The primary responsibility for the design, implementation and maintenance of internal control rests on Management; while the Board and its Audit and Risk Management Committee oversee the actions of Management and monitor the effectiveness of the controls put in place. The independent mechanisms to monitor and evaluate the existence and effectiveness of internal controls are provided by the external auditor and the internal auditor. The external auditor provides an independent and objective assurance on the preparation and presentation of the Company's financial statements, while the internal auditor functions as an independent audit that provides reasonable assurance on the achievement of the Company's internal control objectives, specifically on the reliability of financial reporting, effectiveness and efficiency of operations, and compliance with the applicable laws and regulations.
Since 2005, the Company has been conducting periodic strategy and self-assessments to evaluate risks and their likely impact on its business performance.
In 2010, the Company adopted an expanded approach to manage various business risks to cover its subsidiaries and associate companies. Management embarked on a series of briefings and workshops aimed at building competencies, identifying threats, exploiting opportunities and managing risks among its core business units. Using the Meralco Enterprise Risk Management Framework contained in the Meralco Risk Management Policy Manual, an enterprise risk management capability development program for subsidiaries and associate companies was conducted with the assistance of an expert from the Asian Institute of Management.
An executive briefing on Corporate Governance for the Board, the Management, and key officers of subsidiaries and affiliates was conducted on December 15, 2010 by the Asian Risk Management Institute (ARiMI), which discussed the integration of Corporate Governance and Enterprise Risk Management to foster sustainable effective performance.
Meralco has an existing Risk Management Policy Manual, approved in September 2009, which aims to enhance shareholder value through a risk management framework. This framework includes procedures for identifying and reviewing risks and in ensuring that mitigation and management activities are undertaken. It defines the infrastructure that guides employees, Senior Management and the Board in making appropriate decisions for managing Meralco's risk portfolio to meet its goals and strategies.
In 2011, Meralco intensified its risk management awareness campaign by expanding its Risk Management Office's function and scope to include external risks involving subsidiaries and associates. Meralco's annual Risk Self-Assessment activity included the identification and verification of critical business risks of both Meralco and its subsidiaries. The top business risks that were identified in the process served as valuable inputs in Meralco's planning and budgeting activities.
The control environment of Meralco consists of:
- The Board which ensures that Meralco is properly managed and effectively supervised;
- A Management that handles day-to-day operations and ensures that sound and prudent decisions and actions are made;
- The organizational and procedural controls supported by effective management information and risk management reporting systems; and
- An independent audit mechanism to monitor the adequacy and effectiveness of Meralco's financial reporting, governance, operations, and information systems, including the reliability and integrity of financial and operational information, the effectiveness and efficiency of operations, the safeguarding of assets, confidential information, and compliance with laws, rules and regulations and contracts.
