Risk Management System

Governance  >  Annual Corporate Governance Report  > Risk Management System

OVERALL RISK MANAGEMENT PHILOSOPHY OF THE COMPANY

Risk Management at Ayala: From Avoidance and Mitigation to Value Creation

Risk Management has become an increasingly important business driver and part of successful corporate governance. At Ayala, an effective corporate governance entails risk intelligence – a philosophy that encourages risk-taking, and embeds appropriate risk management into the whole organization – so that risk-taking for value creation becomes as significant as risk mitigation for value protection. We ensure that our risk management system has the right architecture, strategy, and protocols to support the risk management process.. We revisit these three key factors yearly, as we believe that with the right approach, risks can be turned into opportunities.

Institutionalized in 2002, the Company has adopted an enterprise risk management (ERM) framework that is continuously being enhanced and improved. Under the supervision of the Chief Risk Officer (CRO), the Group Risk Management & Sustainability Unit continues to align Ayala’s risk governance with that of global risk consultant Deloitte, which espouses a best practice that goes beyond risk avoidance and mitigation to utilize calculated risk-taking as a means to create value.

Similar to a risk intelligent enterprise, Ayala’s risk governance is at the apex of the system. The Board of Directors is provided appropriate transparency and visibility into the organization’s and the group’s risk management practices. Through the Risk Management and Related Party Transactions Committee, the Board of Directors ensures that an effective risk management process is in place and that its risk appetite remains relevant to achieve its set goals. The CRO, being the advocate for the company and the group, has the primary responsibility of designing, implementing and maintaining an effective risk program. The Group Risk Management & Sustainability Unit supports the CRO by designing activities that enhance the organization and the group’s risk intelligent culture, formulating risk management strategies, evaluating tools and techniques for risk assessment, and monitoring and reporting on key principal and emerging risks. It also convenes the ERM Council, a group comprising the risk officers of Ayala business units, for risk framework alignment, continuous risk process improvement, and other groupwide projects. On a semi-annual basis, the ERM Council provides the top risks of their respective organization to the Group Risk Management & Sustainability Unit for reporting to both the CRO and the Risk Management and Related Party Transactions Committee.

Management committees also provide support to the CRO by ensuring the existence of a structure at the operating level that will communicate and monitor key principal and emerging risks. They also ensure that risks are discussed during project and investment meetings. As risk owners, the business unit leaders are responsible for managing the risks they face in the day-to-day operations within the established risk framework. They have the responsibility to identify, measure, monitor, control and report on risks to the management. Finally, the Internal Audit Unit provides an independent assurance on the adequacy, effectiveness, and efficiency of the risk management process.

 

 Board Review of the effectiveness of the risk management system

As set forth in its Charter approved by the Board of Directors, the Risk Management and Related Party Transactions Committee has reviewed and assessed the adequacy and the effectiveness of the Corporation's enterprise risk management process:

  • The Committee has reviewed the following policies: enterprise risk management policy, related party transactions policy, and the business continuity management policy.
  • Thru the Chief Risk Officer, as supported by the Group Risk Management and Sustainability Unit, the Committee has ascertained that an effective risk management process was in place. Aside from the black swan approach and bowtie analysis, risk sensing, a tool that employs human insights and advanced analytics capabilities to identify, analyze and monitor emerging risks, was utilized in the annual risk assessment. This allowed the Management to assess how emerging risks can affect the Corporation’s business model, long-term viability and ability to create value. Furthermore, the Management gained a better understanding of the risk/reward tradeoffs inherent in value creation, which can help improve their funding decisions and resource allocation.
  • With the view of integrating the disciplines of risk management and sustainability, the Management mapped the identified sustainability megatrends for the year to the fourteen risk categories of Ayala, and discussed how these trends can translate or contribute to a risk for the Corporation.
  • The Committee has also noted management support as the Managing Directors made themselves available to discuss their risk strategies and respond to queries raised by the Committee.

Period covered by the review: For the year ended December 31, 2018

In addition to the regular reports of the CRO thru the Group Risk Management and Sustainability Unit, the Corporation has engaged Aon Risk Solutions to execute a group-wide risk management maturity assessment, the first round of which was completed in 2015. According to best practice, the assessment of the maturity of the risk management process should be performed every two to three years.

The Aon Risk Maturity Index (RMI) is designed to capture and assess an organization’s risk management practices and provide participants with immediate feedback in the form of a Risk Maturity Rating and actionable steps for improvement. Aon has partnered with the Wharton School of the University of Pennsylvania to develop the Index and conduct joint research on the relationships between risk management practices and actual performance. The Aon Risk Maturity Index contains questions on risk management processes, corporate governance and risk understanding. The questions are based upon the ten characteristics of an advanced risk management maturity:

  • Board-level understanding of and commitment to risk management as a critical factor for decision-making and for driving value;
  • A senior-level executive who drives and facilitates key risk management processes and development;
  • Transparency of risk communication;
  • A risk culture that encourages full engagement and accountability at all levels of the organization;
  • Identification of existing and emerging risks using internal and external data and information;
  • Participation of key stakeholders in risk management strategy development and policy setting;
  • Formal collection and incorporation of operational and financial risk information into decision-making and governance processes;
  • Integration of risk management insights into human capital processes to drive sustainable business performance;
  • Use of sophisticated quantification methods to understand risk and demonstrate added value through risk management; and,
  • A move from focusing on risk avoidance and mitigation to leveraging risk and risk management options that extract value.

Through this study, the Corporation and the Group evaluated the effectiveness of the improvements implemented since 2015. Similarly, the Corporation’s ERM roadmap was revised to address other potential areas for improvement.

 

RISK POLICY

 For the Company

 

Risk Exposure Risk Management Policy Objective
Political and regulatory Inability to anticipate changes in the political and regulatory landscapes may result in the Group being unable to shield our profitability and brand value. To ensure that the Corporation has the ability to anticipate and adapt to changes in the political and regulatory landscapes to continue its long-term value creation process for all its stakeholders
Information security and cyber Failure to ensure strong and adequate information security controls to safeguard confidentiality, integrity and availability of critical information may result to financial losses and damaged reputation. To ensure that the Corporation’s critical and other information are processed and stored with appropriate information security controls to preserve its confidentiality, integrity and availability to stakeholders
Brand and reputation The inability to maintain our stature as a company of choice may result in significant difficulty in creating and/or maximizing value for all stakeholders. To maintain and improve the strong Ayala brand, identified as its core value

For the Group

Risk Exposure Risk Management Policy Objective
Political and regulatory Inability to anticipate changes in the political and regulatory landscapes may result in the Group being unable to shield our profitability and our brand value. To improve the Group’s ability to anticipate and adapt to political and regulatory changes, which may impact the Group’s business models
Brand and Reputation Failure to ensure that we have the right people at all times may result in inability to execute and achieve business objectives.
  • To continue being the employer of choice
  • To enhance our talent management program from recruitment, talent development, succession planning, until resignation/retirement of our employees

Brand and reputation

The inability to maintain our stature as a company of choice may result in significant difficulty in creating and/or maximizing value for all stakeholders.

To continue the long-term value creation for the Group’ stakeholders

 

For Minority Shareholders

Risk to Minority Shareholders​
The Company’s Related Party Transactions policy that took effect last December 2014 ensures that the rights of the minority shareholders are protected. The Corporation established a mechanism to ensure that related party transactions are at arms-length, the terms are fair, and that they inure to the best interest of the Corporation and all of its shareholders. The Corporation strictly monitored, reported, and disclosed related party transactions as well as inter-company transactions.

 

CONTROL SYSTEM SET UP 

 For the Company

Risk Exposure

Risk Assessment

(Monitoring and Measurement Process)​

Risk Management and Control (Structures, Procedures, Actions Taken)​
Political and regulatory
  • Continuous scanning of political and regulatory landscapes
  • Evaluation of new laws and regulations on how they could impact the companies’ business operations
  • The Corporation’s Public Policy unit actively monitors potential changes in regulatory policies and frameworks and strengthens ties and relationships of the Group with the government.
  • The Ayala Regulatory Council periodically discusses new regulations that may affect the companies’ business operations.
  • The Group Risk Management Team, together with other members of the Corporation, reviews regulatory risk framework previously developed for the Corporation and its investee companies.
Information security and cyber
  • Continuous update of anti-virus software and other security controls
  • Periodic assessment of the appropriateness and adequacy of information security controls
  • Strengthen layers of control on both hardware and software assets.
  • Perform vulnerability tests prior to first use of hardware, software and web hosts.
  • Constantly improve knowledge of cyber attacks and increase employee awareness on information security and cyber controls.
  • Regularly cascade IT policies and standards across the organization.
  • Benchmark with international companies on mitigating cyber risks.
Brand and reputation
  • Scanning of local, regional and international news
  • Inclusion of social media in the monitoring of trends
  • Regularly engage in meaningful discussions with investors and analysts
  • Analyze local and global news and trends.
  • Regularly refresh Ayala’s branding position.
  • Continuously identify opportunities for collaboration with partners.

For the Group

Risk Exposure

Risk Assessment

(Monitoring and Measurement Process)​

Risk Management and Control (Structures, Procedures, Actions Taken)​
Political and regulatory
  • Continuous scanning of political and regulatory landscapes
  • Evaluation of new laws and regulations on how they could impact the companies’ business operations
The Ayala Regulatory Council ensures legal and regulatory compliance of the Group, and periodically discusses new regulations that may affect the companies’ business operations.
Talent
  • Monitoring of attrition rate across the group
  • Regular discussions among the Strategic HR Groups on initiatives and staff needs
  • Annual performance assessment to ensure that the talent has the right fit to the roles and responsibilities associated with the function
  • Execute annual talent review process for all subsidiaries.
  • Update the succession plan whenever necessary.
  • Implement service level agreements (SLAs) on hiring.
  • Continuously implement and improve employee engagement and retention programs
Brand and reputation
  • Scanning of local, regional and international news
  • Inclusion of social media in the monitoring of trends
  • Implement brand refresh across the group every three years.
  • Continuously monitor issues that may impact the brand.
  • Align sponsorships with the Group strategy.
  • Continue proactive identification of opportunities to collaborate with potential partners and improve relationships with existing partners.

(c) Committee

Identify the committee or any other body of corporate governance in charge of laying down and supervising these control mechanisms, and give details of its functions:

Committee/Unit Control Mechanism Details of its Functions
Executive Committee (ExCom)
  • Corporate governance control and mechanisms
  • Corporate governance control and mechanisms

The Executive Committee, in accordance with the authority granted by the Board, or during the absence of the Board, shall act by majority vote of all its members on such specific matters within the competence of the Board of Directors as may from time to time be delegated to the Executive Committee in accordance with the Corporation’s By-Laws, except with respect to --

i. approval of any action for which shareholders’ approval is also required;

ii. the filling of vacancies on the Board or in the Executive Committee;

iii. the amendment or repeal of any resolution of the Board of Directors which by its express terms is not so amendable or repealable;

iv. the distribution of cash dividends;

v. the exercise of powers delegated by the Board exclusively to other committees, if any.

Corporate Governance and Nomination Committee
  • Corporate governance control and mechanisms
  • Ensures that all nominees to the Board have all the qualifications and none of the disqualifications under the Company’s By-Laws, its Manual of Corporate Governance, and the rules of the SEC
  • Reviews the qualifications of all persons nominated to positions requiring appointment by the Board.

The Nomination Committee of the Board of Directors shall:

(a) install and maintain a process to ensure that nominees to the Board for election by the stockholders or the Board are qualified in accordance with the By-laws, Manual of Corporate Governance and relevant laws, rules and regulations;

(b) encourage the selection of a mix of competent directors, each of whom can add value and contribute independent judgment to the formulation of sound corporate strategies and policies;

(c) review and evaluate the qualifications of persons nominated for Managing Director (Vice President) or higher rank, which shall require appointment by the Board, and provide guidance and advice as necessary for appointments by the Chairman or President to positions below Managing Director (Vice President);

(d) review succession plans for members of the Board and senior executives (from group heads to the CEO);

(e) provide assessment on the Board's effectiveness in directing the process of renewing and replacing Board members and in appointing officers or advisors and develop, update as necessary and recommend to the Board policies for considering nominees for directors, officers or advisors; and

(f) discharge any other duties and responsibilities delegated to the Committee by the Board from time to time.

The Committee shall be guided by the Company's mission and vision in the fulfilment of its functions.

Personnel and Compensation Committee
  • Corporate governance control and mechanisms
  • Establishes a policy for a formal and transparent procedure for determining the salaries of officers and directors
  • Supports the Board in the determination of executive compensation and remuneration

The Committee shall have the following powers, duties and responsibilities:

  1. Establish a formal and transparent procedure for developing a policy on executive remuneration and for fixing the remuneration packages of corporate officers and directors, and provide oversight over remuneration of senior management and other key personnel ensuring that compensation is consistent with the Corporation's culture, strategy and control environment;
  2. Review, at least annually, the performance of each of the Chairman of the Board, the Chief Executive Officer (CEO), the President and Chief Operating Officer (COO) and measure such performance against each of his or her goals and objectives pursuant to the Corporation's plans and determine his or her compensation for approval of the Board;
  3. Review the structure and competitiveness of the Corporation's executive officer compensation programs considering the following factors:

    (i) the attraction and retention of executive officers;

    (ii) the motivation of executive officers to achieve the Corporation's business objectives, and

    (iii) the alignment of the interest of executive officers with the long-term interests of the Corporation's shareholders.

  4. Develop and periodically review a form on Full Business Interest Disclosure, which among others compel all incoming and incumbent officers to declare under the penalty of perjury all their existing business interests or shareholdings that may directly or indirectly conflict in their performance of duties once hired;
  5. Provide in the Corporation's annual reports, information and proxy statements a clear, concise and understandable disclosure of compensation of its executive officers for the previous fiscal year and the ensuring year; and
  6. Periodically review the Human Resources 55 Development or Personnel Handbook, to strengthen provisions on conflict of interest, salaries and benefits policies, promotion and career advancement directives and compliance of personnel concerned with all statutory requirements that must be periodically met in their respective posts. No member of the Committee will act to fix his or her own compensation except for uniform compensation to directors for their services as a director

 

Finance Committee
  • Corporate governance control and mechanisms
  • Oversees the company’s financial policy and strategy, including capital structure, dividend policy, acquisitions and divestments, and makes the appropriate recommendations to the Board of Directors
  • Oversight responsibility over the Company’s Treasury activities, and reviews and approves changes in Treasury Policies
  • Responsible for reviewing and evaluating the financial affairs of the company on a regular basis and carrying out such other duties as may be delegated to it by the Board of Director

The Finance Committee shall carry out the following duties, in each case in line with the Board’s policies and directives:

  1. The Committee shall review the company’s capital structure strategies. The Committee shall also review and approve the Corporation’s dividend policy and recommend dividend actions to the Board of Directors.
  2. The Committee shall review the financial terms of mergers, acquisitions, or other strategic investments, as well as divestitures of any material operations of the Company, and make the appropriate recommendations to the Board of Directors.
  3. The Committee shall have general oversight responsibility over the Corporation’s Treasury activities. The Committee shall review and approve changes in Treasury Policies, including:

a. Policies with respect to cash flow management,

b. Policies with respect to investment of the company’s cash, and

c. Policies with respect to financial risk management, including the use of derivatives.

The Committee shall approve Letters of Parental Guarantee and/or Letters of Comfort and Awareness between the Corporation and its subsidiaries except for those issued in the ordinary course of business or in compliance with law and court orders.

Audit Committee
  • Corporate governance control and mechanisms
  • Oversees the internal control, internal auditors, external auditors, financial reporting.

The Audit Committee provides assistance to the Board of Directors in fulfilling their oversight responsibility to the shareholders relating to:

  • the integrity of the Company's financial statements and the financial reporting process;
  • the appointment, remuneration, qualifications, independence and performance of the independent external auditors and the integrity of the audit process as a whole;
  • the effectiveness of the systems of internal control and the risk management process;
  • the performance and leadership of the internal audit function;
  • the company's compliance with applicable legal, regulatory and corporate governance requirements; and
  • the preparation of year-end report of the Committee for approval of the Board and to be included in the annual report
Risk Management and Related Party Transactions Committee
  • Risk Governance
  • Related Party Transactions Review
  • Ensure that Management maintains a sound risk management framework and internal controls system and identifies material risk exposures and their impact in achieving the Corporation’s objectives.
  • Determine the advisability of, and review and evaluate the terms and conditions of any material/significant related party transactions and their required reporting disclosures.

 

Top
Top

Copyright © 2017, Ayala Corporation

privacy | terms of use