Booker & Associates. For more information, contact Fay Booker, 1

Similar documents
Successfully identifying, assessing and managing risks for stakeholders

MISSION VALUES. The guide has been printed by:

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Export Development Canada

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

COMMERCIAL LENDING POLICY DEVELOPMENT GUIDE Minimum Considerations

Internal Auditing Guidelines

NATIONAL BANK OF ETHIOPIA MICROFINANCE INSTITUIONS SUPERVISION DIRECTORATE. RISK MANAGEMENT GUIDLEIES for MICROFINANCE INSTITITTIONS (FINAL)

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

6/8/2016 OVERVIEW. Page 1 of 9

Excerpt from the ACGR on Enterprise Risk Management

Risk management systems of responsible entities

RISK MANAGEMENT AND COMPLIANCE

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Sample Financial institution Risk Management Policy 2011

COMMERCIAL LENDING POLICY DEVELOPMENT GUIDE Minimum Expectations

Revised May Corporate Governance Guideline

Audit, Risk Management and Compliance Committee Charter

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

Risk Concentrations Principles

COSO Internal Control Integrated Framework (2013)

GUIDANCE FOR MANAGING THIRD-PARTY RISK

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

The APRA Supervision Blueprint

Charter of the Compliance and Operational Risk Management Office (CORMO)

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

Public Sector Pension Investment Board

Internal Controls and Risk Management Report

Internal Control Integrated Framework. May 2013

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Saxo Capital Markets CY Limited

Basel II, Pillar 3 Disclosure for Sun Life Financial Trust Inc.

Managing Risk at Bank of America Corporation. Overview

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

ENTERPRISE RISK MANAGEMENT POLICY

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Policy and Procedure Statement

Credit Union Liability with Third-Party Processors

Capital Requirements Directive Pillar 3 Disclosure. December 2015

EIB Group Risk Management Charter

The Compliance Universe

Internal Audit Framework

GOLDSMITHS University of London COUNCIL. FINANCE AND RESOURCES COMMITTEE 18 March 2014

and Risk Tolerance in an Effective ERM Program

Consultation Document: Review of the Treatment of Charitable and Religious Organisations under the Non-bank Deposit Takers Regime

IOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS

md&a Prospera Credit Union MANAGEMENT S DISCUSSION AND ANALYSIS For the year ended December 31, 2014

on Asset Management Management

PILLAR 3 DISCLOSURES 2009

Developing an Effective Enterprise Risk Management Program

SUPERVISORY AND REGULATORY GUIDELINES: PU GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

Matthew E. Breecher Breecher & Company PC November 12, 2008

Enterprise Risk Management

Risk Management Programme Guidelines

WFP ENTERPRISE RISK MANAGEMENT POLICY

GUIDELINES ON INVESTMENT MANAGEMENT FOR LABUAN INSURANCE AND TAKAFUL BUSINESS

Audit Committee Oversight of Foreign Operations. November 2014

A Risk-Based Audit Strategy November 2006 Internal Audit Department

Consultation on the Regulation of Chief Risk Officer roles under the Solvency II regime Part 2 - Detailed considerations

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

HEALTH, SAFETY & ENVIRONMENT AND BUSINESS RISK COMMITTEE CHARTER

FINANCIAL SERVICES FLASH REPORT

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

The PNC Financial Services Group, Inc. Business Continuity Program

Risk Management Policy Adopted by:

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Code of Practice - Risk Management Including With Regard To Debtors

IFAD Policy on Enterprise Risk Management

Risk Management. Risk Management Overview. Credit Risk

REINSURANCE RISK MANAGEMENT GUIDELINE

Fraud Risk Management

RISK-BASED SUPERVISORY FRAMEWORK TEMPLATE FOR INSURANCE COMPANIES

Risk Management Policy

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

LIST OF AVAILABLE COURSES

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

Integrated Risk Management:

FOREIGN EXCHANGE RISK MANAGEMENT

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK

Internal Audit Terms of Reference

East Carolina University Office of Internal Audit Risk Assessment Preliminary Work

Risk Management Guidelines For Co-operative Financial Institutions

RISK MANAGEMENT SYSTEM

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Statement of Guidance: Outsourcing All Regulated Entities

What is reputation / reputation risk? What is a reputation risk?

Supporting information technology risk management

Managing General Agents (MGAs) Guideline

Supervisor of Banks: Proper Conduct of Banking Business [9] (4/13) Sound Credit Risk Assessment and Valuation for Loans Page 314-1

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

Enterprise-Wide Risk Assessment

Risk Management. Mike Loughlin Senior Executive Vice President Chief Risk Officer. May 22, Wells Fargo & Company. All rights reserved.

Transcription:

For more information, contact Fay Booker, fbooker@bookerandassociates.com 1 Booker & Associates

Introduction Credit Unions are in the risk taking business. With every transaction, a Credit Union takes credit, market, corporate and/or operational risk. Money is made by taking risk and money is lost by not managing risk. Credit Unions have a significant duty to the depositor members when using their deposits to fund other member transactions. Management and Boards are looking for tools to assist them in undertaking effective oversight and management of risk. The Credit Union s ability to manage the inherent risks of the business will determine its financial strength, stability and ultimately its ability to serve its members. Enterprise Risk Management (ERM) represents an approach to managing all risks that are inherent to the business. The complexity of the inherent risk profile of a credit union is increased in breadth and depth by its internal characteristics such as: number of products and services delivered, business strategies employed, number of staff, extent of capital employed, number of points of contact for sales, geographic coverage and stakeholder accountabilities. There are also external characteristics which impact the credit union s risk profile. Risk Management is one of five key drivers of financial strength along with sales effectiveness, member satisfaction, employee satisfaction, and operational capability. ERM is an underlying methodology that supports the principles of the standards of sound business issued by the deposit insurance regulators. THE CONCEPT: What is Risk and What is ERM? Risk is generally defined as an event or activity which could prevent an organization from achieving its goals. Risks can cause financial loss, damage to a credit union s reputation within the business community and with its members, and/or could cause an organization to miss an opportunity in the marketplace. Enterprise Risk Management (ERM) involves a strategic analysis of risk across the credit union. The view is enterprise wide rather than silo oriented it cuts across business units and departments and considers end to end processes. ERM will not eliminate risk but rather provide a framework in which an organization can effectively identify and manage risks or exposures. Exhibit I: External Factors Priorities, Goals & Objective Assessment of Risk Likelihood/Impact/Response Risk Profile Internal Realities ERM enables a credit union to identify and evaluate its risk profile. Thereafter, the Board and Management can determine appropriate responses to the risk profile, given the business environment and the organization s objectives and priorities. For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 2

The ERM process ensures that the people who are stewards of the credit union and the depositors funds are explicitly recognizing the risks that they are charged with managing and governing. This recognition allows more attention to be given to areas of highest risk. Risks are represented in the external environment in which the organization chooses to operate, as well as those in the internal environment. Those in the external environment and generally outside of the organization s direct control include the political environment and public policy, world events, the economy, regulator s actions, natural geographic challenges, social policy changes, and the competition. Risks that are within an organization s control include reputation, safety of employees, business strategies taken, safeguarding of assets, ethics and culture. Why Adopt ERM? Credit Unions that choose to adopt an enterprise risk view do it to be informed. By being informed, the Board of Directors, senior management, and unit management can operate in an informed status and be proactive in managing the multitude of risks. There are numerous benefits to implementing ERM. To identify a few: - Permits alignment of risk and strategy - Achieves clarity of accountability - Identifies all risks including those that have been traditionally overlooked - Allows for informed choices and decisions - Allocates greatest resources to areas of greatest risk - Streamlines costs and capital. Eight Step Process The steps involved in the ERM process include: 1. Identify 5. Responsibility 2. Measure 6. Monitor 3. Assess 7. Report 4. Response 8. Inform. Exhibit II: ERM Circle Inform Identify Assess If ERM is to be successful, there must be clear support at the Board and CEO level. This is demonstrated through the appointment of a Risk Officer, the establishment of a Risk Management Committee, establishing risk focused policies (at Board and management levels), providing risk education across the organization, and involving staff in the implementation process. All of these are important to create a risk aware culture in the credit union and for all staff to see their role in managing risk. Report Monitor Responsibility Response Measure For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 3

Risk Analysis (Identify, Measure, Assess) In undertaking the risk analysis, the credit union will identify the variety of risks that it is exposed to. Credit Unions will typically categorize risks under the headings of strategic, credit, market, operational, and corporate, for ease of cataloguing and assigning responsibility for managing. Risk management cannot be achieved without the risk analysis and assessment stage being completed. Until an organization knows what risks it is exposed to, it cannot effectively develop a prudent risk management response. Each risk can be assessed in terms of likelihood of the risk occurring and the degree of impact in the event that the risk does occur. For those risks that rank as high likelihood and high degree of impact, an aggressive risk management response can be adopted. This best equates resources to areas of greatest risk. It can also identify where the credit union may be allocating excess resources to low risk areas. This filtering of risks permits the Board to identify where it needs to set policy and what areas need monitoring at the governing level. Indicators of Risk There are certain events that will represent times of heightened risks in an organization. Some indicators would include: Change e.g. mergers, restructuring, the implementation of new systems during times of change there can be confusion and lack of familiarity by staff with processes providing a high risk environment a higher chance of error or even fraud. Multiple points of access the greater the number of points of access by the member into the organization increases the challenge of monitoring all and safeguarding access. Evolving business and products introducing new business or new products can introduce new inherent risk to an organization which has not been managed before Concentration of business and/or reach of business offering one product to a restricted type of member base can create an undue concentration of risk; the further operations are from head office the greater the potential risk for less adherence to company practice. These characteristics may change over an organization s business cycle. Therefore, it is important that management stay attuned to changes in the business. These changes can be external and/or internal. When there is change in the risk profile, the risk analysis and assessment should be reconsidered and a conscious decision taken on the appropriate risk response. For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 4

The Risk Profile of a Credit Union The concept of managing risk is not new for credit unions. The very nature of operating any financial institution is to manage risks. A credit union is the compilation of risks inherent to the operating and managing of a financial institution, i.e.: Credit risk: risk of financial loss resulting from the failure of a counterparty to honour its obligation to the credit union. Market risk: presented through valuation of loan portfolio and deposits: risk of financial loss resulting from changes to values of assets or liabilities of the credit union. Includes interest rate risk and foreign exchange risk. Liquidity risk: risk that the credit union is unable to meet its financial obligations as they fall due. Also entails sufficiency of the deposit base and/or other funding sources to maintain the asset base. Operational risk: presented through daily operations: risk that the credit union may not be able to offer its products and services to members or perform vital functions required for the conduct of its business, in a costeffective manner. Includes technology risk. Corporate risk: risk that arises from failure to develop and adhere to a set of principles and values that direct and guide actions of the credit union, its directors, officers and staff. Includes indiscriminately placing the credit union in danger of unnecessary costs, financial loss, or damaging its reputation. Includes failure to comply with regulatory requirements. Credit unions are very familiar with the need to explicitly manage credit, market and liquidity risk. There generally are policies, underwriting procedures, careful thought into derivative transactions and placement of investments. However management of operational risk and corporate risk has generally been less organized and instead is often managed through an adhoc collection of procedures. If it is thought that, subconsciously, management and staff know what the risks are and processes have simply evolved over time, there may not be an efficient integrated risk management structure in place. If risks are identified and evaluated, then the organization can efficiently allocate resources to those areas of higher risk, and also focus attention by line personnel and in supervision and oversight actions. For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 5

Risk Management Response and Responsibility A risk response can be chosen for each risk and a person can be delegated responsibility for the risk. Exhibit ІII defines the four risk responses that can be selected to deal with any given risk: avoid, accept, transfer, mitigate. Exhibit III Avoid this response is to not accept the risk, e.g. exit the business. Accept this response is to accept the level of risk and take no action to minimize it further, e.g. establish reserves. Transfer this response is to transfer the risk to someone else, e.g. purchase insurance. Mitigate this response is to take action to manage the risk generally through a system of internal controls. The appropriateness and adequacy of the response to a risk needs to be decided in the context of the severity of the risk (obtained by likelihood X impact). The risk response for each credit union will be different and will vary in response to the organization s culture and risk tolerance level. The actual actions of managing the risk will occur at different levels within the credit union, at the governing level, senior management level, business unit level, and process level. For example, the Board of Directors establishes governing policies, senior management sets operating policy, line management and front office personnel set out procedures for implementation, the business unit manager establishes monitoring procedures such as exception reporting to monitor for compliance to policy and procedures, and controls such as segregation of duties are established within processes. Risk management also requires ongoing monitoring so that the risks continue to be managed through the chosen risk response. This can be conducted through annual reviews of the risk response strategy, exception reporting on specific events. Monitor, Report and Inform After implementation of the risk responses and management techniques, the managers then monitor the actual activities to ensure that the identified risk stays within an acceptable threshold. Other units within the credit union may take on a monitoring role. Some organizations have adopted centralized risk management groups who have a responsibility to determine risk parameters and monitor actual results to ensure that the established parameters are met. Internal Audit also becomes part of the monitoring process assuming the function is utilizing a risk-based internal audit approach. The Board and senior management will require information to be reported that allows them at their level of responsibility to be aware of the integrity of managing risks across the organization. Managers should determine the form of reporting necessary to best inform the oversight body. Additionally Internal Audit needs to structure its reports to follow a risk focus. Information from the reports can be used to inform the annual update of the risk analysis process as well as the updating of risk responses and policies. For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 6

Starting and Maintaining ERM Practices Adopting ERM generally requires the Credit Union to make changes to current practices, processes and measures. Getting started has the following key activities: Building awareness and understanding Adopting enterprise risk management methodology Establishing roles and responsibilities Comparing current practices against the Standards of Sound Business. Maintaining ERM has four key activities: Ongoing understanding Updating the risk profile Measuring the risks Reporting on indicators SUMMARY A Credit Union can provide for its sustainability and success into the future using an integrated Enterprise Risk Management methodology. Adopting an Enterprise Risk Management process is a shift in philosophy from dealing with risk on an ad hoc basis to an organized and explicit basis. This requires a shift in thinking from focusing on only one or two dominant risks, to a proactive, well thought out, and well planned program designed to deal with all inherent risks. Booker & Associates promotes excellence in Corporate Governance, Risk Management and Operational Effectiveness. Since 2004, we have worked with organizations across Canada to provide solutions that lead to substantial results. Booker & Associates provides services to support Boards in exercising good governance including governance education programs, governance coaching, Board and Director evaluation processes, governance policy writing, and strategic planning facilitation. We provide training on Enterprise Risk Management, facilitate risk workshops, and assist organizations in building risk frameworks, accountabilities, and measurements. Visit our website at www.bookerandassociates.com For more information, contact Fay Booker, fbooker@bookerandassociates.com Booker & Associates 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information