JP Sabourin - ERM Presentation

Report
CDIC
Protecting Your Deposits
CDIC’s Experience in
Implementing ERM
J.P. Sabourin
President and Chief Executive Officer
CDIC
April 2004
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Presentation Outline
CDIC’s ERM definition
CDIC’s rationale / objectives for implementing ERM
CDIC’s ERM implementation approach
 Initial steps
 Work currently being undertaken
 Future steps
ERM benefits / value derived to date
CDIC’s “Lessons Learned” in implementing ERM
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
CDIC ERM Definition
ERM
The comprehensive, systematic and disciplined
process by which CDIC identifies, assesses,
manages, monitors and reports on, at any point in
time, the significant risks inherent in its objects,
strategies, plans and affairs
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Rationale
CDIC is subject to Treasury Board of Canada ERM
Guidelines
Risk Management is one of four components of the
CDIC Standards “in control” framework
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
“In Control” Concept
The demonstration that CDIC’s affairs are:
Subject to effective governance
Being managed in accordance with ongoing, appropriate
and effective strategic and risk management processes
Being conducted in an appropriate control environment
and
Significant weaknesses (related thereto) are being
identified and appropriate and timely action is being
taken to address them
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Objectives
Demonstrate that:
CDIC has identified / understands / is managing its
significant risks
Risk decisions are:
Explicitly integrated into CDIC’s strategic and day-today decision making
Subject to good corporate governance
Being supported by an appropriate control
environment
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Objectives (cont’d)
Facilitate:
Validation of CDIC’s strategies / plans / initiatives
Prioritization of CDIC’s strategies / plans /
initiatives
Effective resource allocation
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Initial ERM Implementation Steps
Built an ERM foundation
Conducted a corporate-level risk assessment
Profiled corporate risk management culture
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Foundation
Created CRO position to develop CDIC’s ERM
approach / coordinate ERM implementation
Developed ERM implementation plan
Formed an executive management-level ERM
Committee to validate ERM approach and results
Formalized Board ERM policy
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Policy
Formalizes ERM role of the CDIC Board /
Management
Forms one of 19 principles under the CDIC Board
Governance Policy
Developed to reflect:
CDIC’s statutory requirements
CDIC Standards
Other ERM “best practices”
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Board ERM Responsibilities
Understand CDIC’s significant risks
Establish RM policies related thereto
Regularly review RM policies (evergreen)
Obtain reasonable assurance re:
CDIC’s ERM process
Adherence with RM policies
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Management ERM Responsibilities
Identify risks
Assess their significance
Develop RM policies for the Board
Regularly review RM policies (evergreen)
Manage risks within RM policies
Report to the Board re:
Significant risks / management of significant risks
ERM process
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Corporate-Level Risk Assessment
ERM Committee:
Updated catalogue of inherent corporate risks / risk
categories / definitions / risk examples / corporate
risk management practices
Assessed residual risk exposures (likelihood of
occurrence of each risk taking into consideration
risk management practices and its potential impact
should it occur)
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Risk Assessment (cont’d)
ERM Committee:
Assessed each risk risk exposure as “reasonable”,
“cautionary” or “concern” (including supporting
rationale)
Identified “owners” for each risk
Where applicable, identified initiatives to enhance
the management of each risk
Validated that risk management initiatives are in
line with Corporate Plan
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Corporate Risk Categories
Insurance Risk: CDIC’s risk of loss (or costs incurred in the
event of an intervention) associated with insuring deposits
Financial Risk: The risk associated with managing CDIC’s
assets and liabilities, both on- and off-balance sheet
Operational Risk: The risk of loss, to which CDIC is exposed
that is attributable to the possibility of disruptions in its
operations caused by human performance, the inadequacy or
failure of processes or technology, and external events
Reputational Risk: The risk of impairment of the credibility of,
and confidence in, CDIC
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Insurance Risk
Insurance Power Risk: The risk that CDIC does not have the
necessary powers to support the management of its insurance
risk in accordance with CDIC’s statutory objects
Underwriting Risk: The risk that CDIC accepts a new
member institution with an unacceptable level of insurance risk
Assessment Risk: The risk that CDIC does not systematically
or promptly identify, member institutions that pose a potentially
high level of insurance risk
Intervention Risk: The risk that CDIC does not respond
appropriately to members that pose an unacceptable level of
insurance risk
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Financial Risk
Liquidity Risk: The risk that funds will not be available to
CDIC to honour its cash obligations (both on- and off- balance
sheet) as they arise
Market Risk: The risk of loss attributable to adverse changes
in the values of financial instruments and other investments or
assets owned directly or indirectly by CDIC, whether on- or offbalance sheet, as a result of changes in market rates or prices
Credit Risk: The risk of loss attributable to counterparties
failing to honour their obligations, whether on- or off- balance
sheet, to CDIC
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Operational Risk
People Risk: The risk resulting from inadequacies in the
competencies, capacity or performance of CDIC personnel
Information Risk: The risk that timely, accurate and relevant
information is not available to facilitate informed decision
making and/or the exercise of effective oversight
Technology Risk: The risk that CDIC’s technology does not
appropriately support the achievement of its objectives,
strategies, plans and affairs (including the management of the
risks related thereto)
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Operational Risk (cont’d)
Process Risk: The risk resulting from the incorrect execution
of, a breakdown in, or a gap in, a process, policy, procedure or
control
Compliance Risk: The risk that CDIC fails to comply with
statutory requirements and relevant guidelines governing its
affairs as a Crown corporation, and its internal policies
Legal Risk: The risk that legal matters adversely impact
CDIC’s ability to achieve its objects, strategies and plans
Outsourcing Risk: The risk associated with CDIC engaging
third parties to perform services on its behalf
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Operational Risk (cont’d)
Business Continuity Risk: The risk that a disruption
impacting CDIC’s personnel, information, premises, technology
or operations will impede its ability to achieve its objects,
conduct its affairs, or implement its strategies and plans
Security Risk: The risk that CDIC fails to ensure the safety of
its people, the security of its assets, and the security and
confidentiality of its information
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Reputational Risk
External Communication Risk: The risk of not
communicating necessary information, or communicating in an
inappropriate manner, or that communication is misinterpreted
by the intended audience
External Relationships Risk: The risk that dealings with
external parties are not adequate to promote the interests of
CDIC, or are conducted in an appropriate manner
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Significance Criteria
Likelihood = probability of occurrence using a
five-point qualitative scale
Impact = potential impact (using a five-point
qualitative scale) of an occurrence on CDIC’s:
Achievement of its mandate
Financial position
Reputation
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC Corporate Risk Significance Map
Impact / Likelihood Vote Results
Severe
5
P
D
C
4
Impact
A
L
3
R
H
B I
O
M
Q
J
KN
G
E
2
F
Negligible 1
1
2
3
Remote
4
5
Certain
Likelihood
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Risk Management Culture
Management profiled CDIC’s corporate-level risk
management culture
4 areas X 5 questions per area = 20 questions
CDIC's Corporate Risk
Management Culture
Profile
Management's Understanding of its
Responsibilities, Accountabilities
and Authorities
Canada Deposit
Insurance Corporation
CDIC's Environment Supporting
the Management of
its Corporate Risks
Société d’assurance-dépôt
du Canada
Management's Capability /
Capacity to Manage its
Corporate Risks
Management's Risk
Monitoring and
Implementation of Changes
Canada
CDIC
1.
2.
3.
4.
5.
Management Understanding
We understand CDIC’s objects and strategies
CDIC has plans in place to achieve its objects and
strategies
We know the major risks and challenges related to
achieving CDIC’s objects and strategies
We understand our responsibilities, accountabilities
and authorities
Realistic targets and indicators are in place to assess
CDIC’s performance in achieving its objects and
strategies
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
6.
7.
8.
9.
10.
Supporting Environment
CDIC’s management style and behaviour supports the
open flow of information about the management of
CDIC’s affairs and any significant risk issues
Risk identification, assessment and management are
built into the management of CDIC’s affairs
CDIC’s Code of Conduct and Ethical Behaviour is
practised throughout the organization
CDIC’s communication supports the management of its
risks and the achievement of its objects and strategies
Performance assessments are aligned with the prudent,
appropriate and effective management of CDIC’s risks
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
11.
12.
13.
14.
15.
Capability / Capacity
CDIC has sufficient personnel with the right knowledge
and skills to achieve its objects and strategies
CDIC is appropriately structured to effectively and
efficiently achieve its objects and strategies
CDIC has sufficient financial, technological and other
resources to achieve its objects and strategies
Appropriate people make decisions about significant
risks impacting CDIC’s affairs in a timely manner
CDIC has sufficient, relevant and timely information
available to achieve its objects and strategies
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
16.
17.
18.
19.
20.
Implementing Change
CDIC’s environment is monitored regularly to see if we
need to adjust our Corporate Risk Framework, strategies
and plans
CDIC monitors its performance against its targets and
indicators
Resource and information needs are reassessed as
CDIC’s objects, strategies or plans change, or as risk
issues are identified
Risk management practices are periodically assessed as
to their continued appropriateness and effectiveness
Follow up procedures are in place to ensure that needed
changes or actions occur
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Risk Assessment Methodology
CDIC Management team individually interviewed to
identify:
 Inherent corporate risks
 Risk management practices
ERM Committee collectively:
 Confirmed corporate risk catalogue
 Assessed each risk
 Assessed corporate risk management culture
Results reported to CDIC Audit Committee
Process validated by Internal Audit
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Current ERM Implementation Steps
Developing ERM Board reporting package
For each “Insurance Risk”:
Further documenting risk management practices
Developing Board policies / risk tolerances
Further integrating ERM and strategic planning
Validating CDIC’s catalogue of corporate risks
against its environmental scanning results
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Future ERM Implementation Steps
Document risk management practices / develop Board
policies for remaining risks
Conduct risk (and risk management culture) assessments
for remaining risks and for each business function
Validate initial corporate risk (and risk management
culture) assessments
Initiate regular ERM Board reporting
Fully coordinate ERM and strategic management
 so that risk decisions are explicitly integrated into strategic
and day-to-day decision making
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Benefits to Date
Clarified Management’s collective understanding
of risks and the risk management practices
Evidenced that CDIC is aware of, and is managing
its significant corporate risks
Confirmed:
CDIC’s Corporate Plan is focused on the right
initiatives
Resources are allocated to areas of greatest concern
A strong corporate risk management culture
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
ERM Lessons Learned
Implementing ERM is like filming a long / complex
movie
Hire a director (CRO)
Have a clear story (ERM implementation plan)
Engage studio executives (Board Governance / ERM
Policy)
Engage actors (ERM Committee / Management)
Film one scene at a time (Corporate-level risk
assessment)
Keep camera focused (ERM implementation plan)
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
More ERM Lessons Learned
Risks are like an onion
They have many layers

Each risk has many sub-risks - which in turn have many
sub-risks
 Cutting through too quickly can cause tears


Don’t try to do everything at once - peel layer-by-layer
It is easier to peel the outer layers before you peel the
inner layers - CDIC started with a corporate-level risk
assessment and is now conducting risk assessments at a
more detailed level
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Closing Remarks
ERM is not a “one time” project but a
continuous process that needs to be:
Ingrained into your strategic and daily decisionmaking
Subject to effective corporate governance
Supported by an appropriate control environment
It is complex - so keep it simple
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Questions?
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada
CDIC
Protecting Your Deposits
CDIC’s Experience in
Implementing ERM
J.P. Sabourin
President and Chief Executive Officer
CDIC
April 2004
Canada Deposit
Insurance Corporation
Société d’assurance-dépôt
du Canada
Canada

similar documents