ENTERPRISE RISK MANAGEMENT POLICY

Size: px
Start display at page:

Download "ENTERPRISE RISK MANAGEMENT POLICY"

Transcription

1 ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February 2008 and adopted by resolution of the Board on 6 March 2008 Revisions approved by the Risk Management Committee on 21 November 2014 and adopted by resolution of the Board on 04 December 2014

2 Contents Page A. Introduction 1 B. Statement of Policy 1 C. Objective 1 D. Enterprise Risk Management (ERM) Framework 2 E. ERM Process 3 F. ERM Governance Structure 4 Attachment 1: ISO 31000:2009 Risk Management Principles and Guidelines

3 VERSION NO. 3 REVISION NO. 2 PAGE NO. 1 of 7 A. Introduction Apart from the diversity of operations within the Ayala Group of Companies (herein referred to as the Group, its accountability to its stakeholders is further heightened with the incessant changes in the social, economic and political environment in the Philippines. To address the threats stemming from this situation, while also harnessing business opportunities as they arise, Ayala Corporation (herein referred to as the Company ), established an Enterprise Risk Management (ERM) Process that will provide a focused and disciplined approach in (1) identifying and analyzing risks on entering new investments; (2) managing the financial and operational stability of the Company; and, (3) recognizing risks inherent in the companies in its portfolio. The Company believes that risk management is an essential function for adopting strategic decisions, and having the proper approaches in place will pave the way for sustainable and resilient business operations for all its stakeholders B. Statement of Policy In general, risk affects the achievement of a Company s goals and objectives. With proper risk management in place, effects of negative risks may be alleviated, while positive risks may be capitalized, providing greater chances of enhancing the Company s value for all its stakeholders. Given the benefits provided by risk management, the Company strongly commits to the implementation of risk management within its organization. It shall utilize its risk management capabilities to maximize the value from its assets, business portfolio and other strategic business opportunities. The Group shall also embed it into their critical business activities, functions and processes to encourage enterprise and innovation. With a solid platform and strong commitment to risk management, the Company believes that they will be able to establish sustainable competitive advantage, optimize risk management cost, and pursue strategic growth opportunities with greater speed, skill and confidence. C. Objectives The ERM Policy provides the necessary foundation and organizational arrangements for managing risks across the Company. This document: Outlines the formal policies and procedures that will govern an integrated and enterprise-wide risk management process within the Company; States the key elements of the ERM framework that will assist in the effective implementation of the risk management process; Sets out a consistent approach for managing risks across the Company, aligned with relevant standards and industry s best practices; Presents the risk governance structure who will be responsible for the implementation of this policy; and,

4 VERSION NO. 3 REVISION NO. 2 PAGE NO. 2 of 7 Establishes the roles and responsibilities of each party at Ayala Corporation with regard to risk management. D. Enterprise Risk Management (ERM) Framework The approach to risk management is contained within and applied through Ayala Corporation s ERM Framework that is based on ISO 31000:2009 Risk Management Principles and Guidelines (refer to Attachment 1). This framework will assist in the effective application of the risk management process and shall ensure that relevant information for decision-making is timely and adequately reported. The components of the framework are as follows: Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Figure 1. Ayala Corporation s Enterprise Risk Management Framework Adapted from ISO 31000:2009 Risk Management Principles and Guidelines The continuing success and effectiveness of risk management largely depends on the strong and sustained commitment to it by the Company s management, supported by strategic and rigorous planning to achieve involvement at all levels of the organization and a risk-aware culture. As the ultimate champion in risk management, the Chief Risk Officer (CRO), with the assistance of the (GRMU), has the main responsibility in the implementation of risk management within the Company. In order to ensure that the program in place is effective and facilitates the achievement of the Company s goals and objectives, the GRMU must continuously monitor and periodically review the risk management framework. Based on the results of framework monitoring and review, recommendations for improvement may be provided by all personnel in the organization. All recommendations must then be consolidated by the GRMU for review by the CRO and approval by the BOD.

5 VERSION NO. 3 REVISION NO. 2 PAGE NO. 3 of 7 E. ERM Process Similar to the framework, Ayala Corporation s ERM Process also follows ISO 31000:2009. To be effective, this process shall be an integral part of management and embedded in Ayala s culture and practices. The activities comprising Ayala Corporation s ERM Process are as shown below: Establishing the context Communication and consultation Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitoring and review Figure 2. Ayala Corporation s Enterprise Risk Management Process Adapted from ISO 31000:2009 Risk Management Principles and Guidelines At all stages of the ERM process, an open communication and interactive consultation between top management and different business units shall take place, as this is a key to easier understanding between stakeholders and those accountable for implementing the risk management process. The Board of Directors (BOD), management committees, CRO, GRMU and different risk owners should have a collaborative effort in discussing the Company s risk management goals and objectives, defining the external and internal parameters to be considered and setting the scope for the remaining process. The GRMU, with the approval of the CRO and BOD, shall establish the Company s strategies, design and required infrastructure to ensure that the risk management capabilities of the Company are adequate. The GRMU shall then ascertain that periodic business risk assessment sessions are part of the annual strategic and business planning activities of the Company to guarantee that all significant risks are identified and evaluated appropriately. The results of risk identification, risk analysis and risk evaluation shall be reviewed periodically by the GRMU, communicated to the CRO, and reported to the BOD.

6 VERSION NO. 3 REVISION NO. 2 PAGE NO. 4 of 7 Once risk assessment has been completed, risk owners shall recommend the appropriate plan of action for addressing risks in their respective functional areas. Prior to implementation, all risk treatment plans must be duly reviewed by the GRMU. Monitoring and review of the risk management process should be conducted at regular intervals by the GRMU. It should encompass all aspects of the risk management process, and the results of which should be recorded and reported to the Risk Management Committee (RMC). In summary, the following are the key deliverables for the ERM process: Activity Key Deliverable Person Responsible Risk management goals and o Prepared by GRMU objectives o Reviewed by CRO o Approved by BOD Establishing the Context Risk management policy Risk management governance structure Risk Assessment Risk Universe o Prepared by risk Risk Treatment Risk Monitoring and Review Risk Dictionary Risk Portfolio Risk Analysis Report Risk Treatment Plan Updates to Ayala Risk Portfolio Periodic Risk Management Report Annual Risk Management Report owners o Reviewed by GRMU CRO F. ERM Governance Structure To ensure an effective and efficient management of risks within Ayala Corporation, the Company implements a risk governance structure such that an integrated and independent view of risk exposures can be obtained. Board Oversight Risk Governance Audit Policy & Management Board of Directors Risk Management Committee (RMC) Risk Appetite/Tolerance Risk Management Processes Management Committees *Committees created by Management * Internal Audit Chief Risk Officer (CRO) (GRMU)

7 VERSION NO. 3 REVISION NO. 2 PAGE NO. 5 of 7 Embedded Risk Management ERM Policy Corporate Strategy ERM Program Risk Owners Transactional Risk Management Corporate Resources Monitoring & Reporting Corporate Governance Finance Figure 3. Ayala Corporation s Enterprise Risk Management Governance Structure Reporting Structure Board of Directors Risk Management Committee Line Management Parent Chief Risk Officer Affiliate/Subsidiary Chief Risk Officer Parent Group Risk Management Unit Officer Affiliate/Subsidiary Risk Management Unit The following is the framework of responsibilities for risk management, in consistency with the Company s risk governance structure. a. Board of Directors Approves the Company s risk appetite and risk exposure allocation; Approves the Company s enterprise risk management policy and any revisions thereto; Approves the policies, strategies and systems implemented for the ongoing identification, control and mitigation of risk exposures; and, Reviews report from the Risk Management Committee with regard to the overall effectiveness of the risk management process. b. Risk Management Committee

8 VERSION NO. 3 REVISION NO. 2 PAGE NO. 6 of 7 Reviews and recommends to the Management the Company s levels of risk appetite and risk exposure allocation; Reviews and assesses the adequacy and sufficiency of the Company s policies and processes for risk identification, assessment and mitigation; Reviews the objectivity, effectiveness and efficiency of the Company s risk management function; and, Establishes a sound risk-aware culture throughout the enterprise. c. Management Committees Provide strategic leadership for the Company s risk management; Provide oversight of the strategic and operational risks for the Company, including reviewing the Company s risk universe and the progress of treatment plans that are being managed by different business units; Regularly identifies risk priorities and aligns business objectives with risk strategies and policies; and, Arbitrates and resolves conflicts arising from different risk mitigation strategies among business units. d. Internal Audit Provides objective and reasonable assurance that the internal control framework is operating effectively; Reports directly to the RMC any risk management issue due to identified internal control deficiencies and provide recommendations for improvement; Reviews the alignment of internal control framework with the identified risk exposures; and, Assists in the enhancement of the understanding of risk and controls among line staff. e. Chief Risk Officer The CRO is the advocate of enterprise-wide risk management at Ayala Corporation and oversees the entire risk management function. He: Works with the management committees, as well as operational units, to integrate risk management within the Company; Ensures that the Company s overall risk exposures are consistent with its risk appetite and are properly covered by risk policies; Strengthens systems and measurement tools needed to provide robust foundation for risk management; Identifies developing or emerging risks, concentrations and other situations that need to be studied through stress testing or other techniques; Ensures that all initiatives related to risk management are monitored and reported to the appropriate members of the organization; Monitors the top risks of the Company and reports status of the implementation of risk management strategies and action plans; and,

9 VERSION NO. 3 REVISION NO. 2 PAGE NO. 7 of 7 Ensures that the GRMU receives appropriate organizational support to implement enterprise risk management on a day-to-day basis. f. The GRMU has the overall accountability and ownership for the continuity and success of the enterprise risk management function. The GRMU Head, together with its members, shall: Continuously work with the CRO in developing, implementing, reviewing and improving the Company s ERM framework and associated policies and procedures; Formulate an annual risk management plan and coordinate overall enterprise risk management activities within the Company; Assist the Management in determining, evaluating and measuring the Company s risk exposures, risk appetite and risk tolerance; Ensures that developing or emerging risks and interrelationship of new and existing risks are regularly reviewed, updated and reported to the CRO; and, Facilitates continuing education of Company personnel in order to enhance the capacity and capability of all departments to effectively and efficiently manage risk. g. Risk Owners Are ultimately responsible for risks in their functional areas of responsibility; Collect and analyze risk data to provide risk information to the Board, RMC and other departments of the Company; Approve and coordinate risk management efforts and specific strategies in their functional areas; Recommend risk tolerance levels or risk limits with corresponding measurement methods for approval by the Board; Evaluate measurement methodologies used in quantifying risks in their functional areas; and, Evaluate the effectiveness of the infrastructure (e.g., people, systems, support) in place for managing specific risks in their respective functional areas. While the Company has formal risk governance structure, all staff still bear the responsibility to contribute to the continued improvement and enhancement of the Company s risk management capabilities. They shall take all reasonable and practical steps to perform their responsibilities in relation to risk management. Furthermore, they shall report to Management any incidents that may result in unacceptable levels of risk or non-compliance with established procedures for measuring and reporting risk.

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Clarius Group Risk Management Policy and Framework

Clarius Group Risk Management Policy and Framework 1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Mission/Purpose: Committee Responsibilities:

Mission/Purpose: Committee Responsibilities: Joint Charter of the Risk Assessment Committees of the Boards of Directors of New York Community Bancorp, Inc., New York Community Bank and New York Commercial Bank The following states the Joint Charter

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

Effective risk management

Effective risk management Effective risk management Our holistic and disciplined risk management program is designed to mitigate risks at all levels of our business in order to protect our clients interests. 2 Vanguard > Effective

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Enterprise Risk Management Policy

Enterprise Risk Management Policy Enterprise Risk Management Policy A Framework for Managing Opportunity and Risk Date: 27 November 2015 Version: 13.0 Classification: Unclassified Authors: Julie Holland - Risk Management Facilitator Quality

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Policy and Procedure Statement

Policy and Procedure Statement Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,

More information

THE GOVERNANCE OF RISK MANAGEMENT. Session 5

THE GOVERNANCE OF RISK MANAGEMENT. Session 5 THE GOVERNANCE OF RISK MANAGEMENT Session 5 Polling Question: Who is primarily responsible for risk governance in any organization? 0% A. The board or board risk committee (if applicable) B. The CRO 0%

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY Prepared by: SOL PLAATJE MUNICIPALITY RISK MANAGEMENT UNIT AND Consolidated Advisory Services This document should be read in conjunction

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

OAC Presentation to UNESCO Member States

OAC Presentation to UNESCO Member States OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose

More information

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly

More information

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES 20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

engage ERM ADVISORY Insurer Management Risk Committee Practices

engage ERM ADVISORY Insurer Management Risk Committee Practices engage ERM ADVISORY Insurer Management Risk Committee Practices 2012 There are three major organizational steps that insurers with significant Enterprise Risk Management programs usually consider: the

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Risk management and the transition of projects to business as usual

Risk management and the transition of projects to business as usual Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT

Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT March 2013 Table of Contents 1 Introduction 1 1.1 Overview 1 1.2 Board Matters 2 1.3 Matters Relating to Senior Management 4 1.4 Reporting to

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Copyright 2015 The Ins4tutes

Copyright 2015 The Ins4tutes ERM 57 Review ERM001 Speakers: Michael W. Elliott, CPCU, AIAF, Senior Director of Knowledge Resources, The Institutes Ann Myhr, CPCU, ARM, AU, Senior Director of Knowledge Resources, The Institutes Learning

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1 ERM and GRC Fundamentals Risk Management Definitions & Guiding Principles Module 1 Agenda Introduction: Purpose and Goal of the Training (5 min.) Section 1: ERM / GRC Terms & Concepts (15 min.) Section

More information

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 1 Version 1.0 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework) ROLE OF Financial is an independent function responsible for ensuring the timely and accurate reporting and in-depth analysis of the operational results of the operating units (including business lines)

More information

Issued on: 1 March 2013. Risk Governance

Issued on: 1 March 2013. Risk Governance Risk Governance PART A OVERVIEW... 1 I. Introduction... 1 II. cope of the Policy... 2 PART B PRINCIPLE OF RIK GOVERNANCE... 3 III. Board practices... 3 IV. enior management oversight... 7 V. Risk management

More information

Business Resilience and Risk Management

Business Resilience and Risk Management Policy Business Resilience and Risk Management Document Number GOV-POL-37 1.0 Policy Statement Stanwell is committed to delivering a business resilience platform across all levels of the business and its

More information

Accreditation Application Forms

Accreditation Application Forms The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

Creating Risk Gladiators

Creating Risk Gladiators Creating Risk Gladiators PALADIN RISK MANAGEMENT SERVICES, CREATING RISK GLADIATORS All organisations, no matter whether private, government or not-forprofit have one thing in common they all work in an

More information

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision Guidelines on the corporate governance principles for banks (

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

RISK AND COMPLIANCE COMMITTEE CHARTER

RISK AND COMPLIANCE COMMITTEE CHARTER 1. GENERAL SCOPE AND AUTHORITY 1.1 Introduction This charter governs the operations of the Risk & Compliance Committee of Redflex Holdings Limited (RHL or Company). 1.2 Purpose The Risk & Compliance Committee

More information

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP) Framework (Basel II) Internal Capital Adequacy Assessment PART A OVERVIEW...2 1. Introduction...2 2. Applicability...3 3. Legal Provision...3 4. Effective Date of Implementation...3 5. Level of Application...3

More information

Operational Risk Management Program Version 1.0 October 2013

Operational Risk Management Program Version 1.0 October 2013 Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are

More information

10-005 Enterprise Risk Management

10-005 Enterprise Risk Management 10-005 Enterprise Risk Management Current update: 09/16/10 Original Issuance: 03/31/08 Purpose This policy provides guidance and direction to State Board of Administration business unit heads for identifying,

More information