SlideShare une entreprise Scribd logo

Risk Governance, Culture and CPS 220

Télécharger en tant que PPTX, PDF
Risk Management Institution of Australasia
Risk Management Institution of Australasia

Susan Campbell , Argyll Pty. Ltd

Direction et management
1  sur  41
NATIONAL CONFERENCE & EXHIBITION 2014 Risk Governance, Culture and CPS 220 Susan Campbell Argyll Pty. Ltd Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
Susan Campbell FCPA F Fin  Director of ARGYLL, risk consulting  Presenter on risk to banks, corporates and government  Specialist in risk management  25 years in finance and business risk  Undertakes risk reviews and consultant to risk committees  Author The Guide to Financial Risk Management and Treasury for Dummies (www.argyll.net.au)  N/E Director, Heritage Bank Argyll 2
Before we proceed …  The information provided in this presentation is of a general nature, and it is not intended to address the circumstances of any particular individual or entity. No one should act on this information without appropriate professional advice after a thorough examination of their particular situation Argyll 3
Overview purpose  To provide you with a short understanding of the new APRA standard and links to good governance and culture  We will discuss:  APRA Prudential Standard CPS 220  Role of the Board  Policies and procedures  Risk management function  Notification requirements  Ongoing developments Argyll 4
Regulatory push  Why the need for CPS 220?  International  Domestic – 1 January 2015 Argyll 5
Statement from G20 Summit, 2008  Risk Management  ‘Regulators should develop enhanced guidance to strengthen banks’ risk management practices, in line with international best practices, and … encourage financial firms to re-examine their internal controls and implement strengthened policies for sound risk mgt.  Regulators should develop and implement procedures to ensure that financial firms implement policies to better manage liquidity risk, including creating strong liquidity cushions.  Supervisors should ensure that financial firms develop processes that provide for timely and comprehensive measurement of risk concentrations and large [CP] risk positions across products and geographies. Argyll 6
Bad versus good RM/IC practices There has been an overwhelming load of bad practice:  RM/IC as objective in itself v. RM/IC to achieve objectives  Auditor/staff driven v. Board/management driven  Rules-based v. Principles based  Off-the-shelf systems v. Tailor-made  Focus on threats only v. Focus on opportunities too  Mainly hard controls v. Social and human  Artificially implemented v. Organically implemented  Stand-alone / ‘bolted-on’ v. Integrated / ‘built-in’ Source: IMA/IFAC, IMA’s 93rd Annual Conference Argyll 7
Global crisis The global crisis, according to IMA and IFAC research, was caused by:  Ethical flaws  Governance, RM/IC in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk and control systems too narrowly focused only financial reporting controls Source: IMA/IFAC, IMA’s 93rd Annual Conference Argyll 8
Global crisis (cont.) Conclusions from the crisis:  Organisations should take a broader approach to risk management and internal control  Appropriate application of risk management and IC standards and principles is often the problem Source: IMA/IFAC, IMA’s 93rd Annual Conference 2012 Argyll 9
CPS 220 overview  Covers bank and insurance companies  Development of risk culture  ICAAP and the standard  Risk framework  Risk appetite – CPS 510 Governance  Note: Draft CPG 220 Risk Management Argyll 10
CPS 220 overview (cont.)  Role of the Board  Group risk management  Risk management framework (RMF)  MIS and uncertainties  Material risks  Risk appetite  Risk tolerances  Risk management strategy  Business plan  Policies and procedures  RM function  Review of RMF  Risk management declaration Argyll 11
Culture  Say one thing – do another! > Vision and values > Words and actions > Ethical values o CPS 220 requires to support a risk culture o Lots of good guidelines for a corporate Argyll 12
CPS 220 extract  Objectives and key requirements of PS  This Prudential Standard requires an APRA-regulated institution to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability ... to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s risk management framework.  The Board … is ultimately responsible for having an RMF that is appropriate to the size, business mix and complexity of the institution or group. The RMF must also be consistent with the institution’s strategic objectives and business plan. Argyll 13
CPS 220 extract (cont.)  An APRA-regulated institution must:  have an RMF that is appropriate to its size, business mix and complexity;  maintain a Board-approved risk appetite;  maintain a Board-approved risk management strategy that describes the key elements of the RMF to give effect to its approach to managing risk;  have a Board-approved business plan that sets out its approach for the implementation of its strategic objectives;  maintain adequate resources to ensure compliance with this Prudential Standard; and notify APRA breach or deviation Argyll 14
Risk management  Coordinated activities to direct and control an organisation with regard to risk  Risk = effect of uncertainty on objectives (ISO 31000)  Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood Argyll 15
Fundamental questions  What can happen and why?  What are the consequences?  How likely are these to occur?  Is the level of risk tolerable or acceptable, and does it require further treatment?  Guidance for the selection and application of techniques for risk assessment Argyll 16
Authority  Authority should reside with senior executives at highest level, not staff functionaries  Each person within the organisation (management & other employees alike) should be held accountable for proper understanding and execution of risk management and internal control within his or her span of authority  Staff in support functions (e.g. risk officers) or external experts can facilitate/support but should not assume line responsibility for managing specific risks or for the effectiveness of controls Argyll 17
Governance  Both risk and internal controls are integral parts of an effective governance system  Strong firms show strong control frameworks  Boards must take full ownership of the system  Risk management function should enable broad risk and control awareness, rather than enforcer of compliance  Designate and communicate risk and control owners Argyll 18
Ultimate responsibility CPS 220 Argyll 19
Board - CPS 220  The Board of the institution must ensure that:  It defines the institution’s risk appetite and establishes a risk management (RM) strategy  A sound RM culture is established and maintained  Senior management monitor & manage material risks  Operational structure facilitates effective RM  Policies and procedures are developed for risk taking that are consistent with RM strategy and appetite  Sufficient resources are dedicated to RM  Uncertainties attached to RM are recognised  Appropriate controls are established and consistent with institution’s appetite, profile, capital strength, etc and understood by and regularly communicated to staff Argyll 20
Risk management framework  Provides the Board with a comprehensive institution-wide view of its ‘material risks’  Covers the totality of systems, structures, policies, processes and people within institution  Material risks are risks that could have material impact, financial and non-financial, on institution or interests of depositors and/or policyholders  Is consistent with business plan (see later)  Risk must be soundly managed with regard to its size, context etc. Argyll 21
What an RMF must include  An institution’s RMF must include at minimum:  an established risk appetite  a risk management strategy (discussed later)  a business plan  policies and procedures supporting clearly defined and documented roles, responsibilities and formal reporting structures for the management of material risks throughout the institution  a designated risk management function that meets the requirements of para 38  an Internal Capital Adequacy Assessment Process (ICAAP) Argyll 22
What an RMF must include (cont.)  a management information system (MIS) that is adequate, both under normal circumstances and in periods of stress, for measuring, assessing and reporting on all material risks across the institution, and  a review process to ensure that the risk management framework is effective in identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks. Argyll 23
RMF  An RMF must also include forward-looking scenario analysis and stress testing programs based on severe but plausible assumptions  An MIS must provide the Board, RC and senior management with regular, accurate, and timely information concerning the institution's risk profile  Data quality must be such that it … ‘provides a sound basis for making decisions’ Argyll 24
Material risks (CPS 220)  An institution’s RMF must address:  credit risk  market and investment risk  liquidity risk  insurance risk  operational risk  risks arising from its strategic objectives and business plans  other risks that, singly or in combination, may have a material impact on the institution Argyll 25
Risk appetite  Board must establish the risk appetite  An institution must maintain an appropriate, clear risk appetite statement  Risk appetite statement must convey:  degree of risk the institution is prepared to accept  maximum level of risk, for each material risk  process for ensuring that risk tolerances are set at an appropriate level  process for monitoring compliance with risk tolerance  The timing and process for review of risk appetite and tolerances Argyll 26
Risk management strategy  An institution must maintain a risk management strategy (RMS) that is approved by the Board and that addresses each ‘material risk’  The RMS must:  describe each material risk and how to manage it  list the policies and procedures dealing with RM  summarise role and responsibilities of RM function  describe the risk governances relationship between Board, Board committees and senior management  outline the approach for ensuring awareness of the RM framework and instilling appropriate risk culture Argyll 27
Business plan  An institution must maintain a written plan that sets outs if strategic objectives  Business plan = written plan for the operational implementation of its strategic objectives  Rolling plan of at least three years’ duration, reviewed at least annually. Approved by Board  Institution must consider the material risks associated with the business plan – and explicitly manage these risks, including how changing these plans affects its risk profile Argyll 28
Policies and procedures  in the RMS to include the processes for:  identifying and assessing material risks and controls  validating and approval of any models to measure risk  and testing mitigation strategies and controls  monitoring and reporting risk issues, escalation  identifying, monitoring and managing potential and actual conflicts of interest;  the mechanisms in place for monitoring and ensuring ongoing compliance with all prudential requirements;  ensuring consistency across RMF  establishing and maintaining appropriate contingency arrangements (including robust and credible recovery plans where warranted) for the operation of the RMF in stressed conditions; Argyll 29
Risk management function  An institution must have a designated risk management (RM) function that at minimum.:  is responsible for helping the Board and senior management develop and maintain the RMF  is appropriate to the size, business mix and complexity of the institution  is operationally independent  has the necessary authority and reporting lines to act effectively and independently  has the right staff and skills, qualification  has access to e.g. IT systems  is required to notify the Board of any significant breach of the RMF Argyll 30
Risk management function (cont.)  The risk management function must be headed by a designated Chief Risk Officer (CRO)  Critical lines of authority – to challenge decisions  Independence from business lines  CRO must have direct reporting line to CEO and unfettered access to Board and Risk Committee  Institution may engage an external service provider to perform part of the risk management function Argyll 31
Compliance function CPS 220  An institution must have a dedicated compliance function  The compliance function must be adequately staffed by appropriately trained and competent persons  Have a reporting line independent from business lines Argyll 32
Review of the RMF  An institution must ensure that compliance with, and effectiveness of, the RMF is reviewed by internal and external audit at least annually  Results reported to Board Audit Committee or SAORS  Also, comprehensively reviewed by appropriately trained and competent persons at least every three years and report to BRC  If a material change to size, business mix and complexity is identified, institution must assess whether amendment or review of RMF required Argyll 33
Review of RMF must, at a minimum, assess whether: (a) the framework is implemented and effective; (b) it remains appropriate for the institution, taking into account its current business plan; (c) it remains consistent with the Board’s risk appetite; (d) it is supported by adequate resources; and (e) the RMS accurately documents the key elements of the risk management framework that give effect to its strategy for managing risk. Argyll 34
Notification requirements – CPS220  An institution must submit to APRA copies of its:  risk appetite statement  business plan  RMS  group liquidity management policy no more than 10 business days after Board approval  It must notify APRA within 10 business days of becoming aware of:  breach or material deviation from RMF  risk framework did not adequately address a material risk  material change to size, business mix and complexity  change in law outside Australia affected business Argyll 35
Risk management declaration  Board must state that to best of its knowledge and having made appropriate enquiries:  Institution has systems for ensuring its compliance  RM systems in place are appropriate for size, business mix and complexity of institution  RM and internal control systems are operating effectively and are adequate  Institution has a CPS 220-compliant RMS and it complies with each measure and control in the RMS  Institution is satisfied with efficacy of its processes and systems surrounding the production of financial information Argyll 36
Ongoing development  How does your firm view risk?  Consider  Your Board’s role in risk governance  Effective reporting against polices  Risk appetite embedded  Promoting and reinforcing culture  Values embraced  Questions that the Board can ask Argyll 37
Questions? Argyll 38
Short Courses  Fundamentals of Risk Controls 8 October Perth  Fundamentals of Risk Controls 30 October Melbourne Argyll 39
Thank you for your attention For further help contact enquiry@argyll.net.au or 0412 152 965 Susan Campbell ARGYLL TRAINING IN RISK, CONTROLS AND CULTURE ISO 31000 AND APRA STANDARDS ON RISK INDEPENDENT RISK COMMITTEE MEMBER
NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners

Recommandé

Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 
FORUM 2013 How to embed risk management as a strategic activity
FORUM 2013 How to embed risk management as a strategic activityFORUM 2013 How to embed risk management as a strategic activity
FORUM 2013 How to embed risk management as a strategic activityFERMA
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a companyOECDglobal
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Portfolio Risk Challenges
Portfolio Risk ChallengesPortfolio Risk Challenges
Portfolio Risk Challengesdgeoghegan
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 

Recommandé

Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 
FORUM 2013 How to embed risk management as a strategic activity
FORUM 2013 How to embed risk management as a strategic activityFORUM 2013 How to embed risk management as a strategic activity
FORUM 2013 How to embed risk management as a strategic activityFERMA
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a companyOECDglobal
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Portfolio Risk Challenges
Portfolio Risk ChallengesPortfolio Risk Challenges
Portfolio Risk Challengesdgeoghegan
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk Management – The Building Blocks
Risk Management – The Building BlocksRisk Management – The Building Blocks
Risk Management – The Building BlocksContinuity and Resilience
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013Susan Young
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
PwC GN10 risk committees 2016
PwC GN10 risk committees 2016PwC GN10 risk committees 2016
PwC GN10 risk committees 2016Saskia Bosch van Rosenthal
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
 
Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions Mazhar Ali
 
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions Alhuda Centre of Islamic Banking & Economics
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...Risk Management Institution of Australasia
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 
ISO 31000
ISO 31000ISO 31000
ISO 31000yeganehmajidi
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
ERM ppt.pptx
ERM ppt.pptxERM ppt.pptx
ERM ppt.pptxCindyMaeHermoso
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for BankersDavid Vu
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 

Contenu connexe

Tendances

Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013Susan Young
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
 
Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions Mazhar Ali
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...Risk Management Institution of Australasia
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 

Tendances (16)

Risk Management – The Building Blocks
Risk Management – The Building BlocksRisk Management – The Building Blocks
Risk Management – The Building Blocks
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
PwC GN10 risk committees 2016
PwC GN10 risk committees 2016PwC GN10 risk committees 2016
PwC GN10 risk committees 2016
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
 
Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions Risk Management Guidelines for Islamic Banking Institutions
Risk Management Guidelines for Islamic Banking Institutions
 
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions
Alhuda CIBE - Risk Management Guidelines for Islamic Banking Institutions
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk Management
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
 

Similaire à Risk Governance, Culture and CPS 220

Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for BankersDavid Vu
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk Management Process in Islamic Banks
Risk Management Process in Islamic BanksRisk Management Process in Islamic Banks
Risk Management Process in Islamic BanksMahyuddin Khalid
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk managerShimon Yelinek
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfRobert Serena, FSA, CFA, CPCU
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentalsmikaelastafrace
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementpeterObakozuwa
 
Introduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptxIntroduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptxmanjujayakumar2
 

Similaire à Risk Governance, Culture and CPS 220 (20)

Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
 
ERM ppt.pptx
ERM ppt.pptxERM ppt.pptx
ERM ppt.pptx
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)
 
Risk Management Process in Islamic Banks
Risk Management Process in Islamic BanksRisk Management Process in Islamic Banks
Risk Management Process in Islamic Banks
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
Maximising value to stakeholders through risk management
Maximising value to stakeholders through risk managementMaximising value to stakeholders through risk management
Maximising value to stakeholders through risk management
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk manager
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentals
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk management
 
Introduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptxIntroduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptx
 

Plus de Risk Management Institution of Australasia

Plus de Risk Management Institution of Australasia (20)

Adversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening ResilienceAdversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening Resilience
 
A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?
 
Probity is a pool with no shallow end
Probity is a pool with no shallow endProbity is a pool with no shallow end
Probity is a pool with no shallow end
 
Business resilience and recovery – exercising the framework
Business resilience and recovery – exercising the frameworkBusiness resilience and recovery – exercising the framework
Business resilience and recovery – exercising the framework
 
Risk financing in a project based environment
Risk financing in a project based environmentRisk financing in a project based environment
Risk financing in a project based environment
 
Don’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news storyDon’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news story
 
Managing Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform AgendaManaging Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform Agenda
 
Embedding Risk in Everything we do
Embedding Risk in Everything we doEmbedding Risk in Everything we do
Embedding Risk in Everything we do
 
Challenges for Risk Management
Challenges for Risk Management Challenges for Risk Management
Challenges for Risk Management
 
Vulnerable Customers
Vulnerable CustomersVulnerable Customers
Vulnerable Customers
 
Designing and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance FrameworkDesigning and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance Framework
 
Geoff hoad
Geoff hoadGeoff hoad
Geoff hoad
 
Ethics in decision making and risk taking
Ethics in decision making and risk takingEthics in decision making and risk taking
Ethics in decision making and risk taking
 
Transforming under performing workers compensation schemes
Transforming under performing workers compensation schemesTransforming under performing workers compensation schemes
Transforming under performing workers compensation schemes
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Optimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital ProjectsOptimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital Projects
 
Traversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learntTraversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learnt
 
Emerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation ManagerEmerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation Manager
 
Aerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David PearceAerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David Pearce
 

Dernier

Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Hedda Bird
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Pooja Nehwal
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentNimot Muili
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxAss.Prof. Dr. Mogeeb Mosleh
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxalinstan901
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdfAlejandromexEspino
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607dollysharma2066
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field ArtilleryKennethSwanberg
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysistanmayarora45
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 

Dernier (15)

Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 

Risk Governance, Culture and CPS 220

  • 1. NATIONAL CONFERENCE & EXHIBITION 2014 Risk Governance, Culture and CPS 220 Susan Campbell Argyll Pty. Ltd Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
  • 2. Susan Campbell FCPA F Fin  Director of ARGYLL, risk consulting  Presenter on risk to banks, corporates and government  Specialist in risk management  25 years in finance and business risk  Undertakes risk reviews and consultant to risk committees  Author The Guide to Financial Risk Management and Treasury for Dummies (www.argyll.net.au)  N/E Director, Heritage Bank Argyll 2
  • 3. Before we proceed …  The information provided in this presentation is of a general nature, and it is not intended to address the circumstances of any particular individual or entity. No one should act on this information without appropriate professional advice after a thorough examination of their particular situation Argyll 3
  • 4. Overview purpose  To provide you with a short understanding of the new APRA standard and links to good governance and culture  We will discuss:  APRA Prudential Standard CPS 220  Role of the Board  Policies and procedures  Risk management function  Notification requirements  Ongoing developments Argyll 4
  • 5. Regulatory push  Why the need for CPS 220?  International  Domestic – 1 January 2015 Argyll 5
  • 6. Statement from G20 Summit, 2008  Risk Management  ‘Regulators should develop enhanced guidance to strengthen banks’ risk management practices, in line with international best practices, and … encourage financial firms to re-examine their internal controls and implement strengthened policies for sound risk mgt.  Regulators should develop and implement procedures to ensure that financial firms implement policies to better manage liquidity risk, including creating strong liquidity cushions.  Supervisors should ensure that financial firms develop processes that provide for timely and comprehensive measurement of risk concentrations and large [CP] risk positions across products and geographies. Argyll 6
  • 7. Bad versus good RM/IC practices There has been an overwhelming load of bad practice:  RM/IC as objective in itself v. RM/IC to achieve objectives  Auditor/staff driven v. Board/management driven  Rules-based v. Principles based  Off-the-shelf systems v. Tailor-made  Focus on threats only v. Focus on opportunities too  Mainly hard controls v. Social and human  Artificially implemented v. Organically implemented  Stand-alone / ‘bolted-on’ v. Integrated / ‘built-in’ Source: IMA/IFAC, IMA’s 93rd Annual Conference Argyll 7
  • 8. Global crisis The global crisis, according to IMA and IFAC research, was caused by:  Ethical flaws  Governance, RM/IC in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk and control systems too narrowly focused only financial reporting controls Source: IMA/IFAC, IMA’s 93rd Annual Conference Argyll 8
  • 9. Global crisis (cont.) Conclusions from the crisis:  Organisations should take a broader approach to risk management and internal control  Appropriate application of risk management and IC standards and principles is often the problem Source: IMA/IFAC, IMA’s 93rd Annual Conference 2012 Argyll 9
  • 10. CPS 220 overview  Covers bank and insurance companies  Development of risk culture  ICAAP and the standard  Risk framework  Risk appetite – CPS 510 Governance  Note: Draft CPG 220 Risk Management Argyll 10
  • 11. CPS 220 overview (cont.)  Role of the Board  Group risk management  Risk management framework (RMF)  MIS and uncertainties  Material risks  Risk appetite  Risk tolerances  Risk management strategy  Business plan  Policies and procedures  RM function  Review of RMF  Risk management declaration Argyll 11
  • 12. Culture  Say one thing – do another! > Vision and values > Words and actions > Ethical values o CPS 220 requires to support a risk culture o Lots of good guidelines for a corporate Argyll 12
  • 13. CPS 220 extract  Objectives and key requirements of PS  This Prudential Standard requires an APRA-regulated institution to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability ... to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s risk management framework.  The Board … is ultimately responsible for having an RMF that is appropriate to the size, business mix and complexity of the institution or group. The RMF must also be consistent with the institution’s strategic objectives and business plan. Argyll 13
  • 14. CPS 220 extract (cont.)  An APRA-regulated institution must:  have an RMF that is appropriate to its size, business mix and complexity;  maintain a Board-approved risk appetite;  maintain a Board-approved risk management strategy that describes the key elements of the RMF to give effect to its approach to managing risk;  have a Board-approved business plan that sets out its approach for the implementation of its strategic objectives;  maintain adequate resources to ensure compliance with this Prudential Standard; and notify APRA breach or deviation Argyll 14
  • 15. Risk management  Coordinated activities to direct and control an organisation with regard to risk  Risk = effect of uncertainty on objectives (ISO 31000)  Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood Argyll 15
  • 16. Fundamental questions  What can happen and why?  What are the consequences?  How likely are these to occur?  Is the level of risk tolerable or acceptable, and does it require further treatment?  Guidance for the selection and application of techniques for risk assessment Argyll 16
  • 17. Authority  Authority should reside with senior executives at highest level, not staff functionaries  Each person within the organisation (management & other employees alike) should be held accountable for proper understanding and execution of risk management and internal control within his or her span of authority  Staff in support functions (e.g. risk officers) or external experts can facilitate/support but should not assume line responsibility for managing specific risks or for the effectiveness of controls Argyll 17
  • 18. Governance  Both risk and internal controls are integral parts of an effective governance system  Strong firms show strong control frameworks  Boards must take full ownership of the system  Risk management function should enable broad risk and control awareness, rather than enforcer of compliance  Designate and communicate risk and control owners Argyll 18
  • 20. Board - CPS 220  The Board of the institution must ensure that:  It defines the institution’s risk appetite and establishes a risk management (RM) strategy  A sound RM culture is established and maintained  Senior management monitor & manage material risks  Operational structure facilitates effective RM  Policies and procedures are developed for risk taking that are consistent with RM strategy and appetite  Sufficient resources are dedicated to RM  Uncertainties attached to RM are recognised  Appropriate controls are established and consistent with institution’s appetite, profile, capital strength, etc and understood by and regularly communicated to staff Argyll 20
  • 21. Risk management framework  Provides the Board with a comprehensive institution-wide view of its ‘material risks’  Covers the totality of systems, structures, policies, processes and people within institution  Material risks are risks that could have material impact, financial and non-financial, on institution or interests of depositors and/or policyholders  Is consistent with business plan (see later)  Risk must be soundly managed with regard to its size, context etc. Argyll 21
  • 22. What an RMF must include  An institution’s RMF must include at minimum:  an established risk appetite  a risk management strategy (discussed later)  a business plan  policies and procedures supporting clearly defined and documented roles, responsibilities and formal reporting structures for the management of material risks throughout the institution  a designated risk management function that meets the requirements of para 38  an Internal Capital Adequacy Assessment Process (ICAAP) Argyll 22
  • 23. What an RMF must include (cont.)  a management information system (MIS) that is adequate, both under normal circumstances and in periods of stress, for measuring, assessing and reporting on all material risks across the institution, and  a review process to ensure that the risk management framework is effective in identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks. Argyll 23
  • 24. RMF  An RMF must also include forward-looking scenario analysis and stress testing programs based on severe but plausible assumptions  An MIS must provide the Board, RC and senior management with regular, accurate, and timely information concerning the institution's risk profile  Data quality must be such that it … ‘provides a sound basis for making decisions’ Argyll 24
  • 25. Material risks (CPS 220)  An institution’s RMF must address:  credit risk  market and investment risk  liquidity risk  insurance risk  operational risk  risks arising from its strategic objectives and business plans  other risks that, singly or in combination, may have a material impact on the institution Argyll 25
  • 26. Risk appetite  Board must establish the risk appetite  An institution must maintain an appropriate, clear risk appetite statement  Risk appetite statement must convey:  degree of risk the institution is prepared to accept  maximum level of risk, for each material risk  process for ensuring that risk tolerances are set at an appropriate level  process for monitoring compliance with risk tolerance  The timing and process for review of risk appetite and tolerances Argyll 26
  • 27. Risk management strategy  An institution must maintain a risk management strategy (RMS) that is approved by the Board and that addresses each ‘material risk’  The RMS must:  describe each material risk and how to manage it  list the policies and procedures dealing with RM  summarise role and responsibilities of RM function  describe the risk governances relationship between Board, Board committees and senior management  outline the approach for ensuring awareness of the RM framework and instilling appropriate risk culture Argyll 27
  • 28. Business plan  An institution must maintain a written plan that sets outs if strategic objectives  Business plan = written plan for the operational implementation of its strategic objectives  Rolling plan of at least three years’ duration, reviewed at least annually. Approved by Board  Institution must consider the material risks associated with the business plan – and explicitly manage these risks, including how changing these plans affects its risk profile Argyll 28
  • 29. Policies and procedures  in the RMS to include the processes for:  identifying and assessing material risks and controls  validating and approval of any models to measure risk  and testing mitigation strategies and controls  monitoring and reporting risk issues, escalation  identifying, monitoring and managing potential and actual conflicts of interest;  the mechanisms in place for monitoring and ensuring ongoing compliance with all prudential requirements;  ensuring consistency across RMF  establishing and maintaining appropriate contingency arrangements (including robust and credible recovery plans where warranted) for the operation of the RMF in stressed conditions; Argyll 29
  • 30. Risk management function  An institution must have a designated risk management (RM) function that at minimum.:  is responsible for helping the Board and senior management develop and maintain the RMF  is appropriate to the size, business mix and complexity of the institution  is operationally independent  has the necessary authority and reporting lines to act effectively and independently  has the right staff and skills, qualification  has access to e.g. IT systems  is required to notify the Board of any significant breach of the RMF Argyll 30
  • 31. Risk management function (cont.)  The risk management function must be headed by a designated Chief Risk Officer (CRO)  Critical lines of authority – to challenge decisions  Independence from business lines  CRO must have direct reporting line to CEO and unfettered access to Board and Risk Committee  Institution may engage an external service provider to perform part of the risk management function Argyll 31
  • 32. Compliance function CPS 220  An institution must have a dedicated compliance function  The compliance function must be adequately staffed by appropriately trained and competent persons  Have a reporting line independent from business lines Argyll 32
  • 33. Review of the RMF  An institution must ensure that compliance with, and effectiveness of, the RMF is reviewed by internal and external audit at least annually  Results reported to Board Audit Committee or SAORS  Also, comprehensively reviewed by appropriately trained and competent persons at least every three years and report to BRC  If a material change to size, business mix and complexity is identified, institution must assess whether amendment or review of RMF required Argyll 33
  • 34. Review of RMF must, at a minimum, assess whether: (a) the framework is implemented and effective; (b) it remains appropriate for the institution, taking into account its current business plan; (c) it remains consistent with the Board’s risk appetite; (d) it is supported by adequate resources; and (e) the RMS accurately documents the key elements of the risk management framework that give effect to its strategy for managing risk. Argyll 34
  • 35. Notification requirements – CPS220  An institution must submit to APRA copies of its:  risk appetite statement  business plan  RMS  group liquidity management policy no more than 10 business days after Board approval  It must notify APRA within 10 business days of becoming aware of:  breach or material deviation from RMF  risk framework did not adequately address a material risk  material change to size, business mix and complexity  change in law outside Australia affected business Argyll 35
  • 36. Risk management declaration  Board must state that to best of its knowledge and having made appropriate enquiries:  Institution has systems for ensuring its compliance  RM systems in place are appropriate for size, business mix and complexity of institution  RM and internal control systems are operating effectively and are adequate  Institution has a CPS 220-compliant RMS and it complies with each measure and control in the RMS  Institution is satisfied with efficacy of its processes and systems surrounding the production of financial information Argyll 36
  • 37. Ongoing development  How does your firm view risk?  Consider  Your Board’s role in risk governance  Effective reporting against polices  Risk appetite embedded  Promoting and reinforcing culture  Values embraced  Questions that the Board can ask Argyll 37
  • 39. Short Courses  Fundamentals of Risk Controls 8 October Perth  Fundamentals of Risk Controls 30 October Melbourne Argyll 39
  • 40. Thank you for your attention For further help contact enquiry@argyll.net.au or 0412 152 965 Susan Campbell ARGYLL TRAINING IN RISK, CONTROLS AND CULTURE ISO 31000 AND APRA STANDARDS ON RISK INDEPENDENT RISK COMMITTEE MEMBER
  • 41. NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners