Presentation is loading. Please wait.

Presentation is loading. Please wait.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

Published byFelicity Henderson Modified over 8 years ago

Similar presentations

Presentation on theme: "CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26."— Presentation transcript:

1 CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26 - 28, 2005 Punta del Este, Uruguay

2 2 2 CDS Operational Risk Management - October 28, 2005 Agenda n Enterprise Risk Management Framework n Governance of Operational Risk n Self-Assessments n Key Risk Indicators n Reporting n Internal Controls n Risk Financing Program n Lessons Learned n Conclusions

3 3 3 CDS Operational Risk Management - October 28, 2005 Enterprise Risk Management Framework n A process for CDS to manage enterprise-wide risks (including operational risk) in an integrated fashion in order to optimize returns from risk- taking activities. n Mission of ERM: l Identify and understand risks inherent in CDS’s business activities and processes l Enable management to make better decisions through balanced focus on risk and returns of decisions and ongoing education of personnel.

4 4 4 CDS Operational Risk Management - October 28, 2005 Enterprise Risk Management Framework n Objectives of ERM Framework: l Promote shared vision of risk management to facilitate integrated reviews of risks and provide managers with better understanding of risk/reward trade-offs l Apply leading practice methodologies to identify, assess, measure, manage, monitor and report risks l Assign appropriate attention/resources to key risks l Find appropriate balance between costs and risk controls l More accurately factor risk into decisions, products and projects l Satisfy regulatory requirements.

5 5 5 CDS Operational Risk Management - October 28, 2005 Enterprise Risk Management Framework n Guiding principles: l Clearly define responsibilities for management of risks: u Each business unit responsible for managing their risks u Overall responsibility for ERM should be independent from business units: Risk Management at CDS l Risk management  risk avoidance l Risk management should be proactive not reactive l Timely, accurate and consistent management, monitoring and measurement of risk l Reporting structure that includes senior management, board of directors, auditors and regulators.

6 6 6 CDS Operational Risk Management - October 28, 2005 Governance of Operational Risk Business Line Management Board of Directors Audit Committee Executive Committee Finance Committee Strategy Group Risk CommitteeOperations Committee Executive Steering Committee Board Committees Risk Management Functions Management Committees Legal Information Security and Control Internal AuditRisk ManagementHuman ResourcesFinance

7 7 7 CDS Operational Risk Management - October 28, 2005 Self-Assessments n Risk identification and definition using common categories: l Strategic risks l Operational risks (essentially same as Basle II) u People u Processes u Business u Projects u Technology u Legal and regulatory u External l Financial risks.

8 8 8 CDS Operational Risk Management - October 28, 2005 Self-Assessments n Risk assessment and measurement to rank risks and prioritize action. n Risk exposure determined by the probability and impact of a given event. n Probability ranked on scale of 1 ( 75%) for a five-year period. n Impact ranked by potential loss of staff, service capability, capital, assets, customer base, reputation or some combination.

9 9 9 CDS Operational Risk Management - October 28, 2005 Self-Assessments n Multiples of probability x impact yield rankings for prioritizing risks: l Green (1 - 4) l Yellow (4 - 8) l Red (9 - 16). n Risks are grouped by categories to profile areas of higher risks and to produce an average overall risk profile for the company. n Risk profile allows tracking of changes of risk by category and at enterprise level.

10 10 CDS Operational Risk Management - October 28, 2005 Self-Assessments n Risk monitoring reports include: l description of risk l probability x impact ranking, with explanation l risk mitigants l action plans for reducing risk l target dates for implementation.

11 11 CDS Operational Risk Management - October 28, 2005 Key Risk Indicators n Early warning indicators of risks requiring attention. n Suitable for activities that are trackable on a regular basis for trend analysis, such as: l Staff turnover l Financial performance against plan l System interruptions l Participant claims. n Business unit proposes suitable threshold for Risk Committee approval. If threshold is breached, action may be required.

12 12 CDS Operational Risk Management - October 28, 2005 Key Risk Indicators

13 13 CDS Operational Risk Management - October 28, 2005 Reporting n Each meeting, Risk Committee receives a summary risk monitoring report showing: l New and materially-updated self-assessments l Updated risk profile l Updated key risk indicators. n Internal Audit uses risk assessments at year- end to help develop areas of focus for coming year’s audit plan.

14 14 CDS Operational Risk Management - October 28, 2005 Risk Profile Report

15 15 CDS Operational Risk Management - October 28, 2005 Reporting n Audit Committee receives a summary key risks report showing: l Current risk profile l Red risks and other material changes in higher risks l Key risk indicators that have breached their thresholds with actions for mitigation. n Exception is annual risk report presented to Audit Committee after fiscal year-end, which reviews risk profile of last year and risks requiring attention in coming year.

16 16 CDS Operational Risk Management - October 28, 2005 Internal Controls n Intended to provide reasonable assurance regarding: l effectiveness and efficiency of operations l reliability of financial reporting l compliance with applicable laws and regulations. n Adequacy audited under Canadian Auditing Standard 5900 for service organizations and reported in Report on Internal Controls and Safeguards (RICS). n New audit standard 5970, comparable to SAS 70, to be applied in 2006.

17 17 CDS Operational Risk Management - October 28, 2005 Internal Controls n Moving from checklist approach to more thorough COSO-based framework. n Framework based on key processes required to conduct business: l Objectives and risks identified and assessed l Process flowcharted to identify areas requiring control l Existing controls identified, with support documentation and management assurance process l Gaps in controls require remediation within an acceptable time period. l Signed by supervisor upon completion and basis for future testing by audit.

18 18 CDS Operational Risk Management - October 28, 2005 Internal Controls n Internal controls for key processes supporting financial reporting to be completed by 10/31/06. n Will allow CEO/CFO certification of financial reporting by fiscal year-end 2007. n Key reliance will be on internal control structure and attestation by division heads of compliance. n Tone at the top reinforces importance of internal controls. n Structure acceptable to regulators and external auditor.

19 19 CDS Operational Risk Management - October 28, 2005 Risk Financing Program n Insurance (e.g. FIB, D&O, E&O, general liability) to cover catastrophic losses. n Retain significant levels of risk backed by reserves. n Ongoing education of underwriters of unique nature and coverage needs of CDS. n Differentiation from financial institutions to obtain suitable wording. n Ongoing disclosure and rigour of risk management essential.

20 20 CDS Operational Risk Management - October 28, 2005 Lessons Learned n Start with simple concepts to get buy in, then phase in enhancements. n Use common definitions/criteria. n Initial education and reiteration of objectives and benefits of ERM. n Business units take responsibility for their risks. n Regular review of risk tolerances. n Ensure follow up on improved risk mitigants. n Support from the top is essential.

21 21 CDS Operational Risk Management - October 28, 2005 Conclusions n ERM has enhanced risk management culture. n Improves decision-making in evaluating potential returns l Comparable approach used for assessing project risks. n Effective internal controls structure serves multiple purposes. n Ongoing education and monitoring process that must be supported from the top.

Download ppt "CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26."

Similar presentations

Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
The Development of Enterprise Risk Management and Supervision for Insurance Companies in Taiwan Dr. Huang, Tien-Mu Director General, Insurance Bureau Financial.

The Development of Enterprise Risk Management and Supervision for Insurance Companies in Taiwan Dr. Huang, Tien-Mu Director General, Insurance Bureau Financial.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.

BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit

Similar presentations

Ads by Google