Risk Management System

Governance  >  Annual Corporate Governance Report  > Risk Management System

1) Disclose the following:

(a) Overall risk management philosophy of the company

Risk Management: An Act of Balancing Risk and Reward

Risk Management at Ayala is all about balancing risk and reward, science and art, process and people. We aim to ensure that our risk management system has the right architecture, strategy, and process. We revisit these three key factors yearly to ensure that we not only minimize downside risks but also seize performance optimization.

Institutionalized in 2002, the Company has adopted an integrated enterprise risk management (ERM) framework that is continuously being enhanced and improved as conventional risk management may not be enough to achieve the Corporation's objectives.

Under the supervision of the Chief Risk Officer (CRO), the Group Risk Management & Sustainability Unit patterns Ayala’s risk governance after the concept of a risk intelligent enterprise – an organization where risk governance is at the apex of the system, serving as the unifying factor for all of the organization’s risk management efforts and integrating nine fundamental principles related to the responsibilities of the Board, senior management and business unit leaders.

  • Similar to a risk intelligent enterprise, the risk management at Ayala starts from the top. The Board of Directors of Ayala is provided appropriate transparency and visibility into the organization’s and the group’s risk management practices.
  • Through the Risk Management and Related Party Transactions Committee, the Board of Directors ensures that an effective risk management process is in place and that its risk appetite remains relevant to achieve its set goals.
  • The CRO, being the advocate for the company and the group, is charged with the primary responsibility for designing, implementing and maintaining an effective risk program. The Group Risk Management 48 & Sustainability Unit supports the CRO by designing activities that enhance the risk intelligent culture within the organization and within the group, formulating risk management strategies, developing tools and techniques for risk assessment, and monitoring and reporting on key and emerging risks. It also convenes the ERM Council, a group comprising the risk officers of all business units across the Ayala Group, for risk framework alignment, continuous risk process improvement, and other groupwide projects. On a semi-annual basis, the ERM Council provides the top risks of their respective organization to the Group Risk Management & Sustainability Unit for the information of the CRO, as well as for reporting to the Risk Management and Related Party Transactions Committee.
  • The management committees also provide support to the CRO by ensuring the existence of a structure at the operating level that will communicate and monitor key and emerging risks. They also ensure that risks are discussed during project and investment meetings.

As risk owners, the business unit leaders are responsible for managing the risks they face in the day-to-day operations within the established risk framework. They have the responsibility to identify, measure, monitor, control and report on risks to the management. Finally, the Internal Audit Unit provides an independent assurance on the adequacy, effectiveness, and efficiency of the risk management process.

(b) A statement that the directors have reviewed the effectiveness of the risk management system and commenting on the adequacy thereof

As set forth in its Charter approved by the Board of Directors, the Risk Management and Related Party Transactions Committee has reviewed and assessed the adequacy and the effectiveness of the Corporation's enterprise risk management process.

  • The Committee had reviewed related party transactions policy and the business continuity management policy.
  • Thru the Chief Risk Officer, as supported by the Group Risk Management Unit, the Committee had ascertained that an effective risk management process was in place. The results of the bow-tie analysis in the previous year were revisited and updated. Moreover, with the objective of embedding a risk-aware culture, the risk universe was mapped to the five vision pillars of the Corporation to better assess how its risk exposures may impact the achievement of business objectives. Risk management has also been institutionalized as a KRA of all employees, emphasizing that everyone has a role in the risk management process.
  • The Committee had also noted the Management’ support as the Managing Directors made themselves available to discuss their risk strategies and to respond to queries raised by the Committee.

(c) Period covered by the review;

For the year ended December 31, 2016

(d) How often the risk management system is reviewed and the directors’ criteria for assessing its effectiveness

In addition to the regular reports of the CRO thru the Group Risk Management Unit, the Corporation engaged AON Risk Solutions to execute a group-wide risk management maturity index in 2015. The Aon Risk Maturity Index (RMI) is designed to capture and assess an organization’s risk management practices, and provide participants with immediate feedback in the form of a Risk Maturity Rating and actionable steps for improvement. AON has partnered with the Wharton School of the University of Pennsylvania to develop the Index and conduct joint research on the relationships between risk management practices and actual performance. The AON Risk Maturity Index contains questions on risk management processes, corporate governance and risk understanding. The questions are based upon the ten characteristics of advanced risk management maturity:

  • Board level understanding of and commitment to risk management as a critical factor fir decision making and for driving value;
  • A senior level executive who drives and facilitates key risk management processes and development;
  • Transparency of risk communication;
  • A risk culture that encourages full engagement and accountability at all levels of the organization;
  • Identification of existing and emerging risks using internal and external data and information
  • Participation of key stakeholders in risk management strategy development and policy setting
  • Formal collection and incorporation of operational and financial risk information into decision making and governance processes;
  • Integration of risk management insights into human capital processes to drive sustainable business performance;
  • Use of sophisticated quantification methods to understand risk and demonstrate added value through risk management;
  • A move from focusing on risk avoidance and mitigation to leveraging risk and risk management options that extract;

Because of this study, the ERM roadmap was revised to address the potential areas for improvement. Hence, in 2016, two major studies, i.e. risk tolerance and insurance optimization studies, were carried out to address gaps in risk transfer strategy and advance the maturity level.

The next RMI will be carried out in 2018.

(e) Where no review was conducted during the year, an explanation why not.

According to best practice, the assessment of the maturity of the risk management process is done every two to three years.

2) Risk Policy

(a) Company

Give a general description of the company’s risk management policy, setting out and assessing the risk/s covered by the system (ranked according to priority), along with the objective behind the policy for each kind of risk:

Risk Exposure Risk Management Policy Objective
Natural and Man-made Disasters The Corporation does not have the ability to restore normal operations following natural/man-made disasters and/or failure of business contingency processes and systems To ensure that the Corporation is resilient enough to withstand any disaster, whether natural or manmade, that may result to a significant business disruption.
Brand and Reputation Inability to anticipate changes in the political and regulatory landscapes may result in the Group being unable to shield our profitability and our brand value. To ensure that the Corporation’s ability to anticipate changes in the political and regulatory landscapes will be enhanced to continue its long-term value creation process for all its stakeholders.
Regulatory and Political The inability to maintain our stature as a company of choice may result in significant difficulty in creating and/or maximizing value for all stakeholders. To maintain and improve the strong AYALA brand, identified as its core value.

(b) Group

Give a general description of the Group’s risk management policy, setting out and assessing the risk/s covered by the system (ranked according to priority), along with the objective behind the policy for each kind of risk:

Since the Corporation is one of the most diversified conglomerates in the country with leadership positions inreal estate, financial services, telecommunications, and a broad range of investments in water, electronics manufacturing, automotive, business process outsourcing, education, healthcare, power generation and transport infrastructure, the following are the common risks across the Group:

Risk Exposure Risk Management Policy Objective
Regulatory and Political Inability to anticipate changes in the political and regulatory landscapes may result in the Group being unable to shield our profitability and our brand value. To improve the Group’s ability to anticipate regulatory and political changes which may impact the Group’s business models.
Brand and Reputation The inability to maintain our stature as a company of choice may result in significant difficulty in creating and/or maximizing value for all stakeholders. To continue the long-term value creation for the Group’ stakeholders.
Talent Failure to ensure that we have the right people at all times may result in inability to execute and achieve business objectives.
  • To continue our talent management program from recruitment, development, succession planning, and until resignation/retirement of our employees.
  • To continue to be the employer of choice

 

(c) Minority Shareholders

Indicate the principal risk of the exercise of controlling shareholders’ voting power.

Risk to Minority Shareholders​
The Company’s Related Party Transactions policy that took effect last December 2014 ensures that the rights of the minority shareholders are protected. The Corporation established a mechanism to ensure that related party transactions are at arms-length, the terms are fair, and that they inure to the best interest of the Corporation and all of its shareholders. The Corporation strictly monitored, reported, and disclosed related party transactions as well as inter-company transactions.

 

3) Control System Set Up

(a) Company

Briefly describe the control systems set up to assess, manage and control the main issue/s faced by the company:

 

Risk Exposure

Risk Assessment

(Monitoring and Measurement Process)​

Risk Management and Control (Structures, Procedures, Actions Taken)​
Business Resiliency
  • Track news on possible natural disasters, such as earthquake and typhoon, that may affect the business
  • Establish AC’s business continuity management system that includes IT Disaster Recovery Plan, Crisis Management Plan, and Business Continuity Plan
  • Regularly review adequacy of insurance coverages
  • Run training programs on crisis communication, disaster management, among others
  • Collaborate with government agencies and with other Ayala group members to share resources and seek assistance for sooner recovery as necessary
Political and Regulatory
  • Scanning of regulatory and political landscapes
  • Establish Public Policy unit to actively monitor potential changes in regulatory policies and frameworks
  • Establish Ayala Regulatory Council composed of officers involved in regulatory, legal and compliance monitoring for benchmarking and networking purposes
  • Develop regulatory risk framework to understand its subsidiaries and affiliates’ regulatory changes and its impact to the overall objectives of AC
Brand and Reputation
  • Scanning of local, regional and international news
  • Include social media in the monitoring of trends
  • Conduct regular activities with investors and analysts
  • Monitor news and trend analysis both in the local and international setting
  • After a brand health survey which was completed in late 2015, a brand refresh was implemented in 2016 and this will be refreshed regularly
  • Continue proactive identification of opportunities to collaborate and improve relationships with partners

(b) Group

Briefly describe the control systems set up to assess, manage and control the main issue/s faced by the company:

Risk Exposure

Risk Assessment

(Monitoring and Measurement Process)​

Risk Management and Control (Structures, Procedures, Actions Taken)​
Regulatory and Political Scanning of regulatory and political landscapes Establish Ayala Regulatory Council composed of officers involved in regulatory, legal and compliance monitoring for benchmarking and networking purposes
Brand and Reputation
  • Scanning of local, regional and international news
  • Include social media in the monitoring of trends
  • Implement brand refresh across the group and this will continue in the years to come
  • Monitoring of issues that may impact the brand
  • Align sponsorships with Group strategy
  • Continue proactive identification of opportunities to collaborate and improve relationships with partners
Talent
  • Regular discussions among the Strategic HR Groups on initiatives and staffing needs including timing
  • Monitoring attrition rates in the group
  • Annual talent review process for all subsidiaries
  • Development of a succession plan
  • Implementation of service level agreements (SLAs) on hiring
  • Implementation of employee engagement and retention programs

(c) Committee

Identify the committee or any other body of corporate governance in charge of laying down and supervising these control mechanisms, and give details of its functions:

Committee/Unit Control Mechanism Details of its Functions
Executive Committee (ExCom)
  • Corporate governance control and mechanisms
  • Corporate governance control and mechanisms

The Executive Committee, in accordance with the authority granted by the Board, or during the absence of the Board, shall act by majority vote of all its members on such specific matters within the competence of the Board of Directors as may from time to time be delegated to the Executive Committee in accordance with the Corporation’s By-Laws, except with respect to --

i. approval of any action for which shareholders’ approval is also required;

ii. the filling of vacancies on the Board or in the Executive Committee;

iii. the amendment or repeal of any resolution of the Board of Directors which by its express terms is not so amendable or repealable;

iv. the distribution of cash dividends;

v. the exercise of powers delegated by the Board exclusively to other committees, if any.

Nomination Committee
  • Corporate governance control and mechanisms
  • Ensures that all nominees to the Board have all the qualifications and none of the disqualifications under the Company’s By-Laws, its Manual of Corporate Governance, and the rules of the SEC
  • Reviews the qualifications of all persons nominated to positions requiring appointment by the Board.

The Nomination Committee of the Board of Directors shall:

(a) install and maintain a process to ensure that nominees to the Board for election by the stockholders or the Board are qualified in accordance with the By-laws, Manual of Corporate Governance and relevant laws, rules and regulations;

(b) encourage the selection of a mix of competent directors, each of whom can add value and contribute independent judgment to the formulation of sound corporate strategies and policies;

(c) review and evaluate the qualifications of persons nominated for Managing Director (Vice President) or higher rank, which shall require appointment by the Board, and provide guidance and advice as necessary for appointments by the Chairman or President to positions below Managing Director (Vice President);

(d) review succession plans for members of the Board and senior executives (from group heads to the CEO);

(e) provide assessment on the Board's effectiveness in directing the process of renewing and replacing Board members and in appointing officers or advisors and develop, update as necessary and recommend to the Board policies for considering nominees for directors, officers or advisors; and

(f) discharge any other duties and responsibilities delegated to the Committee by the Board from time to time.

The Committee shall be guided by the Company's mission and vision in the fulfilment of its functions.

Personnel and Compensation Committee
  • Corporate governance control and mechanisms
  • Establishes a policy for a formal and transparent procedure for determining the salaries of officers and directors
  • Supports the Board in the determination of executive compensation and remuneration

The Committee shall have the following powers, duties and responsibilities:

  1. Establish a formal and transparent procedure for developing a policy on executive remuneration and for fixing the remuneration packages of corporate officers and directors, and provide oversight over remuneration of senior management and other key personnel ensuring that compensation is consistent with the Corporation's culture, strategy and control environment;
  2. Review, at least annually, the performance of each of the Chairman of the Board, the Chief Executive Officer (CEO), the President and Chief Operating Officer (COO) and measure such performance against each of his or her goals and objectives pursuant to the Corporation's plans and determine his or her compensation for approval of the Board;
  3. Review the structure and competitiveness of the Corporation's executive officer compensation programs considering the following factors:

    (i) the attraction and retention of executive officers;

    (ii) the motivation of executive officers to achieve the Corporation's business objectives, and

    (iii) the alignment of the interest of executive officers with the long-term interests of the Corporation's shareholders.

  4. Develop and periodically review a form on Full Business Interest Disclosure, which among others compel all incoming and incumbent officers to declare under the penalty of perjury all their existing business interests or shareholdings that may directly or indirectly conflict in their performance of duties once hired;
  5. Provide in the Corporation's annual reports, information and proxy statements a clear, concise and understandable disclosure of compensation of its executive officers for the previous fiscal year and the ensuring year; and
  6. Periodically review the Human Resources 55 Development or Personnel Handbook, to strengthen provisions on conflict of interest, salaries and benefits policies, promotion and career advancement directives and compliance of personnel concerned with all statutory requirements that must be periodically met in their respective posts. No member of the Committee will act to fix his or her own compensation except for uniform compensation to directors for their services as a director

 

Finance Committee
  • Corporate governance control and mechanisms
  • Oversees the company’s financial policy and strategy, including capital structure, dividend policy, acquisitions and divestments, and makes the appropriate recommendations to the Board of Directors
  • Oversight responsibility over the Company’s Treasury activities, and reviews and approves changes in Treasury Policies
  • Responsible for reviewing and evaluating the financial affairs of the company on a regular basis and carrying out such other duties as may be delegated to it by the Board of Director

The Finance Committee shall carry out the following duties, in each case in line with the Board’s policies and directives:

  1. The Committee shall review the company’s capital structure strategies. The Committee shall also review and approve the Corporation’s dividend policy and recommend dividend actions to the Board of Directors.
  2. The Committee shall review the financial terms of mergers, acquisitions, or other strategic investments, as well as divestitures of any material operations of the Company, and make the appropriate recommendations to the Board of Directors.
  3. The Committee shall have general oversight responsibility over the Corporation’s Treasury activities. The Committee shall review and approve changes in Treasury Policies, including:

a. Policies with respect to cash flow management,

b. Policies with respect to investment of the company’s cash, and

c. Policies with respect to financial risk management, including the use of derivatives.

The Committee shall approve Letters of Parental Guarantee and/or Letters of Comfort and Awareness between the Corporation and its subsidiaries except for those issued in the ordinary course of business or in compliance with law and court orders.

Audit Committee
  • Corporate governance control and mechanisms
  • Oversees the internal control, internal auditors, external auditors, financial reporting.

The Audit Committee provides assistance to the Board of Directors in fulfilling their oversight responsibility to the shareholders relating to:

  • the integrity of the Company's financial statements and the financial reporting process;
  • the appointment, remuneration, qualifications, independence and performance of the independent external auditors and the integrity of the audit process as a whole;
  • the effectiveness of the systems of internal control and the risk management process;
  • the performance and leadership of the internal audit function;
  • the company's compliance with applicable legal, regulatory and corporate governance requirements; and
  • the preparation of year-end report of the Committee for approval of the Board and to be included in the annual report
Risk Management and Related Party Transactions Committee
  • Risk Governance
  • Related Party Transactions Review
  • Ensure that Management maintains a sound risk management framework and internal controls system and identifies material risk exposures and their impact in achieving the Corporation’s objectives.
  • Determine the advisability of, and review and evaluate the terms and conditions of any material/significant related party transactions and their required reporting disclosures

 

Top
Top

Copyright © 2017, Ayala Corporation

privacy | terms of use