1 / 37

Canada

Canada. Canada Deposit Insurance Corporation. Société d’assurance-dépôt du Canada. CDIC. Protecting Your Deposits. CDIC’s Experience in Implementing ERM. J.P. Sabourin President and Chief Executive Officer CDIC. April 2004. Presentation Outline. CDIC’s ERM definition

selena
Télécharger la présentation

Canada

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Protecting Your Deposits CDIC’s Experience in Implementing ERM J.P. Sabourin President and Chief Executive Officer CDIC April 2004

  2. Presentation Outline • CDIC’s ERM definition • CDIC’s rationale / objectives for implementing ERM • CDIC’s ERM implementation approach • Initial steps • Work currently being undertaken • Future steps • ERM benefits / value derived to date • CDIC’s “Lessons Learned” in implementing ERM

  3. CDIC ERM Definition ERM • The comprehensive, systematic and disciplined process by which CDIC identifies, assesses, manages, monitors and reports on, at any point in time, the significant risks inherent in its objects, strategies, plans and affairs

  4. ERM Rationale • CDIC is subject to Treasury Board of Canada ERM Guidelines • Risk Management is one of four components of the CDIC Standards “in control” framework

  5. “In Control” Concept The demonstration that CDIC’s affairs are: • Subject to effective governance • Being managed in accordance with ongoing, appropriate and effective strategic and risk management processes • Being conducted in an appropriate control environment and • Significant weaknesses (related thereto) are being identified and appropriate and timely action is being takento address them

  6. ERM Objectives Demonstrate that: • CDIC has identified / understands / is managing its significant risks • Risk decisions are: • Explicitly integrated into CDIC’s strategic and day-to-day decision making • Subject to good corporate governance • Beingsupported by an appropriate control environment

  7. ERM Objectives (cont’d) Facilitate: • Validation of CDIC’s strategies / plans / initiatives • Prioritization of CDIC’s strategies / plans / initiatives • Effective resource allocation

  8. Initial ERM Implementation Steps • Built an ERM foundation • Conducted a corporate-level risk assessment • Profiled corporate risk management culture

  9. ERM Foundation • Created CRO position to develop CDIC’s ERM approach / coordinate ERM implementation • Developed ERM implementation plan • Formed an executive management-level ERM Committee to validate ERM approach and results • Formalized Board ERM policy

  10. ERM Policy • Formalizes ERM role of the CDIC Board / Management • Forms one of 19 principles under the CDIC Board Governance Policy • Developed to reflect: • CDIC’s statutory requirements • CDIC Standards • Other ERM “best practices”

  11. Board ERM Responsibilities • Understand CDIC’s significant risks • Establish RM policies related thereto • Regularly review RM policies (evergreen) • Obtain reasonable assurance re: • CDIC’s ERM process • Adherence with RM policies

  12. Management ERM Responsibilities • Identify risks • Assess their significance • Develop RM policies for the Board • Regularly review RM policies (evergreen) • Manage risks within RM policies • Report to the Board re: • Significant risks / management of significant risks • ERM process

  13. Corporate-Level Risk Assessment ERM Committee: • Updated catalogue of inherent corporate risks / risk categories / definitions / risk examples / corporate risk management practices • Assessed residual riskexposures (likelihood of occurrence of each risk taking into consideration risk management practices and its potential impact should it occur)

  14. Risk Assessment (cont’d) ERM Committee: • Assessed each risk risk exposure as “reasonable”, “cautionary” or “concern” (including supporting rationale) • Identified “owners” for each risk • Where applicable, identified initiatives to enhance the management of each risk • Validated that risk management initiatives are in line with Corporate Plan

  15. Corporate Risk Categories • Insurance Risk: CDIC’s risk of loss (or costs incurred in the event of an intervention) associated with insuring deposits • Financial Risk: The risk associated with managing CDIC’s assets and liabilities, both on- and off-balance sheet • Operational Risk: The risk of loss, to which CDIC is exposed that is attributable to the possibility of disruptions in its operations caused by human performance, the inadequacy or failure of processes or technology, and external events • Reputational Risk: The risk of impairment of the credibility of, and confidence in, CDIC

  16. Insurance Risk • Insurance Power Risk: The risk that CDIC does not have the necessary powers to support the management of its insurance risk in accordance with CDIC’s statutory objects • Underwriting Risk: The risk that CDIC accepts a new member institution with an unacceptable level of insurance risk • Assessment Risk: The risk that CDIC does not systematically or promptly identify, member institutions that pose a potentially high level of insurance risk • Intervention Risk: The risk that CDIC does not respond appropriately to members that pose an unacceptable level of insurance risk

  17. Financial Risk • Liquidity Risk: The risk that funds will not be available to CDIC to honour its cash obligations (both on- and off- balance sheet) as they arise • Market Risk: The risk of loss attributable to adverse changes in the values of financial instruments and other investments or assets owned directly or indirectly by CDIC, whether on- or off- balance sheet, as a result of changes in market rates or prices • Credit Risk: The risk of loss attributable to counterparties failing to honour their obligations, whether on- or off- balance sheet, to CDIC

  18. Operational Risk • People Risk: The risk resulting from inadequacies in the competencies, capacity or performance of CDIC personnel • Information Risk: The risk that timely, accurate and relevant information is not available to facilitate informed decision making and/or the exercise of effective oversight • Technology Risk: The risk that CDIC’s technology does not appropriately support the achievement of its objectives, strategies, plans and affairs (including the management of the risks related thereto)

  19. Operational Risk (cont’d) • Process Risk: The risk resulting from the incorrect execution of, a breakdown in, or a gap in, a process, policy, procedure or control • Compliance Risk: The risk that CDIC fails to comply with statutory requirements and relevant guidelines governing its affairs as a Crown corporation, and its internal policies • Legal Risk: The risk that legal matters adversely impact CDIC’s ability to achieve its objects, strategies and plans • Outsourcing Risk:The risk associated with CDIC engaging third parties to perform services on its behalf

  20. Operational Risk (cont’d) • Business Continuity Risk: The risk that a disruption impacting CDIC’s personnel, information, premises, technology or operations will impede its ability to achieve its objects, conduct its affairs, or implement its strategies and plans • Security Risk: The risk that CDIC fails to ensure the safety of its people, the security of its assets, and the security and confidentiality of its information

  21. Reputational Risk • External Communication Risk: The risk of not communicating necessary information, or communicating in an inappropriate manner, or that communication is misinterpreted by the intended audience • External Relationships Risk: The risk that dealings with external parties are not adequate to promote the interests of CDIC, or are conducted in an appropriate manner

  22. Significance Criteria • Likelihood= probability of occurrenceusing a five-point qualitative scale • Impact= potential impact (using a five-point qualitative scale) of an occurrence on CDIC’s: • Achievement of its mandate • Financial position • Reputation

  23. Corporate Risk Significance Map

  24. Risk Management Culture • Management profiled CDIC’s corporate-level risk management culture • 4 areas X 5 questions per area = 20 questions

  25. Management Understanding • We understand CDIC’s objects and strategies • CDIC has plans in place to achieve its objects and strategies • We know the major risks and challenges related to achieving CDIC’s objects and strategies • We understand our responsibilities, accountabilities and authorities • Realistic targets and indicators are in place to assess CDIC’s performance in achieving its objects and strategies

  26. Supporting Environment • CDIC’s management style and behaviour supports the open flow of information about the management of CDIC’s affairs and any significant risk issues • Risk identification, assessment and management are built into the management of CDIC’s affairs • CDIC’s Code of Conduct and Ethical Behaviour is practised throughout the organization • CDIC’s communication supports the management of its risks and the achievement of its objects and strategies • Performance assessments are aligned with the prudent, appropriate and effective management of CDIC’s risks

  27. Capability / Capacity • CDIC has sufficient personnel with the right knowledge and skills to achieve its objects and strategies • CDIC is appropriately structured to effectively and efficiently achieve its objects and strategies • CDIC has sufficient financial, technological and other resources to achieve its objects and strategies • Appropriate people make decisions about significant risks impacting CDIC’s affairs in a timely manner • CDIC has sufficient, relevant and timely information available to achieve its objects and strategies

  28. Implementing Change • CDIC’s environment is monitored regularly to see if we need to adjust our Corporate Risk Framework, strategies and plans • CDIC monitors its performance against its targets and indicators • Resource and information needs are reassessed as CDIC’s objects, strategies or plans change, or as risk issues are identified • Risk management practices are periodically assessed as to their continued appropriateness and effectiveness • Follow up procedures are in place to ensure that needed changes or actions occur

  29. Risk Assessment Methodology • CDIC Management team individually interviewed to identify: • Inherent corporate risks • Risk management practices • ERM Committee collectively: • Confirmed corporate risk catalogue • Assessed each risk • Assessed corporate risk management culture • Results reported to CDIC Audit Committee • Process validated by Internal Audit

  30. Current ERM Implementation Steps • Developing ERM Board reporting package • For each “Insurance Risk”: • Further documenting risk management practices • Developing Board policies / risk tolerances • Further integrating ERM and strategic planning • Validating CDIC’s catalogue of corporate risks against its environmental scanning results

  31. Future ERM Implementation Steps • Document risk management practices / develop Board policies for remaining risks • Conduct risk (and risk management culture) assessments for remaining risks and for each business function • Validate initial corporate risk (and risk management culture) assessments • Initiate regular ERM Board reporting • Fully coordinate ERM and strategic management • so that risk decisions are explicitly integrated into strategic and day-to-day decision making

  32. ERM Benefits to Date • Clarified Management’s collective understanding of risks and the risk management practices • Evidenced that CDIC is aware of, and is managing its significant corporate risks • Confirmed: • CDIC’s Corporate Plan is focused on the right initiatives • Resources are allocated to areas of greatest concern • A strong corporate risk management culture

  33. ERM Lessons Learned • Implementing ERM is like filming a long / complex movie • Hire a director (CRO) • Have a clear story (ERM implementation plan) • Engage studio executives (Board Governance / ERM Policy) • Engage actors (ERM Committee / Management) • Film one scene at a time (Corporate-level risk assessment) • Keep camera focused (ERM implementation plan)

  34. More ERM Lessons Learned • Risks are like an onion • They have many layers • Each risk has many sub-risks - which in turn have many sub-risks • Cutting through too quickly can cause tears • Don’t try to do everything at once - peel layer-by-layer • It is easier to peel the outer layers before you peel the inner layers - CDIC started with a corporate-level risk assessment and is now conducting risk assessments at a more detailed level

  35. Closing Remarks • ERM is not a “one time” project but a continuous process that needs to be: • Ingrained into your strategic and daily decision-making • Subject to effective corporate governance • Supported by an appropriate control environment • It is complex - so keep it simple

  36. Questions?

  37. Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Protecting Your Deposits CDIC’s Experience in Implementing ERM J.P. Sabourin President and Chief Executive Officer CDIC April 2004

More Related