Risk Management Policy



Similar documents
3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

How to Develop Successful Enterprise Risk and Vendor Management Programs

Eclipx Group Limited Risk Management Policy

Risks and uncertainties

APPENDIX 50. Enterprise risk management - Risk management overview

Project Risk Analysis toolkit

Risk Management Policy Adopted by:

Infrastructure Ontario Enterprise Risk Management Program. National Executive Forum Yellowknife, NWT May 2013

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

CORP RISK MANAGEMENT POLICY & METHODOLOGY

SAI GLOBAL LIMITED Risk Management Policy

Enterprise Risk Management

Operational Risk Management in a Debt Management Office

RISK MANAGEMENT POLICY

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

How To Write A Risk Management Policy For The University Of Kerry

Capital Requirements Directive Pillar 3 Disclosure. December 2015

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Bridgend County Borough Council. Corporate Risk Management Policy

POLICY. Number: Title: Enterprise Risk Management. Authorization

RISK MANAGEMENT POLICY

Framework for Enterprise Risk Management

Risk Assessment & Enterprise Risk Management

A Risk Management Standard

How To Manage Risk

THE GOVERNANCE OF RISK MANAGEMENT. Session 5

Version: 3.0. Effective From: 19/06/2014

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

Compliance Policy AGL Energy Limited

Policy : Enterprise Risk Management Policy

Operational Risk Management Program Version 1.0 October 2013

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Risk Management Policy

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

Principles for An. Effective Risk Appetite Framework

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Fraud Prevention and Deterrence

Risk Management Philosophy and Approach

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

Matthew E. Breecher Breecher & Company PC November 12, 2008

Managing Risk at Bank of America Corporation. Overview

MLC Derivatives Policy

WFP ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Framework

Confident in our Future, Risk Management Policy Statement and Strategy

IT Governance. What is it and how to audit it. 21 April 2009

Sample risk committee charter

Credit Union Liability with Third-Party Processors

Pictet Asset Management Ltd

Risk Assessment Tool and Guidance (Including guidance on application)

YEARENDED31DECEMBER2013 RISKMANAGEMENTDISCLOSURES

COMPLIANCE CHARTER 1

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Risk Management Strategy and Guidelines

Enterprise Risk Management

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

The PNC Financial Services Group, Inc. Business Continuity Program

Risk Management Within an Organisation

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

What is Risk Management

RIT Capital Partners plc Shareholder Disclosure Document January 2015

IronFX Global Limited. Pillar 3 disclosures for the year ended 31 December 2014

Sound Practices for the Management of Operational Risk

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Brevan Howard Asset Management LLP Pillar 3 Disclosures. Brevan Howard (2014). All Rights Reserved.

CONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers

Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June Internal Environment / Objectives Setting

and Risk Tolerance in an Effective ERM Program

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Close Brothers Group plc

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Enterprise Risk Management & Information Technology

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Internal Audit. Final Report: Enterprise Risk Management Report Number: Audit Period: 01 May - 31 July 2013

Improving Financial Performance, Governance and Compliance

RISK MANAGEMENT POLICY (Revised October 2015)

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

How To Ensure That Sovini Is A Successful Business

POLICY : CORPORATE RISK MANAGEMENT

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Transcription:

Risk Management Policy June 2015 1

2

Contents 1. Policy Objectives and Background... 4 1.1. Policy Background... 4 1.2. Policy Objective... 4 1.3. Policy Sponsor and Maintenance... 4 2. Risk Types and Risk Appetite... 4 2.1. Investment Risk... 5 2.2. Development Impact Risk... 5 2.3. Environmental and Social Risk... 5 2.4. Business Integrity Risk... 5 2.5. Operational Risk... 6 3. Behaviours and Culture... 6 4. Governance and roles and responsibilities... 6 5. CDC s risk management framework... 7 3

1. Policy Objectives and Background 1.1. Policy Background CDC s mission is to support the building of businesses throughout Africa and South Asia, to create jobs and to make a lasting difference to people s lives in some of the world s poorest places. Risk is an inherent component of CDC s activities. The ability to effectively identify, assess, measure, respond, monitor and report on risk in activities is critical to the achievement of CDC s mission and objectives. 1.2. Policy Objective The objective of this policy is to set out the principal risk types that may face CDC group, CDC s appetite for these risks, and how CDC will manage these risks. 1.3. Policy Sponsor and Maintenance The COO is the sponsor of this policy and is responsible to review and maintain this policy and submit it to the Board Risk Committee for review and recommendation to the Board for approval at a minimum once every two years. 2. Risk Types and Risk Appetite CDC accepts that a level of risk is necessary in order to do business. CDC has identified five main categories of risk that it may face: Investment Risk Development Impact Risk Environmental and Social Risk Business Integrity Risk Operational Risk In addition to these risk types, CDC has identified reputational risk as a risk that it faces, which could be a consequence of any of the five main risk categories. These risks are further defined and sub-categorised in the CDC Risk Taxonomy, which sets out the risk likelihood scale and risk impact definitions for each risk category. CDC assesses individual risks based on their impact and likelihood. These risks are then mapped to a risk appetite grid to determine whether the risk is within or outside appetite as set by (and periodically reviewed by) the Board of Directors. The risk appetite describes the amount of each risk that CDC is willing to take in order to achieve its objectives. The CDC Risk Taxonomy is reviewed periodically to ensure it remains consistent with the risk appetite set by the Board. CDC s present risk appetite is set out below. Impact Extreme Medium High High High Major Medium Medium High High Moderate Low Medium Medium High Minor Low Low Medium Medium Unlikely Possible Likely Frequent 4

Likelihood 2.1. Investment Risk CDC s Memorandum of Associations states that in carrying out its mission it is expected to achieve attractive returns for shareholders. The financial risks at CDC are the risks of underperformance or unacceptable volatility of the investment portfolio return versus the chosen return to be achieved over the long term, including due to changes in foreign currency exchange rates. The inherently risky nature of the markets and projects in which CDC invests means high volatility in portfolio returns is accepted. However, a long term target return is periodically agreed between CDC s management, Board and shareholder. CDC should seek to earn a long-term return greater than this target, currently 3.5% per year. Failure to achieve this target, measured on a long term basis, is a major risk to CDC and CDC s appetite for this risk is minimal. 2.2. Development Impact Risk Development impact is at the heart of CDC s mission and the primary reason for its existence. Development impact risk is the risk that CDC will fail to achieve its development objective to create jobs and make a lasting difference to people s lives in some of the world s poorest places. Failure to achieve significant development impact is therefore a major risk to the viability of CDC s work and CDC s appetite for this risk is minimal. 2.3. Environmental and Social Risk CDC invests in countries and sectors where Environmental and Social (E&S risks) may be inherently high as a result of an absence of legislation and/or ineffectual oversight and implementation of national and international E&S laws and regulations. E&S risks in CDC investments cover risks associated with direct and indirect (including through supply chains) impacts, as well as cumulative and induced impacts. E&S performance is increasingly material to businesses and failure to assess, mitigate and manage such risks can result in (i) loss of market access and business opportunities, (ii) increased staff turnover, labour problems and reduced production efficiency, (iii) reduced ability to attract finance and investment, (iv) regulatory action, and (v) inability to operate as a result of community concerns about the behaviour and impacts of a company. All of the preceding can result in reputational risks to investee companies and CDC. 2.4. Business Integrity Risk This is the risk that the reputation, franchise or image of CDC is adversely affected by business integrity incidents at CDC or at companies in which CDC has invested capital. 5

The Board has minimal appetite for the disruption and reputation damage associated with a major public business integrity incident and expects this risk to be mitigated with strong controls. 2.5. Operational Risk This is the risk of loss or other damage to CDC resulting from inadequate or failed processes, people and systems at CDC or from external events impacting CDC. The reputational risk from a public airing of a major operational incident at CDC is not acceptable to the Board. The residual risk needs to be managed such that the possibility of a 10 million financial impact is remote, c. 1% or 1 in 100 years where measurable. The necessary cost base to achieve this is accepted. 3. Behaviours and Culture The culture and behaviours of staff at CDC are critical to ensuring effective risk management. The requirements are set out CDC s policies and procedures, including for example in the Business Integrity Manual and HR Policies and Procedures. Regarding risk management, the key requirements are: Risk and risk management is considered in business decision making CDC management and staff are expected to disclose and take appropriate action to mitigate known risks 4. Governance and roles and responsibilities Board The Board is responsible for setting overall risk appetite and approving risk management policies. Board Risk Committee The Board Risk Committee is established to oversee risk management and make recommendations to the board on risk management policy and risk appetite. The Board Risk Committee is also responsible for reviewing the principal risks facing CDC and escalating risk matters to the Board. Management Management is responsible for implementation of the risk management policy and framework within their respective areas of responsibility. Management is responsible for monitoring levels of risk and developing action plans to reduce risks to within appetite if appropriate and escalating risk matters to the Board Risk Committee for their consideration. Management may assign responsibility for the management of specific risks to individuals within the firm, referred to as Risk Owners. Management is also responsible for setting tone at the top in respect of risk management culture. 6

Three lines of defence Within the company, CDC generally adopts a three lines of defence model to managing risk. However, the size of the organisation means that in some cases there is overlap between the first and second lines of defence. This risk is mitigated by ensuring independent oversight from the Internal Audit function. 1st line the functions that own and manage risk (operational management) 2nd line the functions that oversee risk (risk management and compliance functions) 3rd line functions that provide independent assurance The CEO and COO, as members of senior management with responsibility for risk management are viewed as above the three lines of defence. The designation of functions or individuals within a particular line of defence is not intended to prohibit team working and collaboration between teams or to suggest a hierarchy between teams. Investment Risk Development Impact Risk Operational Risk Reputational Risk 1 st Line 2 nd Line 3 rd Line - Investment Teams - Investment Committees (Investment - CIO Decisions) - Finance Department (Valuations) - CIO (Portfolio construction) - Risk Management - Investment Teams - Operations Teams - CIO - Investment Teams - Operations Teams - Finance Teams - CIO - Investment Teams - Operations Teams - CIO - Investment Committees - DI Team - Risk Management - Internal Audit - External Audit - Internal Audit - External auditor of DI grid scores - Risk Management - Internal Audit - Investment Committees - E&S Team - BI Team - Risk Management - Internal Audit 5. CDC s risk management framework CDC s management is responsible for developing and implementing a framework to identify, assess, measure, respond, monitor and report on risk within CDC s activities. CDC s risk framework consists of the following key components: Aims and objectives CDC s corporate objectives and individual / team objectives are defined each year. They provide the basis for determining CDC s risk appetite. Policies and procedures policies set the rules under which CDC will operate and procedures describe how these policies need to be implemented, including setting out the key controls in place to mitigate risk. Risk registers risk registers document the risks facing CDC, the controls in place to mitigate those risks and assess the impact and 7

likelihood of the risk occurring. If risks are assessed as being outside appetite, mitigation plans are developed to reduce the level of risk. Key risk indicators key risk indicators are metrics used to provide an early signal of increasing risk exposures. They allow CDC to identify risk trends and take action before events occur. Incident management incident management and analysis allows CDC to ensure appropriate action is taken when incidents occur (when risks crystallise), validate the contents of the risk registers and determine whether action is required to avoid reoccurrence of similar incidents in future. Risk reporting reporting on identified risks to management and the board, including emerging risks and those that require action. Internal Audit monitoring independent monitoring of the implementation of the risk framework to ensure it is adequately designed and operating effectively. Further detail on each component of the risk management framework is set out in internal procedures manuals. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information