Principle 8: Enhancing Company Explanation
Disclosure Policies and Procedures A disclosure on the board members and key executives’
information is prescribed under Rule 12 Annex C of the
• The company should establish corporate SRC. According to best practices and standards, proper
disclosure policies and procedures that are disclosure includes directors and key officers’
practical and in accordance with best practices qualifications, share ownership in the company,
and regulatory expectations. membership of other boards, other executive positions,
continuous trainings attended and identification of
independent directors.
Recommendation 8.1
Recommendation 8.4
The Board should establish corporate disclosure policies
and procedures to ensure a comprehensive, accurate, The company should provide a clear disclosure of its
reliable and timely report to shareholders and other policies and procedure for setting Board and executive
stakeholders that gives a fair and complete picture of a remuneration, as well as the level and mix of the same in
company’s financial condition, results and business the Annual Corporate Governance Report. Also,
operations. companies should disclose the remuneration on an
individual basis, including termination and retirement
Explanation provisions.
Setting up clear policies and procedures on corporate Explanation
disclosure that comply with the disclosure requirement as
provided in Rule 68 of the Securities Regulation Code Disclosure of remuneration policies and procedure
(SRC), Philippine Stock Exchange Listing and Disclosure enables investors to understand the link between the
Rules, and other regulations such as those required by remuneration paid to directors and key management
the Bangko Sentral ng Pilipinas, is essential for personnel and the company’s performance. The Revised
comprehensive and timely reporting. Code of Corporate Governance requires only a disclosure
of all fixed and variable compensation that may be paid,
directly or indirectly, to its directors and top four
Recommendation 8.2 management officers during the preceding fiscal year.
However, disclosure on board and executive
The Company should have a policy requiring all directors remuneration on an individual basis (including
and officers to disclose/report to the company any termination and retirement provisions) is increasingly
dealings in the company’s shares within three business regarded as good practice and is now mandated in many
days. countries.
Explanation Recommendation 8.5
Directors often have access to material inside information The company should disclose its policies governing
on the company. Hence, to reduce the risk that the Related Party Transactions (RPTs) and other unusual or
directors might take advantage of this information, it is infrequently occurring transactions in their Manual on
crucial for companies to have a policy requiring directors Corporate Governance. The material or significant RPTs
to timely disclose to the company any dealings with the reviewed and approved during the year should be
company shares. It is emphasized that the policy is on disclosed in its Annual Corporate Governance Report.
internal disclosure to the company of any dealings by the
director in company shares. This supplements the Explanation
requirement of Rules 18 and 23 of the Securities
Regulation Code. A full, accurate and timely disclosure of the company’s
policy governing RPTs and other unusual or infrequently
Recommendation 8.3 occurring transactions, as well as the review and approval
of material and significant RPTs, is regarded as good
The Board should fully disclose all relevant and material corporate governance practice geared towards the
information on individual board members and key prevention of abusive dealings and transactions and the
executives to evaluate their experience and qualifications, promotion of transparency. These policies include
and assess any potential conflicts of interest that might ensuring that transactions occur at market prices and
affect their judgment. under conditions that protect the rights of all
shareholders. The said disclosure includes directors and
�key executives reporting to the Board when they have Recommendation 9.1
RPTs that could influence their judgment.
The Audit Committee should have a robust process for
Recommendation 8.6 approving and recommending the appointment,
reappointment, removal, and fees of the external auditor.
The company should make a full, fair, accurate and timely The appointment, reappointment, removal, and fees of
disclosure to the public of every material fact or event that the external auditor should be recommended by the Audit
occurs, particularly on the acquisition or disposal of Committee, approved by the Board and ratified by the
significant assets, which could adversely affect the shareholders. For removal of the external auditor, the
viability or the interest of its shareholders and other reasons for removal or change should be disclosed to the
stakeholders. Moreover, the Board of the offeree regulators and the public through the company website
company should appoint an independent party to and required disclosures.
evaluate the fairness of the transaction price on the
acquisition or disposal of assets. Explanation
Explanation The appointment, reappointment and removal of the
external auditor by the Board’s approval, through the
The disclosure on the acquisition or disposal of significant Audit Committee’s recommendation, and shareholders’
assets includes, among others, the rationale, effect on ratification at shareholders’ meetings are actions
operations and approval at board meetings with regarded as good practices. Shareholders’ ratification
independent directors present to establish transparency clarifies or emphasizes that the external auditor is
and independence on the transaction. The independent accountable to the shareholders or to the company as a
evaluation of the fairness of the transparent price ensures whole, rather than to the management whom he may
the protection of the rights of shareholders. interact with in the conduct of his audit.
Recommendation 8.7 Recommendation 9.2
The company’s corporate governance policies, programs The Audit Committee Charter should include the Audit
and procedures should be contained in its Manual on Committee’s responsibility on assessing the integrity and
Corporate Governance, which should be submitted to the independence of external auditors and exercising
regulators and posted on the company’s website. effective oversight to review and monitor the external
auditor’s independence and objectivity and the
Explanation effectiveness of the audit process, taking into
consideration relevant Philippine professional and
Transparency is one of the core principles of corporate regulatory requirements. The Charter should also contain
governance. To ensure the better protection of the Audit Committee’s responsibility on reviewing and
shareholders and other stakeholders’ rights, full monitoring the external auditor’s suitability and
disclosure of the company’s corporate governance effectiveness on an annual basis.
policies, programs and procedures is imperative. This is
better done if the said policies, programs and procedures
Explanation
are contained in one reference document, which is the
Manual on Corporate Governance. The submission of the
Manual to regulators and posting it in companies’ The Audit Committee Charter includes a disclosure of its
websites ensure easier access by any interested party. responsibility on assessing the integrity and
independence of the external auditor. It establishes
detailed guidelines, policies and procedures that are
contained in a separate memorandum or document.
Principle 9: Strengthening the Nationally and internationally recognized best practices
and standards of external auditing guide the committee
External Auditor’s Independence and in formulating these policies and procedures. Moreover,
Improving Audit Quality establishing effective communication with the external
auditor and requiring them to report all relevant matters
help the Audit Committee to efficiently carry out its
• The company should establish standards for the oversight responsibilities.
appropriate selection of an external auditor, and
exercise effective oversight of the same to
strengthen the external auditor’s independence
and enhance audit quality.
�Recommendation 9.3 shareholders and other stakeholders of the company’s
strategic (long-term goals) and operational objectives
The company should disclose the nature of non-audit (short-term goals), as well as the impact of a wide range
services performed by its external auditor in the Annual of sustainability issues.
Report to deal with the potential conflict of interest. The Disclosures can be made using standards/frameworks,
Audit Committee should be alert for any potential conflict such as the G4 Framework by the Global Reporting
of interest situations, given the guidelines or policies on Initiative (GRI), the Integrated Reporting Framework by
non-audit services, which could be viewed as impairing the International Integrated Reporting Council (IIRC)
the external auditor’s objectivity. and/or the Sustainability Accounting Standards Board
(SASB)’s Conceptual Framework.
Explanation
The Audit Committee, in the performance of its duty, Principle 11: Promoting a
oversees the overall relationship with the external auditor.
It evaluates and determines the nature of non-audit Comprehensive and Cost-Efficient
services, if any, of the external auditor. Further, the Access to Relevant Information
Committee periodically reviews the proportion of non-
audit fees paid to the external auditor in relation to the
corporation’s overall consultancy expenses. Allowing the • The company should maintain a comprehensive
same auditor to perform non-audit services for the and cost-efficient communication channel for
company may create a potential conflict of interest. In disseminating relevant information. This channel
order to mitigate the risk of possible conflict between the is crucial for informed decision-making by
auditor and the company, the Audit Committee puts in investors, stakeholders and other interested
place robust policies and procedures designed to promote users.
auditor independence in the long run. In formulating
these policies and procedures, the Committee is guided Recommendation 11.1
by nationally and internationally recognized best practices
and regulatory requirements or issuances. The company should include media and analysts’ briefings
as channels of communication to ensure the timely and
accurate dissemination of public, material and relevant
information to its shareholders and other investors.
Principle 10: Increasing Focus on
Explanation
Non-Financial and Sustainability
Reporting The manner of disseminating relevant information to its
intended users is as important as the content of the
information itself. Hence, it is essential for the company
• The company should ensure that the material and
to have a strategic and well-organized channel for
reportable non-financial and sustainability issues
reporting. These communication channels can provide
are disclosed.
timely and up-to-date information relevant to investors’
decision-making, as well as to other interested
Recommendation 10.1
stakeholders.
The Board should have a clear and focused policy on the
disclosure of non-financial information, with emphasis on Principle 12: Strengthening the
the management of economic, environmental, social and
governance (EESG) issues of its business, which underpin Internal Control System and
sustainability. Companies should adopt a globally Enterprise Risk Management
recognized standard/framework in reporting sustainability
and non-financial issues. Framework
Explanation • To ensure the integrity, transparency and proper
governance in the conduct of its affairs, the
As external pressures including resource scarcity, company should have a strong and effective
globalization, and access to information continue to internal control system and enterprise risk
increase, the way corporations respond to sustainability management framework.
challenges, in addition to financial challenges, determines
their long-term viability and competitiveness. One way to
respond to sustainability challenges is disclosure to all
�Recommendation 12.1 d. Performs compliance audit of relevant laws, rules
and regulations, contractual obligations and other
The Company should have an adequate and effective commitments, which could have a significant
internal control system and an enterprise risk impact on the organization;
management framework in the conduct of its business, e. Reviews, audits and assesses the efficiency and
taking into account its size, risk profile and complexity of effectiveness of the internal control system of all
operations. areas of the company;
f. Evaluates operations or programs to ascertain
Explanation whether results are consistent with established
objectives and goals, and whether the operations
or programs are being carried out as planned;
An adequate and effective internal control system and an
g. Evaluates specific operations at the request of the
enterprise risk management framework help sustain safe
Board or Management, as appropriate; and
and sound operations as well as implement management
h. Monitors and evaluates governance processes.
policies to attain corporate goals. An effective internal
control system embodies management oversight and
control culture; risk recognition and assessment; control A company’s internal audit activity may be a fully
activities; information and communication; monitoring resourced activity housed within the organization or may
activities and correcting deficiencies. Moreover, an be outsourced to qualified independent third party service
effective enterprise risk management framework typically providers.
includes such activities as the identification, sourcing,
measurement, evaluation, mitigation and monitoring of Recommendation 12.3
risk.
Subject to a company’s size, risk profile and complexity of
Recommendation 12.2 operations, it should have a qualified Chief Audit
Executive (CAE) appointed by the Board. The CAE shall
The Company should have in place an independent oversee and be responsible for the internal audit activity
internal audit function that provides an independent and of the organization, including that portion that is
objective assurance, and consulting services designed to outsourced to a third party service provider. In case of a
add value and improve the company's operations. fully outsourced internal audit activity, a qualified
independent executive or senior management personnel
should be assigned the responsibility for managing the
Explanation
fully outsourced internal audit activity.
A separate internal audit function is essential to monitor
Explanation
and guide the implementation of company policies. It
helps the company accomplish its objectives by bringing
a systematic, disciplined approach to evaluating and The CAE, in order to achieve the necessary independence
improving the effectiveness of the company’s to fulfill his/her responsibilities, directly reports
governance, risk management and control functions. The functionally to the Audit Committee and administratively
following are the functions of the internal audit, among to the CEO. The following are the responsibilities of the
others: CAE, among others:
a. Provides an independent risk-based assurance a. Periodically reviews the internal audit charter and
service to the Board, Audit Committee and presents it to senior management and the Board
Management, focusing on reviewing the Audit Committee for approval;
effectiveness of the governance and control b. Establishes a risk-based internal audit plan, including
processes in (1) promoting the right values and policies and procedures, to determine the priorities of
ethics, (2) ensuring effective performance the internal audit activity, consistent with the
management and accounting in the organization, organization’s goals;
(3) communicating risk and control information, c. Communicates the internal audit activity’s plans,
and (4) coordinating the activities and resource requirements and impact of resource
information among the Board, external and limitations, as well as significant interim changes, to
internal auditors, and Management; senior management and the Audit Committee for
b. Performs regular and special audit as contained review and approval;
in the annual audit plan and/or based on the d. Spearheads the performance of the internal audit
company’s risk assessment; activity to ensure it adds value to the organization;
c. Performs consulting and advisory services related e. Reports periodically to the Audit Committee on the
to governance and control as appropriate for the internal audit activity’s performance relative to its
organization; plan; and
�f. Presents findings and recommendations to the Audit and action plans to the Board Risk Oversight
Committee and gives advice to senior management Committee;
and the Board on how to improve internal processes. c. Collaborates with the CEO in updating and
making recommendations to the Board Risk
Recommendation 12.4 Oversight Committee;
d. Suggests ERM policies and related guidance, as
Subject to its size, risk profile and complexity of may be needed; and
operations, the company should have a separate risk e. Provides insights on the following:
management function to identify, assess and monitor
key risk exposures. • Risk management processes are performing as
intended;
Explanation • Risk measures reported are continuously
reviewed by risk owners for effectiveness; and
• Established risk policies and procedures are being
The risk management function involves the following
complied with.
activities, among others:
There should be clear communication between the
1. Defining a risk management strategy;
Board Risk Oversight Committee and the CRO.
2. Identifying and analyzing key risks exposure
relating to economic, environmental, social and
governance (EESG) factors and the achievement
of the organization’s strategic objectives;
3. Evaluating and categorizing each identified risk
using the company’s predefined risk categories
and parameters;
4. Establishing a risk register with clearly defined,
prioritized and residual risks;
5. Developing a risk mitigation plan for the most
important risks to the company, as defined by the
risk management strategy;
6. Communicating and reporting significant risk
exposures including business risks (i.e., strategic,
compliance, operational, financial and
reputational risks), control issues and risk
mitigation plan to the Board Risk Oversight
Committee; and
7. Monitoring and evaluating the effectiveness of
the organization's risk management processes.
Recommendation 12.5
In managing the company’s Risk Management
System, the company should have a Chief Risk Officer
(CRO), who is the ultimate champion of Enterprise
Risk Management (ERM) and has adequate authority,
stature, resources and support to fulfill his/her
responsibilities, subject to a company’s size, risk
profile and complexity of operations.
Explanation
The CRO has the following functions, among others:
a. Supervises the entire ERM process and
spearheads the development, implementation,
maintenance and continuous improvement of
ERM processes and documentation;
b. Communicates the top risks and the status of
implementation of risk management strategies
