Enterprise-Wide Risk Management
Meralco has a robust Enterprise Risk Management (ERM) framework to monitor and manage its risks and opportunities to create and protect value for the company. Meralco ERM is a proactive process that is well linked to corporate goals and objectives, embedded in the corporate culture and is well integrated into critical and strategic planning process and operational processes of the company and its subsidiaries (Meralco Group).
Our ERM aims to enhance the stakeholder value of the Company and its subsidiaries through the creation of risk governance structure and adoption of effective mechanisms that effectively manage existing and emerging risks as well as enhance the ability to take on additional risks accompanying new growth opportunities.
The Company adopted ISO 31000 as its model for ERM framework. The Enterprise Risk Management Manual was approved and adopted by the company to provide the methodology and processes for risk management including:
- identification, assessment, evaluation and mitigation of risks or exploitation of opportunities;
- definition of management responsibilities and accountabilities; and
- escalation and reporting of company’s key enterprise risks.
Similar ERM capability, processes and activities are currently being rolled out to all Meralco subsidiaries.
Meralco Group ERM Framework
The Company adopted the following framework and structure, based on ISO 31000, to effectively manage its key enterprise risks.
As described by ISO 31000, the following framework does not intend to establish as separate management system for risk management but rather to facilitate the integration of risk management discipline and practices within its existing management systems and processes of One Meralco.
One Meralco ERM Principles
Meralco Group ERM echoes the key risk management principles enumerated in the ISO 31000 that Enterprise Risk Management should be:
- Contributor to the achievement of the organization’s objectives of creating and protecting value for the organization
- Integrated in all organizational processes including strategic and operational decision making
- Systematic, structured, timely, and uses best available information to be relevant
- Dynamic, iterative and responsive to change to be able to facilitate continual improvement of the organization.
- Tailored to the organization, taking into consideration the involvement, behavior and culture of the all stakeholders
One Meralco ERM Oversight Structure
To help ensure the successful implementation of ERM across Meralco Group, the following risk governance structure was established. This structure is designed to ensure that an integrated and independent view of the risks across the different categories is realized. Integration of risk management functions across One Meralco also allow for stronger independent advice to management and the Board and aims to facilitate well-informed decision-making.
The Board of Directors, through the Risk Management Committee (RMC), provides the oversight over the company’s risk management activities and policies that governs the management of risks.
Meralco’s Executive Management, led by its Chief Executive Officer, is the primary responsible for the implementation of risk management procedures and activities within the respective business processes. They are responsible for direction setting and strategic decision making.
The Chief Risk Officer (CRO) of the company, assisted by the Enterprise-Wide Risk Management (EWRM) office, leads the implementation of the ERM Policies and initiatives to integrate risk management practices into the strategic and operational processes of the company.
Executive Management appoints Risk Owners for each of the key enterprise risks who will be responsible for further analysis and monitoring the assigned risks. They are also responsible for selecting and implementing the appropriate risk response strategies and action plans.
Internal Audit is responsible for the conduct of independent validation of the risk management processes and activities of the company.
Meralco Group Risk Management Process
Meralco Group ERM also adopted the ISO 31000 risk management process in identifying, assessing and treating risks. One Meralco Risk Management Process shall include the communication of the risks through risk reporting dashboards or by incorporating the risk information into the operational reports of the different business units.
Key Enterprise Risks
The following are the key enterprise risks of the Company: Regulatory and Compliance Risks, Strategic and Corporate Risks, Financial Risks, and Operational Risks.