CORPORATE GOVERNANCE

Enterprise Risk Management and Internal Controls

JGS recognizes the increasing importance of sound risk management practices in driving business growth and sustainability. The Company acknowledges that viewing business risks and opportunities in the context of sustainable development is the way to remain responsive, relevant, and successful. Aware of its volatile, uncertain, complex, and ambiguous (VUCA) business environment, the Company emphasizes critical, emerging, and systemic risks and drivers, including ESG risks and megatrends, to ensure that these are managed well and the interests of stakeholders are protected.

Risk Governance

Skip to...

Risk Governance

Board of Directors AURROC Chief Risk Officer Risk Council Risk Champions Risk Owners Internal Audit

Risk Governance

The role of Enterprise Risk Management (ERM) is to establish and maintain a sound framework to effectively identify, monitor, assess and manage key business risks. The risk management framework guides the Board in identifying business unit and enterprise-level risk exposures, as well as in evaluating the effectiveness of risk management strategies. The following structure represents the line of responsibility of key functions that ensure the effective management of all risks that are considered material to the Company.

Click the diagram to view

Board of Directors

The Board of Directors (BOD) is responsible for overseeing the Company’s ERM policies and procedures. The BOD sets clear directions on managing the most important risks and evaluates the overall effectiveness of the ERM process, both at the operating company level and the JGS level. The BOD reviews Management reports with due diligence to enable the Company to anticipate, minimize, control, and manage risks or possible threats to its operational and financial viability.

Audit, Related Party Transactions and Risk Oversight Committee (AURROC)

The Audit, Related Party Transactions and Risk Oversight Committee (AURROC) oversees the implementation of the ERM plan in accordance with the Board-approved policies and procedures. It also ensures the Board is fully informed about material risk exposures, mitigation actions, and residual risks.

Chief Risk Officer

The Chief Risk Officer (CRO) leads the Enterprise Risk Management process, which ensures a sound ERM framework is in place to effectively identify, monitor, assess, and manage key business risks. The CRO spearheads the development, implementation, maintenance, and continuous improvement of ERM processes and documentation and communicates significant risk exposures, control issues, and risk management plans to the AURROC.

The Board appointed Brian M. Go as the Chief Finance and Risk Officer (CFRO) of JGS. Under the risk and controls function, the CFRO is the steward of risk management, specifically those that have financial impact and affect company value.

Risk Council

The Risk Council supports the CRO in identifying key risk exposures in all areas, including those relating to Economic, Environmental, Social, and Governance factors, and defining risk management strategies. The Risk Council also leads the development of risk mitigation plans and monitors risks and the effectiveness of response plans.

Risk Champions

Risk Champions are functional, or business unit heads responsible for setting and implementing controls to mitigate risks relevant to their respective departments or business units. They act as the ERM subject-matter experts on specific risk categories and collaborate with other risk champions to better understand risk interaction across the organization. They ensure the effective execution and continuous improvement of the ERM process in their respective areas of responsibility.

Risk Owners

The Risk Owners are directly accountable and responsible for identifyingand managing assigned risks. They work with risk champions to determine the best approaches to managing the risks. They evaluate response effectiveness, track and report residual risks, and recommend further risk treatment to the risk champion and the ERM Team.

Internal Audit

Internal Audit provides independent assessments to the AURROC, Management and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the Company.

Risk Management Process

Skip to...

Risk Management Process

Risk Identification, Assessment, and Prioritization Risk Response, Monitoring, and Evaluation

Risk Management Process

As a group, we employ a bottom-up approach involving each functional unit of our operating companies — Airline, Food Manufacturing, Real Estate, Bank, and Petrochemicals — to identify, assess, prioritize, and build risk responses. The top risks identified at the functional unit’s level are rolled up to the enterprise level of our operating companies, and then to the JG Group enterprise.

Risk Identification, Assessment, and Prioritization

Risk champions and owners conduct risk identification using different tools such as risk factor analysis, megatrends analysis, and systems dynamics analysis. This enables them to determine the factors that could prevent the delivery of their unit’s business objectives. Identified risks are grouped into categories as follows:

Strategic Risk

Concerns events that could affect the outcome of strategic decisions, such as mergers and acquisitions, key investments, resource allocations, and new business ventures.

Reputational Risk

Refers to anything that could impact the company’s brand value, public perception and stakeholder relationships.

Governance Risk

Pertains to risks related to implementating and adhering to policies and procedures and ethical practices within the organization.

Emerging Risk

Refers to new or developing risks that the company has little to no experience in.

Climate Risk

Refers to potential physical risks that may arise from climatic events or business risks arising from regulatory efforts or changing stakeholder expectations associated with the shift towards a carbon-neutral economy.

Operational Risk

Relates to factors that could disrupt routine business activities or impair property, infrastructure, and security. 

IT and Digitalization Risk

Risk of business disruption which may be caused by hardware or software failure, cyberattacks, unauthorized access to company information, and the like, or lost opportunities associated with lack of innovation or investments in technology.

People Risk

Refers to factors and events that could compromise the well-being, productivity, and performance of our employees.

Financial Risk

Refers to matters that could affect the financial position or performance of the Company such as credit, liquidity and foreign currency risks.

Legal and Compliance Risk

Includes risks related to compliance to rules and regulations, adaption to changing political landscapes and new government pronouncements, as well as exposures that could arise from contractual obligations, anti-competition and monopolization concerns, and legal disputes against the company.

For each risk impact area, we developed a risk assessment scale that defines what is considered insignificant, minor, moderate, major, or extreme impact on our business. Likewise, we set the likelihood parameters defining whether the chance of occurrence is rare, unlikely,  probable, likely, or almost certain. Each operating company developed its own risk assessment scale depending on its context and risk appetite.

In assessing risks, we rated their severity of impact based on their nature, regardless of our organization’s circumstances and capability to manage them. Those rated high and very high in severity were considered in the prioritization process.

Risks are prioritized based on our organization’s risk profile, vulnerability, and contribution to aggravating certain risks. The latter is particularly relevant to ESG risks, like climate change impacts, which we also contribute to. Furthermore, we also consider the urgency of the risks which is a factor of velocity or how quickly we will feel the impact of the risks when they materialize, and mitigation timeframe or the length of time we need to manage these risks.

Risk Response, Monitoring, and Evaluation

We ensured that appropriate risk responses were in place for each priority risk, both at the level of the risk champions and risk owners and at the enterprise level of our operating companies. Risk responses have also been put in place at the JGS level, specifically those that are  common to most of our businesses.

Risk champions are tasked to continually monitor and evaluate the effectiveness of the risk responses. Material residual risks are assessed properly to improve risk response and identify recovery measures.

Given the dynamic nature of risks, the entire risk management is an iterative process at the functional units of our operating companies and at the Group level. The risk management framework is being presented to the AURROC for review on a regular basis, and the key risks are being updated and reported semi-annually.

Risk Disclosures

The group’s risk register undergoes a periodic review to ensure it captures the relevant risks that can potentially affect the business. Risks that are rated high are deliberated by the Risk Council as to their potential impact on the various aspecta of the business, taking into consideration existing controls and mitigation measures, as well as the Group’s risk appetite and perceived vulnerabilities. The following are considered the top risks for the Group:

Click the diagram to view

Cybersecurity

The Group considers cybersecurity as its top risk under IT and Digitalization due to the severity of its potential impact on the Group’s operations. The consequences of this risk include possible loss of information, disruptions in business operations, increased cost of added security or disaster recovery, and potential loss of credibility and damage to brand and company image. This risk could also lead to significant regulatory violations. Data breaches could compromise the Company’s sensitive or confidential information and jeopardize individuals’ safety and security in case of personal data leaks. We are actively mitigating this risk as we continue to strengthen our security posture with pragmatic and holistic solutions to proactively identify, protect, detect, respond, and recover, as well as improve our system and data access controls. Actual cybersecurity incidents and their impact are investigated, resolved, and reported to the business unit management and Data Privacy Officer, in case of data security breaches.

Tax law interpretation

Considering that the Group operates in various industries across different jurisdictions, it is critical for the Company to establish controls to minimize non-compliance risks and abide by the tax laws and evolving regulations. Non-compliance with any law, including environmental regulations, could have financial and reputational implications for the Company, from fines to stoppage of operations. We are closely monitoring regulatory updates such as those related to the Single-Use Plastic Products bill, the Extended Producer Responsibility Act and carbon emission-related policies. We have a team of in-house legal experts who coordinate with concerned business units on potential legal issues and pursue all remedies available. We also engage with third-party consultants, as necessary, to strengthen our position on related issues. Our Company ensures that the Group maintains compliance with regulatory requirements.

Interest rate and forex risk

Our main Financial risks relate to interest rate increases and foreign exchange volatility, which could significantly impact our Group’s financial performance. Possible effects include higher debt costs, lower returns from financial investments, and margin compression from higher input costs. To counter this financial risk, our Group manages and maintains a good balance of foreign-denominated financial assets, local currency borrowings, and risk-appropriate instruments while strengthening our onshore and offshore banking relationships.

Climate-related physical and transitional risks

Climate-related risk is considered one of the most relevant risks for the Group. The inability to mitigate or address the impact of climate-related and extreme weather events could result in damage to facilities, obsolescence or loss of assets, disruptions in the Group’s supply chain and operations, as well as, endanger people and the ecosystem. Enhancing infrastructure resilience against extreme weather events and adapting to changing conditions could require significant financial and capital investments. Regulatory changes related to climate change, such as carbon pricing, emissions caps, and extended producer responsibility, may also affect the Group operationally and financially by escalating compliance costs.

This year, we embarked on a project to better understand science-based climate risks information from the best available climate models and how our facilities and value chains can be impacted under different climate scenarios. See the “Climate Disclosure Report” portion of this Sustainability Report.

Climate Disclosure Report

Talent development and retention

On People risk, talent development and retention remain to be crucial in the face of intense competition for key talents, especially for those with digital aptitude. High attrition could result in business disruptions, compromised service quality and increased cost of talent acquisition and training. In order to address these risks, we continually upgrade our talent acquisition strategies, conduct wages and benefits benchmarking, and employ data insights and advanced analytics in developing HR programs for employees’ professional growth and  development.

We foster a safe environment for labor unions to freely communicate their concerns to the management. This is key to arriving at a mutually beneficial agreement. When disagreements are not addressed immediately, the Company recognizes that it may run the risk of labor unrest, which can disrupt its operations and ability to meet its customer’s needs.

A more diverse workforce could also improve how the Company assesses its stakeholders' needs. This would open the opportunity to innovate to better serve these needs. This could alleviate the exclusion of certain segments of the population, a lower talent selection pool, and high opportunity costs from untapped markets.

Our Company continues to work towards ensuring that employees are healthy and safe because we understand the consequences to life and property if this is not addressed properly. Noncompliance with health and safety standards and regulations could also cost the Company penalties from regulators, suspension of operations, attrition, and damage to reputation.

Read more

Product safety, quality, and equipment and process management

Product safety, quality, and equipment and process management concerns are among the Group’s top operational risks, along with risks of increasing material costs and availability. Rising raw material costs could negatively impact margins, while unreliability of raw materials supply could result in operational disruptions and loss of sales. On the other hand, the quality of our products and services influences our relationship with our customers and their perception of the company. We are, however, always on top of these risks as we ensure that  proper operations management and product quality management systems are in place and there is diversity in raw materials sourcing and adequate insurance coverage for facilities, assets, and people. We have a supplier accreditation system to ensure a continuous supply of quality goods and services by reputable and reliable suppliers who comply with applicable government rules and regulations like environmental, labor, health and safety, etc. To the extent possible, the Company promotes inclusive business in its value chain by getting supplies from farmers and cooperatives to provide employment and revenues to low-income communities.

By recognizing the potential for material scarcity, our Company is taking steps to reduce its reliance on non-renewable materials and adopt sustainable sourcing practices. This can include using recycled materials, reducing waste through better design and production processes, and sourcing materials from sustainable suppliers. Our Company also recognizes the potential risks to human health and the environment posed by air emissions, air pollutants, and solid waste and is taking steps to manage them responsibly. We are implementing measures to reduce these emissions, such as improving combustion efficiency or using low-emission fuels to help mitigate these risks. Similarly, solid waste, such as plastic waste, can negatively impact the environment and surrounding communities if not properly managed. By adopting responsible waste management practices, such as reducing waste generation through better design or recycling and treating waste, our Company can help to minimize these risks. It is also important to address the potential for leakages in the waste management system, as these can lead to various hazards. By implementing measures to prevent and detect leaks, such as regular maintenance and monitoring, our Company can reduce the likelihood of these hazards occurring and protect the environment and surrounding communities.

Read more

Capital allocation

Our top Strategic risk cover areas of capital allocation, business performance, and competition. This relates to how our long-term portfolio investment decisions based on available information may yield lower-than-expected returns. Correspondingly, the perceived exposure of the Group to industry disruptions, market volatilities, geopolitical risks, and ESG risks may affect stakeholder value. These risks could affect the Company’s market capitalization, pose an unfavorable view in the Group’s value creation, and limit growth prospects. Our risk responses include conducting sector analysis in relation to customer trends, incorporating risk management in implementing the OGSM process in our businesses, regular review of capital allocation decisions and analysis on the potential impact on the parent company’s risk-return profile, and effective communication of our business performance, as well as sustainability practices and initiatives.

Geopolitical tensions

For Emerging risks, we consider geopolitical tensions as one of our risks with the continuing conflict in the global order causing economic volatility and severely affecting the international commerce and flow of goods and labor. Potential impacts to the Company include difficulty sourcing raw materials, decreased profits due to higher input costs, and reduced growth prospects. We incorporate geopolitical risk analysis and strategic foresight planning in market and transaction evaluation to reduce the impact of this risk. Furthermore, the Group is also assessing the impact of disruptive technology, such as Generative AI, in business operations. The possible implications include reduced competitive advantage from an inability to capitalize on emerging technologies and increased cost of equipping the organization to adapt to the changing business landscape. We are working on developing Gen AI policies and setting up a governance committee to establish comprehensive risk management protocols and foster ethical and strategic use of Gen AI to enhance business processes, products, and services.

Reputational risk

Our Reputational risk pertains to how third-party views and ratings affect our corporate image and brands. Misinformation about JGS and/or its subsidiaries and unfavorable public opinion could impact the Company’s social license to operate and market capitalization. We actively scan mainstream social media outlets and continuously monitor our business positioning in the market and external reputation.

Our Company also follows a strict protocol in obtaining a social license to operate whenever it enters a certain community. Communities are important stakeholders who help the Company succeed. JGS recognizes risks related to poor community engagement, where communities’ concerns are not properly addressed, which could push the community to act against the Company’s interest. It is crucial for JGS that the community understands the value that it brings to the community and that the Company is open to hearing their feedback and doing what is best to address their concerns.

JGS also recognizes that unresolved customer complaints, especially when these reach digital platforms, may influence wider customer perception of the quality of our products and services. Issues surrounding product safety and quality, customer privacy, and advertising, if remain unresolved, could lead to a decrease in customer satisfaction. Unmet customer satisfaction could result in a decline in sales and  eventual loss of market share. To ensure a better customer experience, we strive to continuously improve our customer care platforms in terms of accessibility and responsiveness to achieve quicker resolution of customer concerns.

Read more

Governance risk

Our Governance risk relates to compliance with company policies and processes. Unintended or intentional breaches of company policies and ethical standards may result in operational inefficiencies, significant financial losses, loss of stakeholder trust, or reputational damage. Additionally, issues of corruption could compromise the Company’s ability to equitably distribute economic value to the right stakeholders. We address this by strengthening our internal control measures and functions. We also reinforce good corporate governance practices and regularly conduct training on the code of business conduct and ethics. Our Company has anti-corruption policies and procedures, such as a code of conduct prohibiting corrupt practices and a reporting mechanism for whistleblowers to report any suspected corruption.

Internal Controls

To further advocate the Company’s commitment to the pursuit of good governance and achieving compliance with applicable laws and Company policies and procedures, the Company ensures to strengthen the Enterprise Governance, Risk Management and Compliance (GRC) Culture and maintains a strong system of internal controls focused on accountability and oversight of operations. With the leadership of the Company’s CFRO, internal control is embedded in the company's operations and each Business Unit (BU) and Corporate Center Unit (CCU). To accomplish the established goals and objectives, the BUs and CCUs implement robust and efficient process controls to ensure:

  1. Compliance with policies, procedures, laws, and regulations
  2. Economic and efficient use of resources
  3. Check and balance and proper segregation of duties
  4. Identification and remediation control weaknesses
  5. Reliability and integrity of information
  6. Proper safeguarding of company resources and protection of company assets through early detection and prevention of fraud

Accountability & Audit

The Board ensures that its shareholders receive a balanced and comprehensible quarterly assessment of the Company’s performance, position, and prospects. Interim and other reports that could adversely affect its business, including its submissions and disclosures to the SEC and PSE, are also made available on the company website.

The Board also appointed Rya Aissa S. Agustin as the Chief Audit Executive upon the recommendation of the AURROC to perform the Internal Audit function, pursuant to the RCGM.

The Internal Audit Group is focused on adhering to its purpose, mission, and vision to be the trusted advisors of the Board and Management and become world-class internal audit professionals who deliver independent, objective, quality, and agile audit services at benchmark value, enabled by innovative audit systems and technologies.

The activities of the Internal Audit Group are governed by an Internal Audit Charter, which is approved and reviewed periodically by the AURROC. The Internal Audit adopts a risk-based audit approach and performs a dynamic risk assessment to consider new and emerging risks. The Internal Audit Group provides independent and objective assurance, consulting, and investigative services to assess and enhance the overall control environment encompassing governance practices, risk management, internal controls, and compliance with applicable laws and regulations.

To create a competitive advantage through Governance, Risk Management and Compliance (“GRC”) scale and synergies, the Internal Audit Group continues to work closely with the internal audit teams of the different business units through benchmarking and sharing knowledge, best practices, and tools.

The Internal Audit Group provides continuing training and professional development programs to remain relevant and keep up with the conglomerate's evolving business needs.

The annual Statement of Internal Controls and Compliance System Attestation for 2023, signed by the Chief Audit Executive, Chief Finance and Risk Officer, and President and Chief Executive Officer, attests that the Corporation’s internal controls, risk management and compliance system, and governance practices are adequate, was reported in AURROC and to the Board. This is in accordance with the Board’s function to annually review the internal control system and risk management framework of the Company. The 2023 Statement of Internal Controls and Compliance System Attestation is available in the “Internal Controls” portion of the “Shareholders” tab of the “Corporate Governance” page of the Company website.

To view the Company’s Internal Audit Charter, please visit the link below: 

2023 Statement of Internal Controls
Internal Audit Charter

Other Matters

External Auditor and their fees

Name of Author Audit and Audit-Related Fees Yr. 2023
SyCip, Gorres, Velayo & Co. Fees for services that are normally provided by the external auditor in connection with statutory and regulatory filings or engagements Php 4,780,000
All Other Fees None
TOTAL Php 4,780,000

No other service was provided by external auditors to the Company for the calendar year 2023.

Company Website


The Company updates the public with operating and financial results through timely disclosures filed with the SEC and PSE. The company website is maintained to ensure investor-friendliness and convenient access to information for all the shareholders and various stakeholders. The Company website contains comprehensive information about the Company’s business portfolios, disclosures and reports, corporate governance reports, manuals and policies, press releases and an archive thereof, vision, mission, core values, investor relations program, sustainability, and corporate social responsibility activities. The Company ensures that all information on the website is accurate, relevant, and up-to-date. These are available on the company’s website below:

Company website