Integrated Risk Management


Risk lies in every sector of our businesses and presents both positive and negative opportunities. Hence, an effective risk management system is necessary to explore and maximize positive opportunities and mitigate adverse outcomes of the negative ones in order to secure long-term value for our stakeholders.

Risk Governance Structure
Our risk governance structure is applied at all levels in the company and within the group.

  • The Board retains the overall responsibility for setting Ayala’s risk appetite and risk tolerance and for reviewing our risk management process.
  • The Risk Management Committee, constituted by the Board in June 2014 to assist in discharging this responsibility, focuses on the robustness of the risk management process. It reviews the appropriateness of risk appetite and risk tolerance in our pursuit of business objectives.
  • The Management Committee is the principal executive forum for the review of enterprise, project, and investment risks. It is responsible for the assurance of the risk management framework approved by the Board.
  • The Chief Risk Officer advocates the enterprise risk management for the company and for the group. He oversees the entire risk management function through the Group Risk Management Unit that implements programs and activities designed to improve our risk-taking capability.
  • The Internal Audit Unit assists the Audit Committee by conducting internal reviews of the company’s operations, and in particular, the review of material controls in critical risk areas. It also looks into the effectiveness and adequacy of the risk management process.
  • Our business units ensure compliance with risk management policies, and monitor and report risk profiles and implement actions. They embed risk management in their day-to-day activities.

Risk Management Process
Adopting the ISO 31000 Risk Management Framework, we started 2014 with a Black Swans workshop, facilitated by risk experts, to understand existing and potential risks that may impact achievement of business objectives. In understanding our value drivers, we identified key trends and key risk indicators for constant monitoring.

As part of the review of our enterprise risk management framework, we revisited our risk tolerance matrix. The degree of impact was determined to include financial, reputational, and regulatory considerations; probability of occurrence was focused on speed of change and complexity of environment, among others.

Risk Matrix
Using this risk matrix, we identified and prioritized key risks and accordingly allocated resources without losing sight of tail-end risks. Through collaboration and consultation, Management, assisted by the Group Risk Management Unit, identified existing key controls and directed actions for continuous improvement. Constant monitoring and regular reporting on key risks were done in 2014.

Finally, we annually assess our risk management maturity level in the areas of governance and organization, risk management strategy, reporting and communication, tools and technology, and culture and capability. Results provide input to improvements of our risk management framework.

  • Real Estate
  • Water Infrastructures
  • Energy
  • Social Commitment
  • Financial Services
  • Electronic Manufacturing
  • Transport Infrastructure
  • Telecommunications
  • BPO and Education
  • Automotive