EDC PR 2016 (CorpGov section)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Corporate Governance<br />
<strong>EDC</strong>’s risk management system is embedded in its strategic planning and budgeting processes, as part of its strategy execution<br />
process. Risk management activities are being done annually at the operational and strategic levels of the organization. With this,<br />
risk assessments are conducted to identify the top priority risks at the different levels of the organization (i.e. operational and<br />
strategic levels). Correspondingly, mitigating measures are formulated and implemented to manage the top risks.<br />
Also, the Board established the Enterprise Risk Management (ERM) Manual, which aims to establish a common risk language that<br />
will enable a dynamic and consistent application of risk management initiatives, aligned with ISO 31000:2009 (Risk Management<br />
– Principles and Guidelines). It was revised on April 23, 2015. Based on <strong>EDC</strong>’s ERM Manual, the RMC approves the risk appetite<br />
to guide the establishment of the risk tolerances based on physical injuries, environmental damage, reputation and financial<br />
impact. Once risks are identified, risk management strategies and plans are formulated, implemented, monitored and reviewed.<br />
• Key risks. The Company’s risk management activities are performed in three different levels with corresponding risk owners as<br />
shown in Figure 4 below of <strong>EDC</strong>’s Enterprise Risk Management Manual:<br />
Management level Level of ERM Ownership<br />
BOD<br />
Senior<br />
Management<br />
1. Strategic Risks<br />
Risk Management<br />
Committee/Management<br />
Committee<br />
Line Management<br />
2. Operational Risks<br />
Strategic Business Units/<br />
Centers of Excellence<br />
Project<br />
3. Project Risks<br />
Project Teams<br />
a. Strategic Risks. The ERM Manual defined strategic risks as those risks, whether internal or external, that significantly<br />
affect the accomplishment of the corporate short-term and long-term objectives. These are possible sources of loss<br />
due to adverse business decisions, improper implementation of plans, or lack of responsiveness to industry changes.<br />
<strong>EDC</strong>’s strategic risk management is integrated into the overall business strategy and planning processes, so that the<br />
risk management programs support the development and execution of the business strategy. It is a CEO and Boardlevel<br />
priority, wherein the objectives are to distill insights and provide clarity on the top 5 to 10 most important risks<br />
shaping <strong>EDC</strong>’s performance; to support risk-informed decisions at the RMC-level; to ensure a risk dialogue among<br />
the Management Committee, so that strategic risks can be prioritized according to their impact and likelihood of<br />
occurrence; and to enable proper risk oversight by the Board.<br />
b. Operational Risks. As provided in the ERM Manual, operational risks are those risks due to changes and circumstances<br />
in the internal and external environments that may affect <strong>EDC</strong>’s way of doing business. These are the possible sources of<br />
loss due to inadequate or failed internal processes, people or system, or from external events such as natural calamities.<br />
To prevent the risk of business interruption, <strong>EDC</strong>’s asset management are continuously being implemented, evaluated<br />
and strengthened. Business Continuity and Crisis Management Plans are also being developed to improve resilience.<br />
Lastly, business interruption insurance can be obtained to cover the potential revenue loss during an operational risk<br />
event. By doing these, the top management, through the Management Committee, are connected with the rest of the<br />
organization on operational risk matters to ensure that critical risk information will surface in a timely manner.<br />
c. Project Risks. The ERM Manual defines project risks as an uncertain event that, if it occurs, has a positive or negative<br />
effect on the project’s progress, result or outcome. Project risk management is a continuous part of <strong>EDC</strong>’s governance,<br />
and are embedded throughout the life cycle of every project as it is in the daily operation of the business.<br />
Generally, project risks are managed by building risk management into the project life cycle, ensuring that a process is<br />
in place to identify, prepare for and mitigate risks; developing project contingency plans; actively promoting risk-based<br />
mindset within the Project Team; anticipating and mitigating post-project risks which may impact business as usual.<br />
In <strong>2016</strong>, the RMC has conducted a review of the effectiveness of the Company’s risk management systems.<br />
102-30<br />
125