal audit function that provides an independent and objective assurance, and consulting services designed to add value and improve the company’s operations, 120 | ‘Scanned with CamScanner INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT Compliant/ Non- || Additional Information | Explanation Cornoren The Board’s Governance Responsibilities PeereoriraeE Ls Cun Ue} 1, Company has a qualified Chief Audit Executive (CAE) appointed by the Board. Identify the company’s Chief Audit Executive (CAE) and provide information on or reference to a document containing his responsibilities. 2. CAE oversees and is responsible for the internal audit activity of the organization, including that portion that is outsourced to a third-party service provider. ERM: Creating Stronger Governance and Competitive Edge yaa ‘Scanned with CamScanner ne ese es ERM: Creati + Crer ‘ating Stronger Governance and Competitive Edge Cont'd. INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT Non: waenioael! Information conan « Governance Responsibilities The Board's 3. In case of a fully outsourced Identify qualified independent internal audit activity, a qualified independent executive or senior management personnel is assigned the responsibility for managing the fully outsourced internal audit activity. executive or senior management personnel, if applicable. ‘Scanned with CamScanner v ERM: Creating Stronger Governance and Competitive Edge INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT Comore Non- Compliant The Board’s Governance Responsibilities Recommendation 12.4 Additional Information Explanation 1. Company has a separate risk management function to identify, assess and monitor key risk exposures. Provide information on company’s risk management function, Gradtntnac scrote ros ba 1. Company seeks external technical support in risk management when such competence is not available internally. Identify source of external technical support, if any. ‘Scanned with CamScanner ws ERM: : Creating Stronger Governance and Competitive Edge INTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT The Board’s Governance Responsibilities 1. In managing the company’s Risk Management System, the company has a Chief Risk Officer (CRO), who is the ultimate champion of Enterprise Risk Management (ERM). Compliant/ Ni (eorrptens Pecieebavtocurto See ne tay Identify the company's Chief Risk Officer (CRO) and provide information on or reference to a document containing his/her responsibilities and qualifications/background. . CRO has adequate authority, stature, resources and support to fulfill his/her responsibilities. ‘Scanned with CamScanner | ERM: Creating Stronger Governance and Competitive Edge JNTEGRATED ANNUAL CORPORATE GOVERNANCE REPORT Conran Non- PRET AOR oer oars Explanation The Board’s Governance Responsibil al Recommendation to Principle 12 1. Company's Chief Executive Officer and Chief Audit Executive attest in writing, at least annually, that a sound internal audit, control and compliance system isin place and working effectively. Provide link to CEO and CAE’s attestation The inclusion of Principle 12 in the Code highlighted the premium attention given by SEC, as a regulatory body, in ensuring that corporate performance of concerned publicly-listed companies is at par with their Asian counterparts. [According to the SEC office, Principle 12, along with the other principles in the Code “can be considered as high-level statements relative to corporate governance”. Moreover, SEC through this Code declares its support for the state's policy of actively promoting corporate governance to raise investor confidence and develop more capital markets. | as ‘Scanned with CamScanner ERM: a RM: Creating Stronger Governance and Competitive Edge These developments involving the two most important reB4a10ry bodies in the Philippines only underscore the premium attention now being BIEN S70SS the broad business spectrum in the country insofar a5 ERM is concerned. Ttalso signaled the fact that the understanding of ERM os ae deeper and the practice of risk management becomes even more wi a rad. ae a few in the Philippine business scenario, the different industries have adopteq ERM with the following general features: > The Banking Industry ‘Most leading local banks now have in place comprehensive and integrated Risk and Capital management framework which serve as a guide for management for all risk exposures. This ensures that the bank has adequate capital to cover and mitigate identified risks, This framework follows the Bangko Central ng Ho | Google image 304%277- Pilipinas regulations to implement an fete inecraages active and effective Internal Capital Adequacy Assessment Process (ICAAP) and risk management process with the bank. > The Telecommunication Industry Leading telecom companies in the Philippines recognized that effective tisk management practices are crucial to sustaining profitability and resiliency. Most ensure that risk management remains a core capability and an integral part of how decisions Google image 800x400-fieldez.com are made to deliver value to the a shareholders. ERM helped in achieving the companies’ business objective which can be a sea of tisk factors. Some of these risk factors are generic while some are unique to the telecommunications industry. ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge > The Shipping Industry Board of Directors and Management of leading companies in this industry consider risk management as a central and integral part of the organization's strategic management. _Risk management to them is a culture, processes and structures that are directed towards realizing. potential opportunities and managing adverse peal effects. Most put in place ERM Policy —~<=_ and Procedures Manual to make all employees aware that tisk management is the responsibility of all employees in the organization. This also provides a systematic approach to the early identification and management of risk. The above is but a few of the examples of how ERM is embedded in the organization's matrix in the different industries as cited. This by no means however, limiting the ERM practice which as noted is globally observed. Theories vis-a-vis Application The co-authors of this book have distinguished themselves in going the extra mile to link theories, concepts and principles with real-life situation on the ground. They have endeavored to make every page of the book they have written relevant by citing actual examples culled from the many years of experience in the corporate world. Students therefore, are now exposed to a more realistic leaning curve as they are able to relate these theories and principles to actual ground situation. In essence, it is a “reality clinic” where one is treated not just how to think but moreover, on how to do things in actual situations. This set apart this book from the rest and to punctuate these efforts, here under is an example of how ERM is practiced and managed in the Philippine setting to complement the theoretical discussion in the previous chapter. ‘Scanned with CamScanner I NNR I 27 ERM: Creating Stronger Governance and Competitive Bae THE ABC CORPORATION: ERM CREATING A STRONGER GOVERNANCE & fanagement (ERM) Policy and Procedures Manual ‘COMPETETIVE EDGE ABC Enterprise Risk M: UALS IN THIS DOCUMENT VID! ee ‘A DEMIC PUPOSEs) THAT OF IN! (COMPANY NAME AND R PURELY AC ARE FICTITIOUS AND PRESENTED FO) Policy Introduction lanagement of ABC Corporation consider as a core and crucial part of the rocess, ABC meticulously address || of achieving continuous siness activities. The Board of Directors and Mi Enterprise Risk Management (ERM) organization's strategic management. As a P the risk inherently attached to its activities with the goal benefit within each activity and across the portfolio of all bu: structures that are designed towards For ABC, ERM is the culture, processes and 1 of its adverse effects. ERM realizing potential opportunities and having contro is a tool that Management can use in improving its decision-making process, minimize losses, and maximize its profits. It provided a framework or process to effectively manage uncertainties, how to respond to risks, and discover opportunities as they come to ensure that value is created, protected and enhanced. The main purpose of ERM Policy and Procedures Manual is to provide all ABC Personnel with the skills needed to apply consistent and comprehensive risk lanagement meth¢ ich i: i i a agemer te jodology which includes how to identify, analyze, evaluate ABC’ 7 ne and Procedures Manual follow the COSO Enterprise Risk the aca gas Itis progressive process which cuts across throughout ddan a pateBy and how that strategy is implemented. It should activities in the past eee ze all the risks confronting the organization's ably protected. Present and draw lessons from so that the future can be ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge nthe process of implementing this Manual, full awareness can be created on the importance of ERM and the lessons drawn from past organization's experiences that can help guide and provide the needed direction to all concemed staff and employees of ABC. It will also preclude confusion on the part of all involved in ‘ABC's ERM as everybody will be literally reading from the same page and a common standard is used by all concemed. In essence, ERM will help create a stronger corporate governance and competitive edge for ABC internally and externally. 2. Del ion of Terms Budget Risk — The likelihood for the approximations or estimations built into a budget to end up being insufficient in numbers. Business Risk ~ refers to the possibility that the company may experience loss in terms of profit. Currency Risk — Arises due to uncertainty in exchange rates. Credit Risk - The stake of loss attributable to a debtor's non-payment on a loan or non-compliance of contractual obligations. Decision Theory — also known as theory of choice; It is concerned with distinguishing the values, uncertainties and other pertinent matters that are significant and applicable in a given decision, its rationality, and the consequential optimal decision. Diversifiable Risk — Also called non-systematic or particular risk; a risk that affects only some individuals, businesses, or small groups. Enterprise Risk Management (ERM) - is a newer concept in risk management that takes a holistic view of all of the possible risks an organization faces. Expected Value of Perfect Information (EVPI) - the cost or price that one would be willing to shell out in order to acquire access to perfect information. Event - one or more of the possible outcomes of doing something. ‘Scanned with CamScanner i ti ERM: Creating Stronger Governance and Competitive Edge ina given time periog. Frequency - the number of times losses have happened in a 6! | or severity of a lo, Hazard — a condition that increases the possible frequency ss, or both. fffable and measurable either directly o, Objective risk - anything that is quan mrosbased on factsor day, Spa i tcol indirectly; the measurable variation In uncertain ou! ‘ i tween the Opportunity Loss ~also known as Regret, isthe difference be ee from the chosen alternative given a state of nature. Peril -the direct or immediate cause of a loss Political Risk ~ May include a change in government policy. ty or chance that an incident will occur; The 3 ‘bili Probability - the ate ofthe possibility ox chance HY OT ypossible and certain Probability of an event occurring is some’ Pure Risk - Also known as absolute risk; a chance of loss or no loss, but no chance of gain Risk - the potential of gaining or losing something of value. Values (such as physical health, social status, emotional well-being, or financial wealth) can be gained or lost when taking risk resulting from a given action or inaction, foreseen or unforeseen (planned or not planned). Risk Appetite — the volume or amount of risk — on a broad level — an enterprise is prepared to accept in quest of value. Risk Avoidance ~ an advised decision is made to eradicate risk or to elect for a different level of risk. Risk Exposure ~ the enterprise, person, i Property, or activity facing a potential loss Risk Management - the appellation granted to a ral identifying, analyzing, treating and monitoring endeavor or procedure. tional and logical process of the risks implicated in any ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Risk Management Process — the systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, evaluating, treating and monitoring risk. Risk Reduction —the fitting practices and management standards are carefully operated to mitigate either the likelihood and/or penalties of known risks. Risk Retention — preferred term for self-insurance; a form of self-insurance employed by organizations which have determined that the cost of transferring arisk to an insurance company is greater over time than the cost of retaining the risk and paying for losses out of their own reserve fund. Risk Transfer — the accountability or problem for damage or loss is reallocated to another party through contractual provisions, insurance or other means. Sales Risk- Potential events or conditions that result in the failure to meet a sales objective or goal. Severity — denotes how bad the loss has been in both human and monetary terms Speculative Risk - A chance of loss, no loss, or gain Strategic Risk - The process of identifying, assessing, and managing the risk in the organization's business strategy as well as obtaining immediate action when risks are recognized. Subjective Risk - refers to an individual's mental perception or condition; the perceived amount of risk based on an individual's or organization's opinion. 3. Objectives of Enterprise Risk Management The management of ERM is the responsibility of all. ‘ABC employees. Specific tisk responsibilities are assigned to different groups, divisions and various levels within the organization. Complete and current risk information are made available to them so that this can assist management in making more informed Jecisions both to support strategic corporate direction and operational objectives. ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge ERM is not a stand-alone program but a discipline that requit peas with existing business processes. These would include budge eer cae Proper and adequate resources are made available to ensure 8 implementation, Specifically, the objectives of ERM framework are to: identificati + Provide a systematic approach to the early identification and management of risk; . iterion; + Provide a consistent risk assessment crite © Make available accurate and concise risk information that informs decision making to include business direction: © Adopt risk treatment strategies that are cost effective and efficient in reducing risk to an acceptable level; and © Monitor and review risks levels to ensure that risk exposure remains within an acceptable level. 4, Benefits of ERM Implementation and application of a consistent and comprehensive risk management process will help achieve the following: * Increase the likelihood of ABC achieving its strategic and business objectives; Foster a high standard of accountability at all levels of the organization; Support a more effective decision making through better understanding of risk exposures; Create an enabling environment that will allow ABC to deliver timely Services and meet performance objectives in an efficient and cost- effective manner; Protect ABC’s assets to include human, property and reputation; ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge + Successfully meet compliance and governance requirements; and Achieve competitive edge over the rest of the key players in the market. 5. Roles and Respon: Ss Inevery endeavor, itis always a requirement that roles and responsibilities of al concemed must be properly delineated and made clear. This will preclude confusion and at the same time, contribute to the smooth operations of all functional units, In the case of subject ERM Framework being covered, the same premium attention has to be given to the roles and responsibilities as reflected in the Table of Organization as approved by the Board of Directors. This will be carried down to lowest level of the organization and thus, line units will be basing its line of authority and accountability on an approved document and structure. The ability of ABC to conduct effective ERM is lar appropriate risk governance structure responsibilities. gely dependent upon an and well-defined roles and It is extremely important for each ABC employee to be awate of his or her individual and collective risk management responsibilities, This is because it is not merely about having a well-defined process but also about effecting behavioral change in each of the ABC employee so that ERM is embedded in all organizational activities. Actual experience in the corporate world has shown that in most cases, the Success of the implementation of any given program hinged largely not only on the awareness level of the employees but more so, ona clearly defined structure and attendant compliance of all manpower complement concerned. This is the key to a successful ERM framework implementation. ‘Scanned with CamScanner 1: ve Bdge ERM: Creating Stronger Governance and Competitiv? we ERM Governance Structure 10) IN ABC CORPORATE Cs gg RUCTURE RISK MANAGEMENT GOVERNA ABC Board of Directors Audit and Risk Committee ABC President Risk Management Executive Committee Risk Management Group (Headed by Chief Risk Officer) ABC Employees ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Board of Directors Incorporating as part of its main functions, the Board of Directors should: ¢ Establish the risk management governance structure including the clear delineation of authority and responsibility over ERM atall levels across the whole organization; Establish, communicate, and commit to ethical values and code of conduct; Build competence and develop the manpower with the organization; Come up with a management framework, policies, and procedures; Create risk awareness and training across the organization; Have oversight functions with knowledge and understanding of ctitical risks; © Periodically review ERM Policy/Strategy Formulation and Implementation. Set boundaries and limits that clearly exclude behaviors and actions that are not consistent with the established strategy and therefore, unacceptable; Encourage and reward growth and innovation without creating unacceptable exposure to risk; Clarify, understand and manage risk appetite over the organization's resourcefulness to continue to seek opportunities in developing new products and new markets; «Take an enterprise-wide view of risks, rather than a myopic or narrow functional view when opting for alternative strategies to optimize > risk; «Ensure that there is assurance that an effective internal control and checks and balances are present in high-risk areas. Risk Committee (RO) ‘A board committee, either concentrated to one task only or with other responsibilities, should assist the board in reviewing risk, the ERM process and the significant risk confronting the company. ‘Scanned with CamScanner itive Bdge ERM: Creating Stronger Governance and Competitive io the following members from the ‘The Risk Committee is composed of Board of Directors: ja — Chairman © Julius Garei ber * Ernesto Mendoza -Mem! © Lorma Garcia - Member President . i create i Board of Directors sl = ident together with the ; fae | ae for ERM to operate effectively. It ae ate a tn : envi : : signi i | and externa! : : {significant internal sternal ee ae are considered in defining risks tolerance levels, The President acts as: The overall Risk Executive : a. The ultimate responsible for risk management priorities, tolerance, policies and strategies; and ‘The final Enforcer of the ERM program. . Risk Management Executive Committee (RMEC) ‘The RMEC has the overall responsibility for risk management at the enterprise level, to include the following: © Strategic Risk © Project Risk; and + Business and operational risks The RMEC shall appoint and mandate members of the Risk Management Group and be certain that the risk management policies, strategies and methodology are developed and carried out in an effective and efficient manner. The RMEC is composed of the ff. company officers (also fictitious names): © VP Juan dela Cruz Chairman © AVP Pedro Caro Member + CPA Lorna Soo - Member * Marketing Manager Julian Perez - Member ‘Scanned with CamScanner ie a ERM: Creating Stronger Governance and Competitive Edg Risk Management Group ‘The Risk Management Group shall support the RMEC in performing its responsibility in putting in place a sustainable ERM process within the organization. Chairman ~ Chief Risk Officer Members: + Division Chiefs * Legal Officer Compliance Officer % Technology Solutions Head % Internal Audit Manager ‘Corporate Planning Head The overall responsibility of the Risk Management Group includes the following: Review, validate, and confirms risk issues generated by the Risk Management Teams on the ground; Recommends ERM tolerance to the RC; Evaluates measurement methodologies; Develop risk management policy, strategies and initiatives for RC approval; Develop risk appetite strategy; Come ‘and implement systems, policies, and procedures for identification, collection, assessment and analysis, and how to mitigate the risks; Oversee the implementation of the risk management strategies and initiatives in compliance with established risk appetite. Assign owners of significant risks; Determine the risk management tools and training requirements of the different teams; Evaluates the effectiveness of risk governance infrastructure for managing specific risks. 137 ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge ’ Managers responsible for conducting a pe, of operations using the tog. “te +h, they are sponsibyr! % Operating and line managers are risk assessment in their area ua methodology provided in this Manual. As the following: re of the organization; . i isk cultui eee Supporting the ris! and manage risks in their arg, j * Identify, communicate, operations; © Prepare risk registers 0 © Manage risk on a day to day basis. on operations on a semi-annual basis, ng Internal Audit The Internal Audit function is responsible for providing assurance to ty RMEC.and the Board of Directors on the appropriateness of ERY strategies and the effectiveness of the risk management processe, methodologies and internal control. External Auditors External Audit, as part of their audit processes shall review controls that impact on the preparation of ABC'S Financial Statements, ABC Employees all ee employees shall comply with the company’s ERM Policy and fanual. All are also responsible in identifying and reporting new and emerging risks in thei eir respect ae concerned level of au thority, ‘spective area of responsibilities to the ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Relationship with Other Processes ERM cannot be viewed in isolation. It is not a sta i in is . ind-alone discipline as noted earlier. To be able to maximize ERM benefits and attendant parities ithe to be integrated with existing business processes, — paso e tts Business Planning ieishtcaia cunts Ds stom Vey stig Some of the key business processes within which ERM has to be aligned are: + Business Planning (including budget) Identifying risks during the business planning process allows all concerned to set realistic and doable schedules for strategies/activities or to remove an activity if the associated risks is too high or unmanageable. The system of changing risk levels over a period of time can then be mapped out and linked to the relevant objective, This will enable the company to conduct more timely expectation ‘management with key stakeholders 139 Ly ‘Scanned with CamScanner ij ERM: Creating Stronger Governance and Competitive Edge * Performance Management eneral responsibility or a SPecig, c evant individual’ performaye Areas). All tisk responsibilities, whether a 8 one, should be included with the rel ‘Result plan (Key Performance Index and Key 8°° * Internal Audit veness of controls being used By the compan, rtignment is made between Interal Ayjy 1s with the ERM process. This reviews the effecti Due to limited resources, function and that of the contro 7, Key Process Steps ERM is a continual process that involves review and constant updates of sk profiles for the enterprise as a whole and includes a review for each individua, division in a “top-down” and “bottom-up” approach to risk management. ally conducted across the whole organization on an annua This process is form: process. basis during the corporate and business planning “Although the process is formally conducted across the entire organization onan annual basis, ERM is assessed throughout the year, through monthly reports while at the same time, business decisions are being made on a day to day basis. The processes are as follows: © Internal environment © Objective/strategy setting * Event identification «Risk assessment * Risk response * Control activities * Communication and information * Monitoring ‘Scanned with CamScanner itit le ERM: Creating Stronger Governance and Competitive Eg internal Environment Internal Environment reflects the philosophy or attitude of the whole company. This is done through issued directives from the Board. This can be achieved through the following activities: Risk Policies ‘The Board reviews and amends the risk management governance structure including the clear delineation of authority and responsibility over ERM at all levels across the company whenever necessary. The Board sets changes to risk appetite and risk tolerance of specific business activities or projects of the organization. Risk Appetite and Tolerance The ABC strategic planning process should take the organization's risk appetite policies and considering factors like debt to equity ratio limits. Risk Management Capabilities Building, establishing, and creating competence, risk management framework, policies and procedures, and awareness respectively across the whole company Setting Strategies and Establishing Clear Objectives Objectives that support and are aligned with the company’s mission and consistent with the risk appetite must be established before identification of potential events affecting achievement of the corporate goals can be made. Event Identification Once the vision, mission, objectives and strategies, both internal and external, are understood, inherent risk events and opportunities must be identified. For common risk jargon, the risk assessment teams should use the Risk Business Model table below during their identification process. a1 ry ‘Scanned with CamScanner nance and Competitive Edge ERM: Creating Stronger Gove Msn ONPIVW-NOISIDAG OI NOLLVWAOANT It could be gleaned from the above table that namely: ERM: Creating Stronger Governance and Competitive Edge risks are categorized into three Environment This is when there are extemal fo company’s business model, This overall objecti beyond mana ces that could affect the viability of the 's will include fundamentals that drive the Ves and strategies that define the model. These risks are 'gement’s capacity to control, Process Risks The risks that business Processes within the o1 clearly defined. These are poorly aligned wit and strategies. It does not satisfy custom shareholders’ value, tganization which are not ith both business objectives er needs and thus, dilute and exposed. company assets and resources to misappropriation and misuse. Information for Decision Making Risks The risk that information used to support strategic, operational and financial decisions is not relevant or reliable. These risks relate to the usability, relevance and timeliness of information that is either created or summarized by systems or a failure to understand information needs, Risk Assessment After the identification of the Inherent Risks, each potential risk is analyzed based on an assessment of its consequence and likelihood. Consequence is measured according to the magnitude of loss, if the risk comes to pass: = How bad are the scenarios? + “How significant is the potential loss? + How damaging is this to the image of the company? =) Does this warrant management attention? ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Below is a sample matrix of consequence: Number Value Consequence (Impact/Severity) -Php10M imy -or conti Material Boar or threatened; or market share; or Description ee SS pact on profitability; or the alienation of friendly allia nuous huge loss in the market share -would require imm« d and Senior Management aa [rane eee dl ; -Php20M to Php50M impact on profitabil “Major alliances are put in question or senificant : ae “Grave diminution in brand value and -Great adverse publicity which could be carried in the media for a long time; or -These would require Board and Senior ‘Management attention nces; ediate attention from the —— share; or Insignificant 1 hp1M impact on profitabi -Absence of potential impact on market -Issues will be delegated to line managers and division heads to be resolved. -Follow -up will be made to the risk owners and ensure that all employees are held accountability for ERM. ee ty; Or ‘Scanned with CamScanner BRM: Creating Stronger Governance and Competitive F dge Like + Will this really happen? » Has this happen in the past? pelow is a matrix for likelihood | Likelihood (Probability/Frequency) Highly Probable 5 jihood on the other hand is measu; gccurrence of the event. In other words, red according to the probability of the frequency. Description -Event is expected/certain to occur sometime in the next 6 months -Event has occurred many times in the past 10 years samayroase | > Reasonably Possible -Event will probably occur or is highly likely to happen in the future; or -Has occurred in the past Remote 1 5 | ee may only occur or highly unlikely to occur in exceptional circumstances; or “Has occurred beyond 8 years ‘Scanned with CamScanner ee a eee itive Edge ERM: Creating Stronger Governance and Competitive Bag j according t0 its likelihood ang ent will need to plot those tisky After each potential risk event is measured ssess™m consequence, those involve in the risk as in the Risk Heat Map as shown below: Highly Probable : ® > a § 3 & Reasonably Sl & Possible 3 @) a : | E _ Remote (1) _—_ Insignificant Significant __ Material : () ) (6) Significance (Impact/Severity) _ Risk Response. ao = i Risk Tesponse| involves examining possible treatment options J ae the most appropriate action to be taken to manage a risk contenant actions oF risk responses are required where the cust are not managing the risk within the defined tolerance levels Response may involve improvi aH i _ additional controls, iproving the existing controls or implementing F ‘Scanned with CamScanner ERM: Creating Stronger Governance and Competitive Edge Possible risk treatment options may include: . Take Do nothing, retain the risk and accept impact of the risk Example is self-insurance, Transfer Risk Transfer risk ownership and liability to a3" party Examples are insurance, outsourcing, hedging, and others. Terminate Change business process or objective so as to avoid the risk Examples are eliminate, prohibit, divest, and others. Treat/Mitigate Undertake actions aimed at reducing the cause and impact of the tisk. Examples are process or control improvement, re-organization, re-design. When determining the preferred risk response option, consideration should be given to the cost of the treatment as compared to the likely tisk reduction that will result from taking that option (cost-benefit analysis). On selecting the preferred treatment option, the following should occur: The cost of any actions should be incorporated into the relevant budget planning process; A responsible person should be identified for delivery of the action, the exact, expectations being communicated clearly to those that are responsible. ‘A realistic timetable and due date should be set; and performance yardstick should be established. ‘Scanned with CamScanner CS ___—_—_—__ itive Bdge ats ti ERM: Creating Stronger Governance and CO”? Risk Responses also involve: : to manage the riskby gj . Identifying controls current Reais oh of the risk; thy reducing the consequences © ess of the current e risk occurring: and t controls «Assessing the effectiven' «the likelihood of th * Identifyin; ential consequence «Identifying the pot if the risk was to occur: or impact that would resul Control Activities current controls, there are sever) When evaluating the effectiveness of currer re at factors to be considered. These are consistency of applications, ang ion of controls, where understanding of control content and documentati n appropriate. Controls are installed to ensure that risks can be brought within acceptable levels. The evaluation of current controls can be done through several processes to include: «Control self-assessment + Internal Audit reviewing the effectiveness of controls; and * External Audit reviewing the effectiveness of the controls. The consequence and likelihood ratings, as identified after consideration of current controls, are combined to determine the overall risk level ot residual risk. ss ee involves considering the risk’s overall risk level. This e snes of whether further risk treatment actions a quired to bring the risk within an acceptable level. a , R \e output of the risk evaluation phase is a prioritized list of risks. ‘Scanned with CamScanner mpetitive Edge ERM: Creating Stronger Governance and Co’ There may be times when the action required will differ from the identified above, however where there is this case, the Chief Executive Officer must approve the deviation from the above action. Communication and Information Reporting risk management activities is a key element of the “Monitor and Review” phase of the ERM process. This must be done at each step of the process. The reporting supports a formalized, structured and comprehensive approach of the company to monitor and review its risks, thereby enhancing its risk management process. Monitoring and Reviewing Risk Risk information requires regular monitoring and review to ensure currency. The environment where we are in is constantly changing and so are the risks that attendant to it. If risk information is inaccurate, we may make poor decisions that could have been avoided. Risks Owners and Risk Management Teams therefore, have key risks and control review responsibilities to ensure that all are up to date and have current and accurate information. The currency of information on a particular risk will be very helpful in the decision-making process. Moreover, on an annual basis, the entire risk register has to be reviewed with the participation of senior management and the Board as necessary. ‘The effectiveness of the ERM framework has to be likewise, monitored and constantly reviewed. This is important as the framework drives the extent to which risks will be adequately managed in the whole organization. The ERM framework itself will be reviewed annually. Results shall then be reported to the RMC and the Board. As risk management developments are constantly occurring, this review mechanism will provide the information on current risk management developments thereby facilitating continuous improvements. ‘Scanned with CamScanner i ERM: Creating Stronger Governance and Competitive Edge 8. The Risk Register identified and summarizes or documen, ‘The Risk Register contains all the tisks ion the results f the assessments perform incluaing manaBement 0°08 10 by undertaken to mitigate the risks to an acceptable Lee fone ieieeeer es ace Gini cullen ieee eee responsible forts mitigation. Information that should Pe n° © detalleg risk register are as follows: process, activity or project with which the tisk jg «Area, unit, associated «Objectives or goals to be achieved «Risk description Business risk category Business Objective category Risk reference number ‘Assessment score for likelihood (6,3,1) “Assessment score for consequence (5,3,1) ” Overall risk assessment (H, M, L) «Value at risk or significance @ Existing controls that mitigate’the tisks # Residual risk after existing controls * Future or action plan to further improve mitigation,

    You might also like