Existing methodologies for operational risk mitigation cds s erm program
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on
  • Presentation posted in: General

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program. ACSDA Seminar - October 26 - 28, 2005 Punta del Este, Uruguay. Agenda. Enterprise Risk Management Framework Governance of Operational Risk Self-Assessments Key Risk Indicators Reporting Internal Controls

Download Presentation

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Existing methodologies for operational risk mitigation cds s erm program

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program

ACSDA Seminar - October 26 - 28, 2005 Punta del Este, Uruguay


Agenda

Agenda

  • Enterprise Risk Management Framework

  • Governance of Operational Risk

  • Self-Assessments

  • Key Risk Indicators

  • Reporting

  • Internal Controls

  • Risk Financing Program

  • Lessons Learned

  • Conclusions


Enterprise risk management framework

Enterprise Risk Management Framework

  • A process for CDS to manage enterprise-wide risks (including operational risk) in an integrated fashion in order to optimize returns from risk-taking activities.

  • Mission of ERM:

    • Identify and understand risks inherent in CDS’s business activities and processes

    • Enable management to make better decisions through balanced focus on risk and returns of decisions and ongoing education of personnel.


Enterprise risk management framework1

Enterprise Risk Management Framework

  • Objectives of ERM Framework:

    • Promote shared vision of risk management to facilitate integrated reviews of risks and provide managers with better understanding of risk/reward trade-offs

    • Apply leading practice methodologies to identify, assess, measure, manage, monitor and report risks

    • Assign appropriate attention/resources to key risks

    • Find appropriate balance between costs and risk controls

    • More accurately factor risk into decisions, products and projects

    • Satisfy regulatory requirements.


Enterprise risk management framework2

Enterprise Risk Management Framework

  • Guiding principles:

    • Clearly define responsibilities for management of risks:

      • Each business unit responsible for managing their risks

      • Overall responsibility for ERM should be independent from business units: Risk Management at CDS

    • Risk management  risk avoidance

    • Risk management should be proactive not reactive

    • Timely, accurate and consistent management, monitoring and measurement of risk

    • Reporting structure that includes senior management, board of directors, auditors and regulators.


Governance of operational risk

Governance of Operational Risk

Board of Directors

Board Committees

Audit Committee

Executive Committee

Finance Committee

Management Committees

Strategy Group

Executive Steering

Committee

Risk Committee

Operations Committee

Risk Management Functions

Information Security

and Control

Finance

Internal Audit

Risk Management

Human Resources

Legal

Business Line Management


Self assessments

Self-Assessments

  • Risk identification and definition using common categories:

    • Strategic risks

    • Operational risks (essentially same as Basle II)

      • People

      • Processes

      • Business

      • Projects

      • Technology

      • Legal and regulatory

      • External

    • Financial risks.


Self assessments1

Self-Assessments

  • Risk assessment and measurement to rank risks and prioritize action.

  • Risk exposure determined by the probability and impact of a given event.

  • Probability ranked on scale of 1 (<25% probability) - 4 (>75%) for a five-year period.

  • Impact ranked by potential loss of staff, service capability, capital, assets, customer base, reputation or some combination.


Self assessments2

Self-Assessments

  • Multiples of probability x impact yield rankings for prioritizing risks:

    • Green (1 - 4)

    • Yellow (4 - 8)

    • Red (9 - 16).

  • Risks are grouped by categories to profile areas of higher risks and to produce an average overall risk profile for the company.

  • Risk profile allows tracking of changes of risk by category and at enterprise level.


Self assessments3

Self-Assessments

  • Risk monitoring reports include:

    • description of risk

    • probability x impact ranking, with explanation

    • risk mitigants

    • action plans for reducing risk

    • target dates for implementation.


Key risk indicators

Key Risk Indicators

  • Early warning indicators of risks requiring attention.

  • Suitable for activities that are trackable on a regular basis for trend analysis, such as:

    • Staff turnover

    • Financial performance against plan

    • System interruptions

    • Participant claims.

  • Business unit proposes suitable threshold for Risk Committee approval. If threshold is breached, action may be required.


Key risk indicators1

Key Risk Indicators


Reporting

Reporting

  • Each meeting, Risk Committee receives a summary risk monitoring report showing:

    • New and materially-updated self-assessments

    • Updated risk profile

    • Updated key risk indicators.

  • Internal Audit uses risk assessments at year-end to help develop areas of focus for coming year’s audit plan.


Risk profile report

Risk Profile Report


Reporting1

Reporting

  • Audit Committee receives a summary key risks report showing:

    • Current risk profile

    • Red risks and other material changes in higher risks

    • Key risk indicators that have breached their thresholds with actions for mitigation.

  • Exception is annual risk report presented to Audit Committee after fiscal year-end, which reviews risk profile of last year and risks requiring attention in coming year.


Internal controls

Internal Controls

  • Intended to provide reasonable assurance regarding:

    • effectiveness and efficiency of operations

    • reliability of financial reporting

    • compliance with applicable laws and regulations.

  • Adequacy audited under Canadian Auditing Standard 5900 for service organizations and reported in Report on Internal Controls and Safeguards (RICS).

  • New audit standard 5970, comparable to SAS 70, to be applied in 2006.


Internal controls1

Internal Controls

  • Moving from checklist approach to more thorough COSO-based framework.

  • Framework based on key processes required to conduct business:

    • Objectives and risks identified and assessed

    • Process flowcharted to identify areas requiring control

    • Existing controls identified, with support documentation and management assurance process

    • Gaps in controls require remediation within an acceptable time period.

    • Signed by supervisor upon completion and basis for future testing by audit.


Internal controls2

Internal Controls

  • Internal controls for key processes supporting financial reporting to be completed by 10/31/06.

  • Will allow CEO/CFO certification of financial reporting by fiscal year-end 2007.

  • Key reliance will be on internal control structure and attestation by division heads of compliance.

  • Tone at the top reinforces importance of internal controls.

  • Structure acceptable to regulators and external auditor.


Risk financing program

Risk Financing Program

  • Insurance (e.g. FIB, D&O, E&O, general liability) to cover catastrophic losses.

  • Retain significant levels of risk backed by reserves.

  • Ongoing education of underwriters of unique nature and coverage needs of CDS.

  • Differentiation from financial institutions to obtain suitable wording.

  • Ongoing disclosure and rigour of risk management essential.


Lessons learned

Lessons Learned

  • Start with simple concepts to get buy in, then phase in enhancements.

  • Use common definitions/criteria.

  • Initial education and reiteration of objectives and benefits of ERM.

  • Business units take responsibility for their risks.

  • Regular review of risk tolerances.

  • Ensure follow up on improved risk mitigants.

  • Support from the top is essential.


Conclusions

Conclusions

  • ERM has enhanced risk management culture.

  • Improves decision-making in evaluating potential returns

    • Comparable approach used for assessing project risks.

  • Effective internal controls structure serves multiple purposes.

  • Ongoing education and monitoring process that must be supported from the top.


  • Login