The Audit Committee Charter provides for the Audit Committee’s role with respect to Enterprise Risk Management. It shall assist with the Board oversight capability over the Company’s Enterprise Risk Management responsibilities to ensure its functionality and effectiveness.
In the exercise of its oversight responsibility for the risk management process of the Company, the Committee has the following duties and functions as set forth in the Audit Committee Charter:
(a) Develop a formal Enterprise Risk Management plan which contains the following elements: (i) common language or register of risks, (ii) well-defined risk management goals, objectives, and oversight, (iii) uniform processes of assessing risks and developing strategies to manage prioritized risks, (iv) designing and implementing risk management strategies, and (v) continuing assessments to improve risk strategies, processes, and measures;
(b) Oversee the implementation of the Enterprise Risk Management plan. The Committee shall conduct regular discussions on the Company’s prioritized and residual risk exposures based on regular risk management reports and shall assess how concerned units or offices are addressing and managing these risks;
(c) Evaluate the risk management plan to ensure its continued relevance, comprehensiveness, and effectiveness; The Committee shall revisit defined risk management strategies, look for emerging or changing material exposures, and stay abreast of significant developments that seriously impact the likelihood of harm or loss;
(d) Advise the Board on its risk appetite levels and risk tolerance limits;
(e) Review at least annually the Company’s risk appetite levels and risk tolerance limits based on changes and developments in the business, the regulatory framework, the external economic and business environment, and events or occurrences that are considered to have a major impact on the Company;
(f) Assess the probability of each identified risk becoming a reality and estimate its possible significant financial impact and likelihood of occurrence. Priority areas of concern are those risks that are most likely to occur and to impact the performance and stability of the Company and its Stakeholders;
(g) Provide oversight over Management’s activities in managing credit, market, liquidity, operational, legal, and other risk exposures of the Company. This includes regularly receiving information on risk exposures and risk management activities from Management; and
(h) Report to the Board on a regular basis, or as deemed necessary, the Company’s material risk exposures, the actions taken to reduce the risks, and recommend further actions or plans, as necessary.