ERM Framework and Process
At SMIC, Enterprise Risk Management (ERM) actively supports sustainable growth and long-term value creation by embedding a disciplined and integrated risk management approach across the organization. Anchored in prudent risk management principles, the ERM framework strengthens governance, enhances strategic execution, and reinforces resilience in an increasingly complex and dynamic business environment.
SMIC’s ERM framework directly supports the Group’s strategy of market leadership and continuous innovation. Through a structured process that systematically identifies, assesses, manages, and monitors risks within a defined risk appetite, the framework enables the organization to navigate evolving business conditions while capitalizing on emerging opportunities. Continuous monitoring and periodic evaluation ensure the framework remains effective, adaptive, and aligned with strategic priorities.
Risk management is embedded into annual planning, investment gating, capital allocation, procurement processes, project approvals, and change management initiatives. By integrating risk considerations into decision-making processes across business units and the broader SM Group, SMIC enhances informed decision-making, strengthens operational discipline, and supports sustainable success in a consumer-driven economy.
SMIC’s ERM framework is structured around four interconnected pillars that reinforce comprehensive integration of risk management across the Group:
Leadership Alignment and Governance Commitment
Integrated Strategy and Objective Setting
Design and Effective Implementation
Performance Evaluation and Continuous Improvement
SMIC’s risk assessment process begins with systematic identification of relevant risks, encompassing strategic, operational, financial, technological, geopolitical, ESG, and emerging risks. Risks are evaluated based on likelihood, financial and non-financial impact, velocity, and potential interdependencies. Prioritized risks form the basis for mitigation strategies, action plans, and continuous monitoring. This structured approach enhances resilience while enabling the Group to respond proactively to both risks and opportunities.
Identify Risks
Assess and Prioritise
Likelihood, impact, velocity, and interdependency analysis
Mitigate and Manage
Monitor and Report
Roles and Responsibilities
SMIC operates on the principle that risk management is a shared responsibility embedded throughout the organization. Risk awareness and accountability extend from the Board of Directors to operational units.
Board Oversight and Governance
The Board of Directors, through the Risk Management Committee (RMC), provides ultimate oversight of the ERM framework. The Board ensures that risk management is effectively integrated into corporate governance and aligned with the Group’s strategic objectives.
The RMC:
- Reviews and approves the Group’s risk appetite
- Ensures appropriate risk management systems and controls are in place
- Monitors key risk exposures and mitigation strategies
- Reviews operational, financial, compliance, and strategic controls
- Assesses the effectiveness of risk management and internal control systems
The Board receives regular updates on key risks and emerging risk developments, affirming the continued adequacy and integrity of the Company’s internal control and risk management systems.
Management
Management, collectively, is ultimately responsible for supporting the Board of Directors through the RMC Chairman and the Office of the Vice Chairperson in ensuring that the
Company accepts an appropriate level of risk in pursuit of its strategic objectives. The Chief Risk Officer (CRO) leads and coordinates the ERM process across the Group, ensuring that risks are properly identified, assessed, managed, and reported.
The CRO collaborates closely with Business Unit Heads and Functional Leaders to integrate risk management into operational processes and strategic initiatives. Major Group risks, mitigation strategies, and emerging exposures are reported at least bi-annually to the Board through the RMC and Executive Committee.
The CRO is supported by a dedicated team for overseeing the effective implementation of the ERM framework at the holding company level and for the continuous enhancement of SMIC’s risk management program, in coordination with the Business Unit CRO.
Risk identification, assessment, mitigation, and reporting responsibilities are delegated to designated risk owners, composed of Business Unit and Department Heads. These leaders manage operational risks within their respective areas and ensure that controls remain adequate and effective in alignment with the Group’s ERM framework.
Internal Audit
To ensure objective oversight, SMIC’s Internal Audit (IA) function, led by the Chief Audit Executive (CAE), performs independent evaluations of governance systems, risk management processes, and internal controls. IA provides objective assurance regarding control effectiveness and the adequacy of mitigation measures.
An annual attestation on the adequacy and effectiveness of the Company’s internal control and compliance systems is issued by the CAE. Control deficiencies and emerging risk issues are reported directly to the Audit Committee, accompanied by recommendations to strengthen governance and risk management practices.
Risk Appetite
SMIC’s enterprise-wide risk assessment identifies key exposures across ESG, geopolitical, macroeconomic, human capital, technology, strategic, and financial domains. These risks are managed within established risk appetite thresholds and are evaluated not only for their potential adverse impact but also for the strategic opportunities they may present.
SMIC pursues growth opportunities while maintaining disciplined risk management across the Group. The Board, through the Risk Management Committee, sets and reviews the Group’s risk appetite to ensure it remains aligned with strategic objectives and stakeholder expectations.
Strategic
SMIC pursues disciplined expansion and innovation, ensuring that strategic and growth decisions are grounded in comprehensive analysis and aligned with long-term value creation objectives.
Financial
The Group manages financial risk by balancing leverage and returns to sustain financial health and deliver consistent value to shareholders.
Operations
SMIC focuses on efficiency and resilience through robust internal controls and continuous process improvement to manage operational exposures across the Group.
Compliance
The Group upholds strict regulatory adherence across all jurisdictions and business units, treating compliance as a non-negotiable foundation for protecting its license to operate.
Climate & Sustainability
SMIC actively navigates climate transition opportunities and embeds environmental considerations into strategic planning, ensuring sustainability risks are proactively managed across the Group.
Reputation and Branding
The Group prioritizes the protection of its brand and the trust of its stakeholders in all business conduct, maintaining the highest standards of integrity and transparency.
Risk appetite guides strategic decision-making across the Group and is embedded in the annual planning, investment approval, and performance management processes.
Key Risks and Opportunities
SMIC’s comprehensive enterprise-wide risk assessment identifies key exposures across ESG, geopolitical, macroeconomic, human capital, technology, strategic, and financial domains. These risks are managed within established risk appetite thresholds and are evaluated not only for their potential adverse impact but also for the strategic opportunities they may present.
- Geopolitical and Country Risk
SMIC operates primarily within the Philippines, but remains subject to the indirect effects of global geopolitical tensions, macroeconomic shifts, and evolving regulatory standards. Global developments can influence domestic market conditions, supply chain stability, and investment feasibility.
Mitigation: SMIC mitigates these risks through proactive monitoring of global geopolitical and regulatory developments to assess their potential domestic implications.
Opportunity: Global supply chain realignment and regionalization trends present opportunities for strategic investments in domestic capacity expansion, infrastructure development, and sectors benefiting from localization initiatives.
- Macroeconomic and Inflation Risk
Macroeconomic volatility, including inflationary pressures, interest rates and currency fluctuations, and potential economic slowdown, may affect consumer demand, operating margins, asset valuations, and financing costs.
Mitigation: SMIC manages these exposures through prudent financial policies, diversified funding sources, liquidity buffers, and stress testing integrated into capital planning and portfolio management. Continuous monitoring of macroeconomic indicators supports informed capital allocation decisions.
Opportunity: Periods of market dislocation may create attractive entry valuations for long-term investments. Strong balance sheet management positions SMIC to deploy capital countercyclically when strategic opportunities arise.
- Human and Talent Risk
The Group’s ability to execute its strategy depends on attracting, developing, and retaining high-quality talent. Competitive labor markets, leadership succession challenges, and evolving workforce expectations may impact operational effectiveness and innovation capacity.
Mitigation: SMIC addresses these risks through structured succession planning, leadership development initiatives, performance-aligned incentives, employee engagement programs, and investments in digital upskilling. Risk ownership at business unit level ensures continuity of key roles and knowledge transfer.
Opportunity: A strong talent strategy enhances innovation, strengthens execution capability, and supports long-term competitive advantage.
- ESG and Sustainability Risks
SMIC manages environmental, social, and governance risks through structured sustainability oversight and coordination with the ERM function. Key exposures include Climate Physical Risks, Climate Transition Risks, Customer and Community Safety Risks, and broader reputational considerations.
Mitigation: Mitigation measures include updates to Business Continuity and Disaster Recovery Plans (BCP/DRP), enhanced insurance coverage, sustainability governance oversight, and resource efficiency initiatives embedded in daily operations. The Sustainability Team regularly reports progress on the Group’s sustainability roadmap to the Steering Committee, with relevant updates provided to the Board through the Corporate Governance and Sustainability Committee. Close coordination with the CRO ensures enterprise-wide integration.
- Technology and Cyber Risk
SMIC proactively manages technology risks, including cybersecurity threats, system vulnerabilities, technology obsolescence, and emerging AIrelated risks such as model governance and deepfake threats.
Mitigation: To strengthen digital resilience, SMIC has established an IT Council, AI Council, and Information Security Council. These bodies foster collaboration, establish best practices, and oversee the implementation of a comprehensive cybersecurity control framework. Regular vulnerability assessments, penetration testing conducted through third-party engagements, and tabletop exercises form part of the Group’s BCP/DRP program. Continuous monitoring enhances threat detection and response capabilities.
Opportunity: Strategic adoption of digital technologies and AI enhances operational efficiency, data-driven decision-making, and innovation capacity.
- Financial and Capital Allocation Risk
SMIC diligently manages liquidity, market, refinancing, and capital allocation risks. Volatility in capital markets may affect funding access and cost of capital.
Mitigation: The Group mitigates these risks through diversified funding sources, disciplined leverage management, continuous monitoring of capital markets, and structured investment governance processes. Performance and capital allocation risks are assessed to ensure optimal deployment of resources aligned with strategic objectives.
Opportunity: Strong financial discipline enhances resilience and enables the Group to capitalize on strategic growth opportunities during periods of market volatility.
- Strategy and Portfolio Management
Effective execution of strategic initiatives, integration of investments, and alignment between growth objectives and risk appetite are critical to long-term performance.
Mitigation: SMIC employs disciplined investment approval processes, project gating mechanisms, and post-investment performance monitoring to ensure accountability and value realization.
Management Commitment
SMIC’s integrated approach to enterprise risk management reflects its commitment to safeguarding operations, strengthening governance, and delivering sustainable value for stakeholders. By embedding risk awareness across all levels of the organization and aligning risk management with strategy, capital allocation, and sustainability objectives, the Group enhances resilience while positioning itself to capture emerging opportunities in a rapidly evolving business landscape.