Existing methodologies for operational risk mitigation cds s erm program
1 / 21

- PowerPoint PPT Presentation

  • Uploaded on

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program. ACSDA Seminar - October 26 - 28, 2005 Punta del Este, Uruguay. Agenda. Enterprise Risk Management Framework Governance of Operational Risk Self-Assessments Key Risk Indicators Reporting Internal Controls

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - plato-benton

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Existing methodologies for operational risk mitigation cds s erm program

Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program

ACSDA Seminar - October 26 - 28, 2005 Punta del Este, Uruguay

Agenda CDS’s ERM Program

  • Enterprise Risk Management Framework

  • Governance of Operational Risk

  • Self-Assessments

  • Key Risk Indicators

  • Reporting

  • Internal Controls

  • Risk Financing Program

  • Lessons Learned

  • Conclusions

Enterprise risk management framework
Enterprise Risk Management Framework CDS’s ERM Program

  • A process for CDS to manage enterprise-wide risks (including operational risk) in an integrated fashion in order to optimize returns from risk-taking activities.

  • Mission of ERM:

    • Identify and understand risks inherent in CDS’s business activities and processes

    • Enable management to make better decisions through balanced focus on risk and returns of decisions and ongoing education of personnel.

Enterprise risk management framework1
Enterprise Risk Management Framework CDS’s ERM Program

  • Objectives of ERM Framework:

    • Promote shared vision of risk management to facilitate integrated reviews of risks and provide managers with better understanding of risk/reward trade-offs

    • Apply leading practice methodologies to identify, assess, measure, manage, monitor and report risks

    • Assign appropriate attention/resources to key risks

    • Find appropriate balance between costs and risk controls

    • More accurately factor risk into decisions, products and projects

    • Satisfy regulatory requirements.

Enterprise risk management framework2
Enterprise Risk Management Framework CDS’s ERM Program

  • Guiding principles:

    • Clearly define responsibilities for management of risks:

      • Each business unit responsible for managing their risks

      • Overall responsibility for ERM should be independent from business units: Risk Management at CDS

    • Risk management  risk avoidance

    • Risk management should be proactive not reactive

    • Timely, accurate and consistent management, monitoring and measurement of risk

    • Reporting structure that includes senior management, board of directors, auditors and regulators.

Governance of operational risk
Governance of Operational Risk CDS’s ERM Program

Board of Directors

Board Committees

Audit Committee

Executive Committee

Finance Committee

Management Committees

Strategy Group

Executive Steering


Risk Committee

Operations Committee

Risk Management Functions

Information Security

and Control


Internal Audit

Risk Management

Human Resources


Business Line Management

Self assessments
Self-Assessments CDS’s ERM Program

  • Risk identification and definition using common categories:

    • Strategic risks

    • Operational risks (essentially same as Basle II)

      • People

      • Processes

      • Business

      • Projects

      • Technology

      • Legal and regulatory

      • External

    • Financial risks.

Self assessments1
Self-Assessments CDS’s ERM Program

  • Risk assessment and measurement to rank risks and prioritize action.

  • Risk exposure determined by the probability and impact of a given event.

  • Probability ranked on scale of 1 (<25% probability) - 4 (>75%) for a five-year period.

  • Impact ranked by potential loss of staff, service capability, capital, assets, customer base, reputation or some combination.

Self assessments2
Self-Assessments CDS’s ERM Program

  • Multiples of probability x impact yield rankings for prioritizing risks:

    • Green (1 - 4)

    • Yellow (4 - 8)

    • Red (9 - 16).

  • Risks are grouped by categories to profile areas of higher risks and to produce an average overall risk profile for the company.

  • Risk profile allows tracking of changes of risk by category and at enterprise level.

Self assessments3
Self-Assessments CDS’s ERM Program

  • Risk monitoring reports include:

    • description of risk

    • probability x impact ranking, with explanation

    • risk mitigants

    • action plans for reducing risk

    • target dates for implementation.

Key risk indicators
Key Risk Indicators CDS’s ERM Program

  • Early warning indicators of risks requiring attention.

  • Suitable for activities that are trackable on a regular basis for trend analysis, such as:

    • Staff turnover

    • Financial performance against plan

    • System interruptions

    • Participant claims.

  • Business unit proposes suitable threshold for Risk Committee approval. If threshold is breached, action may be required.

Key risk indicators1
Key Risk Indicators CDS’s ERM Program

Reporting CDS’s ERM Program

  • Each meeting, Risk Committee receives a summary risk monitoring report showing:

    • New and materially-updated self-assessments

    • Updated risk profile

    • Updated key risk indicators.

  • Internal Audit uses risk assessments at year-end to help develop areas of focus for coming year’s audit plan.

Risk profile report
Risk Profile Report CDS’s ERM Program

Reporting CDS’s ERM Program

  • Audit Committee receives a summary key risks report showing:

    • Current risk profile

    • Red risks and other material changes in higher risks

    • Key risk indicators that have breached their thresholds with actions for mitigation.

  • Exception is annual risk report presented to Audit Committee after fiscal year-end, which reviews risk profile of last year and risks requiring attention in coming year.

Internal controls
Internal Controls CDS’s ERM Program

  • Intended to provide reasonable assurance regarding:

    • effectiveness and efficiency of operations

    • reliability of financial reporting

    • compliance with applicable laws and regulations.

  • Adequacy audited under Canadian Auditing Standard 5900 for service organizations and reported in Report on Internal Controls and Safeguards (RICS).

  • New audit standard 5970, comparable to SAS 70, to be applied in 2006.

Internal controls1
Internal Controls CDS’s ERM Program

  • Moving from checklist approach to more thorough COSO-based framework.

  • Framework based on key processes required to conduct business:

    • Objectives and risks identified and assessed

    • Process flowcharted to identify areas requiring control

    • Existing controls identified, with support documentation and management assurance process

    • Gaps in controls require remediation within an acceptable time period.

    • Signed by supervisor upon completion and basis for future testing by audit.

Internal controls2
Internal Controls CDS’s ERM Program

  • Internal controls for key processes supporting financial reporting to be completed by 10/31/06.

  • Will allow CEO/CFO certification of financial reporting by fiscal year-end 2007.

  • Key reliance will be on internal control structure and attestation by division heads of compliance.

  • Tone at the top reinforces importance of internal controls.

  • Structure acceptable to regulators and external auditor.

Risk financing program
Risk Financing Program CDS’s ERM Program

  • Insurance (e.g. FIB, D&O, E&O, general liability) to cover catastrophic losses.

  • Retain significant levels of risk backed by reserves.

  • Ongoing education of underwriters of unique nature and coverage needs of CDS.

  • Differentiation from financial institutions to obtain suitable wording.

  • Ongoing disclosure and rigour of risk management essential.

Lessons learned
Lessons Learned CDS’s ERM Program

  • Start with simple concepts to get buy in, then phase in enhancements.

  • Use common definitions/criteria.

  • Initial education and reiteration of objectives and benefits of ERM.

  • Business units take responsibility for their risks.

  • Regular review of risk tolerances.

  • Ensure follow up on improved risk mitigants.

  • Support from the top is essential.

Conclusions CDS’s ERM Program

  • ERM has enhanced risk management culture.

  • Improves decision-making in evaluating potential returns

    • Comparable approach used for assessing project risks.

  • Effective internal controls structure serves multiple purposes.

  • Ongoing education and monitoring process that must be supported from the top.