Enterprise Risk Management


Our long-term success is dependent on our ability to identify and manage the risks that may impact our operations. These risks exist in various aspects of our business, from regulatory and competitive environment to our core operations and network expansion. Thus, Converge aims to integrate awareness in all areas of its business and properly balance risk and reward for sustainable growth.


We have documented policies and internal controls to reasonably ensure that we are able to manage process level risks. In addition, at an enterprise and project levels, we have adopted the following management approach:

Board Committees. The establishment and maintenance of the various Board Committees is an integral part of our risk management. The Board of Directors created several committees to assist in managing and mitigating the risks surrounding Converge. These bodies are also deeply involved in the overall governance matters of the company. These include the Board Risk Oversight Committee, the Audit and Related Party Transactions Committee, the Corporate Governance Committee, the Remuneration Committee, and the Executive Committee.

  • The Board Risk Oversight Committee oversees (i) the Company’s Enterprise Risk Management system, including risks originating from subsidiaries, affiliates and investments and to ensure the functionality and effectiveness of said system; and (ii) the sustainability framework and periodic review of the said framework to ensure that it remains appropriate in light of material changes to the Company’s size, complexity and business strategy, as well as its business and regulatory environments.
  • The Audit and Related Party Transactions Committee is responsible for enhancing the Board’s oversight capability over the financial reporting, internal control system, internal and external audit processes, and compliance with applicable laws and regulations of Converge, and the Corporation’s Code of Conduct. It also reviews and evaluates related party transactions to enhance corporate transparency and promote fair transactions.
  • The Corporate Governance Committee has the duty and responsibility to assist the Board in the performance of its corporate governance responsibilities, and in reviewing and evaluating the qualifications of all persons nominated to the Board and other appointments that require Board approval. It also assists the Board in assessing the effectiveness of the Board’s processes and procedures in the election and replacement of directors.
  • The Remuneration Committee assists the Board in performing functions over Management’s recommendations on the remuneration plan, incentive schemes and other compensation and benefits of the Company .
  • The Executive Committee possesses the powers of the Board and has the right to use them in managing the business and affairs of Converge when the Board is not in session, except for certain actions and decisions.

Enterprise Risk Management. To achieve our corporate objectives, Converge acknowledged the need for the active management of the risks inherent in its business which should involve the entire organization. For this reason, we have set up a dedicated Enterprise Risk Management (ERM) Team, led by a Risk Management Director, reporting to the President and Chief Risk Officer. In 2021, we have established an Enterprise Risk Management (ERM) Program to manage imminent and emerging risks in our internal and external operating environments.

The ERM Program is aligned with the Company’s Manual of Corporate Governance which mandates the Board of Directors to ensure that a sound Enterprise Risk Management (ERM) framework is in place to effectively identify, monitor, assess and manage key business risks. In addition, the Company’s Board Risk Oversight Committee (BROC), provides oversight to management functions relating to strategic, financial, operational, compliance and other risks of the Company which involves periodic disclosure of risk exposures and related risk management activities.

The ERM framework based on ISO 31000:2018 has been adopted and provides the foundation for Converge’s management of risks through the ERM Program. It is anchored on the mandate and commitment from the Board of Directors and top management to implement the ERM process across the organization.  It is envisioned to be dynamic and shall be continuously improved to be responsive to the needs of the organization and attain Converge’s desired state. Converge has also adopted the ERM process defined in ISO 31000:2018 in managing risks.  At each stage of the risk management process, tools and techniques that are suited to the Company’s objectives, resources and capabilities shall be employed.

Through the ERM Program, we shall embed risk awareness within our company culture and effectively communicate to the Board and Management the risks that Converge could potentially face. We also look into ESG-related risks and assess how these could be incorporated into our ERM framework and eventually formalized in our applicable business processes, metrics and targets.

The Chief Executive Officer (CEO) is the comprehensive risk executive and is ultimately responsible for managing key risks, setting ERM priorities tolerances, and policies, and the development, execution, and monitoring of risk management strategies. The CEO provides direction on the design and implementation of appropriate systems, tools, and methodologies to support ERM processes and other risk management activities.

The Chief Risk Officer (CRO) is the ultimate champion of ERM at Converge; oversees the entire risk management function and the development, implementation, maintenance, and continuous improvement of ERM processes and tools. Supporting the CRO is the Enterprise Risk Management (ERM) Group and is responsible for developing risk management tools, methodologies and processes and leads the implementation and dissemination of ERM across Converge in coordination with the CRO and risk owners.

In 2021, our Senior Leadership Team (composed of the CEO, President/CRO and their direct reports) determined the most significant risks facing the Company. The management of top corporate risks, which have been mapped up to the department level, was delegated to the appropriate Risk Owners. The Risk Owners have formulated and committed to a risk management plan, monitored by the ERM Department, which defined specific action points, accountability, and timeline. The status of the top corporate risks is regularly discussed and reported to the Board Risk Oversight Committee.

The identified risks went through the following phases:

  • Analysis – This refers to the thorough understanding of each risk. This step involves consideration of the causes and sources of risks, their consequences or impact, the likelihood of the impact, and the effectiveness by which the risks are managed.
  • Evaluation – This involves comparing the level of risk found during the analysis process with established risk criteria. Based on this comparison, the need for treatment, further analysis and other alternative actions may be considered.
  • Treatment – The selection and implementation of strategies and actions to modify risks that need treatment based on the results of risk analysis and evaluation. Appropriate risk treatment options are selected by balancing the costs that are required and the benefits that can be derived from implementation.
  • Reporting and Monitoring – The implementation of selected options are planned, constantly monitored, and regularly reviewed. The responsibilities for implementation and monitoring have been defined.  The results of review and monitoring are recorded and reported internally and externally as appropriate.

In 2021, we have formalized the Environment, Social and Governance (“ESG”) Committee, a cross-functional working group responsible for determining risks and opportunities related to ESG and the implementation of our ESG and other sustainability-related initiatives. This committee also governs our Corporate Social Responsibility (“CSR”) Team that ensures CSR activities are being planned, implemented, and measured. Currently, the key focus areas of our CSR activities include the provision of: (1) basic needs in response to COVID-19 and natural disasters, (2) greening programs to mitigate impact on the environment, (3) partnerships and education programs for safer internet, and (4) digital learning tools and internet access to marginalized communities. In addition, we have put in place our Sustainability Framework and Roadmap.

Project Risk Management. Project risk management processes are embedded in all our key strategic and operational initiatives. We require each new major project to have a formal project risk assessment and mitigation plan. Risks and issues are part of regular status reporting and action plans to address the identified risks and issues are monitored accordingly.

As we set our sights on further expanding our reach and footprint, we continue to engage our talents in managing risks across the organization. With active involvement and appreciation of risk management at all levels within the organization, Converge is geared up to manage uncertainties in the business, regulatory, and physical environment, and is equipped to achieve and seize new business goals as we continue our pursuit of becoming a world class ICT organization that empowers people, business, and the nation to be their best.