Enterprise Risk Management

The Board of Directors of the Company has the duty and responsibility to identify key risk areas and key performance indicators of the Company and monitor these factors with due diligence.TheManagement is responsible for the implementation and maintenance of internal control while the Boardof Directors and the Audit Committee oversee the actions of Management and monitor the effectiveness of the controls put in place.

Oversight of financial management functions are also performed by the Audit Committee, specifically in areas of managing credit, market, liquidity, operational, legal and other risks of the Company, crisis management, and corporate governance compliance.

The External and Internal Auditors provide independent mechanisms to monitor and evaluate the existence and effectiveness of internal controls. The Internal Auditor reports to the Audit Committee and to Management the significant risk exposures, control issues, and such other matters as may be needed or requested by the Board and Management, and provides assurance on the reliability of financial reporting and compliance with applicable laws and regulations. The Internal Audit Group undertakes both regular and ad hoc reviews of the risk management controls and procedures of the Company, the results of which are reported to the Audit Committee. The External Auditor enables an environment of good corporate governance as reflected in the financial records and reports of the Company and provide objective assurance on the manner by which the financial statements shall be prepared and presented to the shareholders.

Risk management functions are similarly performed at the management committee level of each subsidiary of the Company, as well as assumed by the heads of each business unit and corporate service unit of such subsidiaries. Further, every manager is tasked to ensure compliance with all operational and financial controls in his/her area of responsibility and to implement internal controls as part of the total system to achieve the goals of the Company and its subsidiaries. Managers conduct regular evaluation of existing policies, systems and procedures to ensure that these remain relevant and effective to the current operating environment. Management also gives prompt and cooperative consideration to recommend improvement measures made by independent internal or external audit groups.