Enterprise Risk Management
The Company documented policies and internal controls to ensure it can reasonably manage process-level risks. At enterprise and project levels, it also adopted the following management approach: Board Committees: establishing and maintaining various Board Committees are an integral part of the Company’s risk management. Its Board of Directors created several committees to assist in managing and mitigating the risks the Company faces. These committees are also involved in the overall governance matters of the Company:
- The Board Risk Oversight Committee (BROC) oversees the Company’s Enterprise Risk Management (ERM) system, including risks originating from subsidiaries, affiliates, and investments. It also ensures the functionality and effectiveness of the ERM system, the sustainability framework, and periodic review of this framework to ensure it remains appropriate considering material changes to the Company’s size, complexity, business strategy, and business and regulatory environments. The BROC also oversees strategies designed to respond to sustainability-related (including climate) risks and opportunities and ensures that sustainability-related and climate-related risks and opportunities are taken into consideration when making investment decisions (for example, plans for capital expenditure, major acquisitions and divestments, joint ventures, business transformation, innovation, new business areas, and asset retirements).
- The Audit Committee is responsible for enhancing the Board’s oversight capability over implementing the Company’s Code of Conduct; and the financial reporting, internal control system, internal and external audit processes, and compliance with applicable laws and regulations of Converge.
- The Related Party Transactions Committee reviews and evaluates related-party transactions to enhance corporate transparency and promote fair transactions.
- The Corporate Governance Committee is responsible for assisting the Board in performing its corporate governance responsibilities and reviewing and evaluating the qualifications of all persons nominated to the Board and other appointments requiring Board approval. It also assists the Board in assessing the effectiveness of the Board’s processes and procedures in the election and replacement of directors.
- The Remuneration Committee provides guidance to and assist the Board in developing a compensation philosophy or policy; oversee the development and administration of the Company’s executive compensation programs; establish an effective performance management framework; and assist the Board in the succession planning for Officers and in overseeing the development and implementation of professional development programs for Officers.
- The Executive Committee possesses the powers of the Board. It has the right to use them in managing the business and affairs of Converge when the Board is not in session, except for certain actions and decisions.
Enterprise Risk Management
To achieve its corporate objectives, Converge acknowledges the need for the active management of the risks inherent in its business which should involve the entire organization. For this reason, it set up a dedicated Enterprise Risk Management (ERM) Team led by an ERM Head, reporting to the President and Chief Risk Officer. In 2021, an ERM Program was established to manage imminent and emerging risks in the internal and external operating environments of Converge.
The ERM Program is aligned with the Company’s Manual of Corporate Governance, which mandates the Board to ensure a sound ERM framework to effectively identify, monitor, assess, and manage key business risks. In addition, the Company’s BROC provides oversight of management functions relating to strategic, financial, operational, compliance, and other risks of the Company, which involves periodic disclosure of risk exposures and related risk management activities.
The ERM framework based on ISO 31000:2018 has been adopted and provides the foundation for the Company’s management of risks through the ERM Program. It is anchored on the mandate and commitment from the Board and top management to implement the ERM process across the organization. It is envisioned to be dynamic and shall be continuously improved to be responsive to the needs of the organization and attain the Company’s desired state. Converge also adopted the ERM process defined in ISO 31000:2018 in managing risks. At each stage of the risk management process, tools and techniques suited to the Company’s objectives, resources, and capabilities shall be employed.
Through the ERM Program, the Company shall embed risk awareness within its culture and effectively communicate to the Board and Management the risks that it could potentially face. Converge also looks into Environment, Social, and Governance (ESG) risks and assesses how these could be incorporated into its ERM framework and eventually formalized in its applicable business processes, metrics, and targets.
The Chief Executive Officer (CEO) is the comprehensive risk executive and is ultimately responsible for managing key risks, setting ERM priorities, tolerances, and policies, and developing, executing, and monitoring risk management strategies. The CEO directs the design and implementation of appropriate systems, tools, and methodologies to support ERM processes and other risk management activities.
The Chief Risk Officer (CRO) is the ultimate champion of ERM at Converge. The CRO oversees the entire risk management function and the development, implementation, maintenance, and continuous improvement of ERM processes and tools. Supporting the CRO is the ERM Team responsible for developing risk management tools, methodologies, and processes. It leads the implementation and dissemination of ERM across Converge in coordination with the CRO and risk owners.
In 2023, the Company’s Senior Leadership Team (composed of the CEO, President/CRO, and their direct reports) determined the most significant risks facing the Company. The management of top corporate risks, which have been mapped out up to the department level, was delegated to the appropriate Risk Owners. The Risk Owners have formulated and committed to a risk management plan monitored by the ERM Department, which defined specific action points, accountability, and timeline. The status of the top corporate risks is regularly discussed and reported to the BROC.
The identified risks underwent the following phases:
• Analysis: This refers to the thorough understanding of each risk. This step involves consideration of the causes and sources of risks, their consequences or impact, the likelihood of the impact, and the effectiveness by which the risks are managed.
• Evaluation: This involves comparing the level of risk found during the analysis process with established risk criteria. Based on this comparison, the need for treatment, further analysis, and other alternative actions may be considered.
• Treatment: The selection and implementation of strategies and actions to modify risks that need treatment based on risk analysis and evaluation results. Appropriate risk treatment options are selected by balancing the required costs and the benefits derived from implementation.
• Reporting and Monitoring: The implementation of selected options is planned, constantly monitored, and regularly reviewed. The responsibilities for implementation and monitoring have been defined. The results of review and monitoring are recorded and reported internally and externally as appropriate.
In 2021, Converge formalized the Sustainability Council, a cross-functional working group responsible for determining risks and opportunities related to ESG and implementing ESG and other sustainability-related initiatives. The council also governs its Corporate Social Responsibility (CSR) Team, ensuring CSR activities are planned, implemented, and measured. In addition, the Company also put its Sustainability Framework and Roadmap in place.
Project Risk Management
Project risk management processes are embedded in all key strategic and operational initiatives of Converge. The Company requires each new major project to have a formal project risk assessment and mitigation plan. Risks and issues are part of regular status reporting, and action plans to address the identified risks and issues are monitored accordingly. As Converge sets its sights on further expanding its reach and footprint, it continues to engage talents in managing risks across the organization. With active involvement and appreciation of risk management at all levels within the organization, Converge is geared up to manage uncertainties in the business, regulatory, and physical environment. It is equipped to achieve and seize new business goals as it continues its pursuit of becoming a world-class ICT organization that empowers people, businesses, and the nation to be their best.