FNI recognizes that risk is inherent in all opportunities. To remain at the forefront of today’s market, we believe in adopting an integrated approach on enterprise risk management that capitalizes on the value gained from managing risks and delivers on the requirements of all stakeholders – Company, shareholders, employees, suppliers, investors, regulatory agencies and communities.
At FNI, we recognize that Enterprise Risk Management is not a function or department, rather, it is a process, effected by an entity’s board of directors, management and other personnel, enterprise-wide at strategic level, designed to identify potential events that may affect the entity, and manage risks to remain within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives . Furthermore, we recognize the importance of ERM in strategic planning and in embedding it throughout FNI’s organization as it influences and aligns strategy and performance across all departments and functions (within the FNI Organization). FNI’s ERM System, as designed, is based on the prominent COSO ERM Framework.
The eight (8) interrelated component of the Framework can be summarized into five (5) principles:
Derived from COSO Enterprise Risk Management – Integrated Framework, September 2004.
- Governance and Culture: where FNI’s board and top management set the organization’s tone and culture towards understanding of risk affecting the organization (internal and external factors); part of establishing good governance is reinforcing oversight responsibilities for enterprise risk management.
- Strategy and Objective-Setting: where FNI establishes its risk appetite and aligned with strategy; business objectives put strategy into practice while serving as a basis for identifying, assessing, and responding to risk.
- Performance: where risks are prioritized by severity in the context of established risk appetite; FNI then implement risk responses.
- Review and Revision: where FNI’s ERM components are reviewed against the actual performance, to determine if revisions in the risk response is needed. Accordingly, it is imperative that FNI shall pursue continuous improvements.
- Information, Communication, and Reporting: where FNI’s ERM System requires the continual process of information sharing, from both internal and external sources across all level the organization. Regular communication about risk management to the Board, ManCom, and other key stakeholders is established.
FNI Management holds overall responsibility for managing risk to the entity and to continue to enhance its conversation with the board and stakeholders about using enterprise risk management to gain a competitive advantage. That starts by deploying enterprise risk management capabilities as part of selecting and refining a strategy.
The Board, through its Audit and Board Risk Oversight Committee, has the responsibility for overseeing risk management within the Company. FNI designated a lean ERM core team in support of the ERM Structure where Corporate Internal Audit, as established in its IA charter, shall help the management assess the effectiveness of FNI’s Risk Management System and identify opportunity/ies for improvement. CIA will also assist in the ERM oversight role of the Board, with the support of the SVP for Legal and Compliance, SVP for Operations and SVP for Finance; as such significant risks and related risk strategies and the status of the risk management initiatives are communicated on a regular basis.
FNI Risk Management Oversight Structure
In 2015, FNI started its ERM journey with an ERM Awareness Session. With external professional help, the Company was able to have a structured and well-defined process as it went through the ERM activities implemented in three (3) phases.
Three (3) Phase Implementation of FNI ERM System
Activities in establishing FNI’s ERM; as conducted and facilitated by SGV
ERM Participants – Surigao
ERM Participants – Makati City
As a result, FNI’s ERM System identified its key business risks, which affected interrelated risk drivers. Accordingly, ERM team agreed to implement risk responses and strategies to address the risks drivers and key business risks as a whole. Updates on the status of RM response and strategies are reported to the Board, President, ManCom and key stakeholders, on a periodic basis as a agreed and approved by the Audit and Board Risk Oversight Committee.