Enterprise Risk Management (ERM) at Metlen is considered an integral part of business operations to identify risks and ensure business resilience.
At METLEN, the establishment of a strong risk culture is an essential aspect of our risk management practices, that promotes risk behaviors, pervades our willingness to accept risk, determines clear roles in risk management, and educates personnel on matters related to risks and controls.
Enterprise Risk Management at METLEN is seamlessly integrated into our decision-making and market analysis processes, ensuring business resilience by continuously identifying and assessing both existing and emerging risks and potential improvement opportunities at every level of the organization.
Enterprise Risk Management (ERM) is an area of high importance for METLEN because of its:
Risk governance structure effectively disseminates roles and responsibilities across METLEN to enhance risk awareness and management through a robust framework, fostering a strong risk culture from top to bottom
METLEN’s ERM framework, led by the Enterprise Risk Management Division, aims to establish a streamlined process for the identification, assessment, treatment, monitoring and reporting of enterprise risks, while potential improvement opportunities are identified with continuous reassessment of ERM Framework’s performance
Coherent methodology of risk monitoring and reporting is implemented both internally (Audit Committee, Board of Directors) and externally (annual reports, investors, regulators) to support risk oversight and effectively communicate risk information to parties of interest
Our ERM Framework aims to establish a streamlined process for the identification, assessment and reporting of risks that includes defined roles and responsibilities, risk terminology, assessment criteria, tools for the documentation of risks, as well as escalation and reporting lines.
Clarifying scope, objectives and risk assessment criteria, identifying stakeholders and understanding organizational environments
Recognizing potential events impacting organization's goals, and assigning accountability through risk owners
Analyzing risks by assessing their impact, probability and the design of the internal control system to determine inherent and residual risk levels
Prioritizing risks to determine the most significant risks of the organization and comparing risk results with the risk appetite levels to consider the need for treatment
Implementing appropriate risk responses to effectively manage exposures according to METLEN risk appetite and the level of risk rating
Monitoring risk trends, treatment status, and ERM framework performance regularly to identify potential improvement opportunities
Communication of risk and mitigation actions and progress to different stakeholders (e.g., Board of Directors, Audit Committee, Senior Management) to facilitate risk oversight, promoting risk awareness and understanding of risks
Risk governance structure ensures the independence of the Enterprise Risk Management (ERM) Division, provides the communication and reporting lines to escalate significant risks and analyze risk profile, promotes close collaboration of the ERM Division with Risk Owners and other internal assurance providers and establishes the roles and responsibilities of all parties that participate in risk management.
i.Board has an overall responsibility, exercising oversight for enterprise risk management
ii.Establishes and defines the risk appetite
iii.Monitors key risks, considers risks that affect strategy and leverages risk information into decision-making
iv.Approves the Enterprise Risk Management Policy
i. Supports Board in monitoring the effectiveness of enterprise risk management and internal control system
ii. Reports on key risks and the progress of mitigation plans on periodic basis
i. Participate in the formulation of the risk appetite framework
ii. Accountable of the proper identification, assessment and treatment of enterprise risks, based on the ERM framework
iii. Promote an ethical and risk-oriented culture across business sectors
iv. Analyze the effect of principal risks and discuss upcoming emerging risks
i. Internal Audit provides independent and objective assurance on the adequacy and effectiveness of governance, risk management, and control processes
i.Enterprise Risk Management Division, Compliance Division and Information Security Officer are responsible for providing risk assurance services in their respective area
i.All business units and their respective process, risk and control owners that are responsible to manage risks on daily operations and escalate concerns/ issues that may alert the severity of risks
Risks that may arise due to ineffective management of financial markets’ volatility and incorrectly, miscalculated, omitted, or misrepresented financial information to external users such as investors and regulators, or internal stakeholders
1. Commodities
2. Credit
3. Foreign Exchange
4. Interest Rates
5. Liquidity
6. Statutory Reporting
Risks that may arise from failure to identify factors relating to macroeconomic and sociopolitical conditions that will affect the ability of the organization to maintain or increase its revenue and profitability in a specific business environment
7. Macroeconomics
8. Commercial & Competition
9. Geopolitical
10. Energy Supply
Risks that may arise from ineffectively managing regulatory and legal risks and failure to comply with internal procedures resulting in regulatory censure, adverse financial or reputational impact
11. Internal & External Fraud
12. Compliance
13. Contractual
14. GDPR
15. Licensing
16. Regulatory
Risks that may arise from inadequate or failed internal processes or systems, or ineffective human resource management, or from external events
17. Business Continuity
18. Information Systems
19. Insurance
20. Operational Efficiency
21. Supply Chain Management
22. People
23. Project Planning & Execution
24. Product Quality
25. Corporate Governance & Internal Control System
Risks that may offer benefits to the organization or threats that may arise from adverse business decisions, poor implementation and execution of the organization’s strategy, or lack of responsiveness to strategic plan deviations caused by external or internal factors
26. Health, Safety & Environment
27. Culture
28. Investment Decisions
29. Long-term Resources Availability
30. Technological
31. Investors
32. Sustainability
