Credit Unions RISK ADVISORY SERVICES. Enterprise Risk Management, Internal Audit and Complex Accounting Services

Transcription

1 Credit Unions RISK ADVISORY SERVICES Enterprise Risk Management, Internal Audit and Complex Accounting Services

2 Credit unions care about personal service. So do we. How BDO works with credit unions Credit unions are dedicated to delivering the highest level of service competence and professionalism. From personal and commercial banking to investing and borrowing, BDO s Risk Advisory Practice understands the unique grassroots nature of credit unions and their place in Canadian communities. We pride ourselves on offering practical, local advice combined with national and international resources to effectively serve organizations like yours. Where BDO Risk Advisory Services can help We will work with your audit committee and board of directors to remain informed of regulatory changes, while ensuring standards are upheld. We provide services in complex accounting (including IFRS), enterprise risk management, and internal audit. CREDIT UNION EXPERTISE We are committed to providing the guidance and expertise required to help your credit union proudly serve its community and members. As knowledgeable, reliable providers of a wide range of financial services, we understand the deep roots that credit unions have in their communities. Our team is proud to offer value-added services that positively impact our communities. Our cross-functional team is specifically devoted to credit union issues. We encourage collaboration among our credit union specialists and exchange information and ideas to better serve valued clients like you.

3 Enterprise risk management In 2011, DICO revised by-law #5 - Sound Business and Financial Practices - to reflect recent changes to industry best practices and emerging issues. Part of the review process consisted of the development of an enterprise risk management (ERM) framework which includes Class 2 Credit Unions. DICO further prescribed the basic requirements for an ERM program for Credit Unions to include, at a minimum a: 1. ERM policy that should be reviewed at least annually. 2. Appropriate risk appetite statement that describes its overall approach to risk. 3. Defined responsibility of the Board, Audit Committee and senior management. 4. ERM reporting structure that clearly identifies the risk profile and the status of significant risk. Our ERM service offerings range in nature and are specifically designed and are scaled to reflect and size and complexity to meet your credit union s individual needs. Practical and proactive ERM strategies, be it ad-hoc or full-scale, can help an organization meet strategic organizational goals and objectives, moreover, allow you to protect and create value of your stakeholders. BDO s Risk Advisory Services team can assist you with the following types of ERM-related projects: Identifying or validating your business risk registry or universe. Establishing an ERM policy, framework and ERM program which seamlessly blends in with the size and culture of your organization. Evaluating your current ERM program or process and provide a benchmark against similar organizations. Facilitating ERM workshops and training within your organization to enhance your current ERM program and thereby validate or establish risk rankings. Integrating your ERM program with other established corporate governance initiatives such as CEO/CFO certification, business continuity management, internal audit and other initiatives. Most credit unions have already established methods of risk management in their organizational environments and in daily activities. They may seem simple and basic but they are still proven and substantiated approaches which help mitigate risk. The ability to establish such processes and procedures can help a credit union achieve corporate objectives as well as indirectly mitigate some of the risks that may arise by association. Some common examples of risk categories and sub categories already provided by DICO include: Strategic risks Strategy development and implementation Competition Performance and viability Member demographics Economic/external risk Credit risks Default risk Concentration risk Financial risks Market/investment risk Structural risk (asset/liability mismatch risk) Liquidity and funding management Capital management Operational risks Fiduciary risk Information technology risk Outsourcing Fraud Member satisfaction Personnel Compliance risks Regulatory (CU/CP Act) Other legislative requirements BDO ERM Framework Governance & Planning Identify & Rank Risk Assign & Assess Risks Monitoring & Reporting Objective Establish ERM roles and responsibilities Establish an ERM Program Establish a risk universe with periodic risk assessment Align risk with business objectives Quantify key risks Determine risk treatment strategies Assign risk to process owners Identify key metrics for risk monitoring and reporting Establish management reports for the ERM program Deliverable Establish an ERM poicy Establish an ERM framework Risk registry or risk universe Summary of key risks Departmental risk reports Departmental action plans Risk Management reports Action plan status report

4 Internal audit services All companies face new corporate governance concerns, as well as intense internal and external scrutiny. A reactive approach to internal audit is no longer acceptable; there can be no surprises when it comes to managing the risks and opportunities in your business. We have found that many internal audit groups struggle with a number of conflicting demands, most notably contention for resources while trying to maintain traditional IA functionality. The BDO Risk Advisory Services practice has developed a suite of services designed to help clients develop and implement an internal audit function or, transform a standard, compliance driven IA function into one that is proactive and risk-oriented that fits with their risk management framework and strategy. We can help you align your internal audit function with the overall objectives of your credit union. Our services include: Establishing an effective internal audit function Quality Assurance Reviews gauging the effectiveness of the internal audit function Strategic partnering and co-sourcing Risk assessment services Managing the internal audit function Constructing audit services Financial institutions compliance IT audit services In recent years the Internal Audit function has taken a more dynamic approach or value added approach and now provides consulting on the overall Risk Assessment Approach within an organization as well as providing assistance with process improvement or process reengineering. The BDO Internal Audit Continuum depicts the range from traditional compliance approach to the more dynamic value added Risk Management approach. Internal Audit Methodology The BDO International Internal Audit Methodology is our approach to providing Internal Audit services of the highest professional standard, consistently on a global basis. Our methodology is based on world s best practice for Internal Audit services. It reflects standards established by the Institute of Internal Auditors International Professional Practices Framework, Standards for the Professional Practice of Auditing and Standards for Risk Management. Stages 1 to 3 of our methodology (depicted in the figure in the top right) set out our approach to risk based planning. It is designed to understand the complexities of the operating environments in which the risk based Internal Audit function is planned and performed. Our understanding is built in consultation with key stakeholders. Supported by our own network of multi-industry and multi-disciplinary specialists, it provides the basis for the development of a risk based review strategy and plan. Essentially, our understanding is applied and developed throughout all phases of our iterative process. Compliance Approach Financial & Regulatory Compliance Audits Operational Auditing Review Internal Risk Assessment Process Business Process Improvements Enterprise Risk Management Risk Management Approach

5 Complex accounting Generally, credit unions are involved in many of the most complex accounting practices. Treasury practices like hedges and swaps are used to minimize risk and require specialized knowledge and expertise to properly account for transactions. Our professionals can provide assistance and the appropriate audit services for your year-end assurance requirements. For example, BDO s IFRS Conversion Services Group has used its expertise and extensive knowledge of credit unions regulatory environment to develop a unique, cost-effective solution for small to mid-sized credit unions. Express IFRS Conversion (CU-IFRS) provides a pre-packaged consulting solution to streamline the compliance process, and mirrors common IFRS conversion risks that are specific to credit unions. This group has presented webinars in association with DICO ( IFRS Conversions Keeping it Practical ) and has provided expert advice on complex accounting issues that may arise on transition to IFRS, such as Loan Loss Provisioning. The BDO difference In a marketplace that typically provides two types of accounting firms the large scale global provider, or the smaller relationship driven local firm BDO provides a real and sensible alternative. We want to give our clients an option that is distinctively different. What sets us apart from our competitors is the way we see, listen and think about our clients. It s this dedication and commitment to our clients that helps us deliver distinctively different relationships and results. There are many advisory firms with experience in the financial services sector; however there are many organizations within this sector with special requirements that can only be properly serviced when those who have the experience are made directly available. Our Risk Advisory Services partners and senior professionals are available for hands-on client support and interaction. The partners and senior team members are the ones who have the experience and can make the engagement as smooth as possible. We take a partner-led approach which delivers the highest quality of service. Global Resource Sector specialization Big 4 Proximity/Intimacy/Loyalty BDO The rest About BDO As one of the largest firms in Canada and a true single partnership across the country, BDO Canada is clearly placed in a strong competitive position relative to the Big 4. BDO possesses the size and strength to provide our clients with a full range of comprehensive accounting and business advisory services, while retaining the local flexibility and personal attention needed to focus on individual client needs. BDO Canada has over 100 offices nationally with more than 2,500 professional staff.

6 OUR TEAM Sam Khoury, CA IT, CPA, CITP - Partner skhoury@bdo.ca Direct: Sam has extensive years of assurance and risk advisory experience specializing in the implementation of change management projects, including IFRS conversions, enterprise risk management, and other corporate governance initiatives. He previously articled in assurance and advisory services where he managed a client portfolio of blue chip corporations, financial institutions and medium-sized public companies. His further expertise includes internal controls, project management (PMBOK), risk management, change management, business process re-engineering, and technology solutions alignment with business objectives. Carlo Mariglia, CA, CPA, CISA, CIA - Partner cmariglia@bdo.ca Direct: Carlo manages and supervises numerous Risk Advisory engagements across multiple industries. He has extensive experience in co-sourcing Internal Audit functions and ERM consulting. He has also played a key role assisting numerous Canadian public companies and other publicly-accountable enterprises in their transitions from Canadian GAAP to IFRS. He previously articled in assurance and business advisory services, managing various public company engagements, and later focused on evaluating internal controls over financial reporting, business process enhancement, IT audit, internal audit, and risk management. His further expertise includes corporate governance practices, project management framework and practices, implementing the Business Continuity Management Program under BS 25999, and establishing and maintaining an internal audit function in accordance with IIA standards.

7 OUR TEAM Pierre Taillefer, CA, CISA, CFE - Partner ptaillefer@bdo.ca Direct: ext Pierre leads the RAS practice in Montreal with 20 years of in-depth experience. He has been involved in various engagements covering service organization controls reports, the Sarbanes-Oxley Act of 2002 and Multilateral Instrument , investigation and anti-fraud programs, management of internal audit outsourcing engagements, outsourcing contract reviews, compliance mandates, and business process, internal controls, due diligence and security reviews. He has also worked with cash logistics, IT outsourcing (including applications and hardware) and broker-dealers. His further expertise includes business process re-engineering, technology solutions alignment with business objectives, and IT risk and controls. David Knott, CISA - Senior Manager dknott@bdo.ca Direct: David is responsible for the management and supervision of numerous information technology, internal controls, and IT security related engagements for the BDO Technology and Risk Services Practice. Prior to joining our firm, he provided IT security services in assurance and business advisory services in the technology risk management groups of two other leading firms, managing various information system services engagements for a wide range of clients. His further expertise includes information systems audit services, IT general controls assessments, payment card industry services, internal IT controls design and testing, ISO consulting services, IT forensic services, CEO and CFO certification services, ethical hacking services, disaster recovery and business continuity planning, and IT project management consulting.

8 Contact BDO Sam Khoury Carlo Mariglia David Knott Pierre Taillefer BDO Canada LLP, a Canadian limited liability partnership, is a member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. GB-CU-R.03.11