LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT

Similar documents
LeiningerCPA, Ltd. INTERNAL AUDIT AND CONTROL POLICY STATEMENT. Summary of Overall Responsibilities and Objectives

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Sample Corporate Risk Management Policy

Strengthening Your Enterprise Risk Management Process

B U S I N E S S R I S K M A N A G E M E N T L T D

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

AUDIT COMMITTEE HANDBOOK

Creating a Risk Intelligent Enterprise: Risk governance

TORONTO COMMUNITY HOUSING CORPORATION CHARTER OF THE BOARD OF DIRECTORS

Director Training and Qualifications

International Standards for the Professional Practice of Internal Auditing (Standards)

Sample Strategy and Value Oversight Policy

THE ARCG CHARTER. Issued in March 2008

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Internal Audit Charter

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

e. inadequacy or ineffectiveness of the internal audit program and other monitoring activities;

International Standards for the Professional Practice of Internal Auditing (Standards)

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

IAASB Main Agenda (December 2016) Agenda Item

OPERATIONAL RISK EXAMINATION TECHNIQUES

Self Assessment Workbook

CORPORATE GOVERNANCE KING CODE

AmMetLife Insurance Berhad BOARD CHARTER

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

PETRON CORPORATION CHARTER OF THE BOARD OF DIRECTORS

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

IT Risk Management: IT Audit

INTERNAL AUDIT CHARTER

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

RREGULATION ON INTERNAL CONTROLS AND INTERNAL AUDIT FUNCTION IN MICROFINANCE INSTITUTIONS. Article 1 Scope and Purpose

Basel Committee on Banking Supervision. Stress testing principles

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

Corporate Governance Policy

GOVERNANCE GUIDELINES FOR THE BOARD OF DIRECTORS

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

AUDITING. Auditing PAGE 1

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

1. Definition & Mission

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

SENIOR MANAGEMENT ASSESSMENT CRITERIA1

EY Center for Board Matters. Leading practices for audit committees

FEDERAL HOME LOAN BANK OF INDIANAPOLIS CHARTER FOR THE AUDIT COMMITTEE

Active Essex Risk Management Strategy

CHARTER OF THE BOARD OF DIRECTORS

Terms of Reference for the Board of Directors

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

REMUNERATION DISCLOSURES Performance Year ended 31 st December Bank of America, N.A. Frankfurt Branch

Part of the IoD International Network

Risk Management Policy Arvind Infrastructure Limited

These are the primary functions of the Board, and should be the main focus of the Board s attention and activities.

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT RISK COMMITTEE. April 24, 2018

LI & FUNG LIMITED ANNUAL REPORT 2016

ECS ICT Berhad (Company No H) Board Charter

Model Risk Management

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

The Authority s responses to the key comments received and any other substantive changes are outlined below.

CODE OF CORPORATE GOVERNANCE 6 AUGUST 2018

Application of King III Corporate Governance Principles

Risk Committee Charter ISSUE DATE: 15 NOVEMBER 2018 RISK COMMITTEE CHARTER. ISSUE DATE 15 NOVEMBER 2018 PAGE 1 OF 7

REPORT 2015/077 INTERNAL AUDIT DIVISION

MANAGING RISK AT SUNCORP

REMUNERATION DISCLOSURES Performance Year ended 31 st December Bank of America, N.A. Frankfurt Branch

LCH Limited Board Reserved Matters, Executive Delegation, Local Management Committee Composition

Guidelines of Corporate Governance

Risk Management Policy

WG WEARNE LIMITED (Registration number: 1994/005983/07) ( the Company / Wearne )

GARMIN LTD. Audit Committee Charter. (Amended and Restated as of July 25, 2014)

AUDIT COMMITTEE CHARTER APRIL 30, 2018

ADT Inc. Board Governance Principles. January 4, 2018

BOARD CHARTER OF THE AUDIT AND RISK OVERSIGHT COMMITTEE

Changes To the Public Sector Internal Audit Standards April 2017

716 West Ave Austin, TX USA

KERJAYA PROSPEK GROUP BERHAD ( U) (formerly known as Fututech Berhad)

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Washington Metropolitan Area Transit Authority Board Action/Information Summary

2012 IIA Standards Update

Strong Risk Culture leads to Effective ICAAP

ABU DHABI COMMERCIAL BANK BOARD PERFORMANCE EVALUATION POLICY

ECIIA Comments on the EBA consultation: Guidelines on Internal Governance (EBA/CP/2016/16)

KING III CHECKLIST. We do it better

AEC Corporate Governance Framework

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

SHOPRITE HOLDINGS LTD. King III Reporting in terms of the JSE Listings Requirements

Board of Directors Mandate

Policies, Procedures and Guidelines

METROPOLITAN TRANSPORTATION AUTHORITY

BERMUDA MONETARY AUTHORITY

Transcription:

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT This policy provides an overview of the bank s risk management process and defines the broad responsibilities for overseeing corporate governance and risk management activities. Enterprise Risk Management Principles The Board of Directors recognize that managing risk is not an end in itself, and embrace a broader concept of guiding bank activities known as enterprise risk management, which recognizes the bank s responsibility to maximize opportunity as well as minimize risk. Risk is defined as the potential that events, expected or unanticipated, have an adverse impact on the bank s capital and earnings. Similarly, Opportunity is defined as the potential that those events will have a positive impact; or stated more broadly, positively affect the achievement of bank objectives, supporting value creation or preservation. The existence of risk is not necessarily a problem; even the existence of high risk is not necessarily a concern, so long as management effectively manages that level of risk. To put risks in perspective, management and the Board should decide whether the risks are warranted. Generally, a risk is warranted when it is identified, understood, measured, monitored, and controlled as part of a deliberate risk reward strategy. It should be in the bank s capacity to readily withstand the financial distress that such risk could cause; the primary regulatory objective is to ensure that the bank does not assume more risk than it can effectively manage. Enterprise risk management takes an approach that aligns risk appetite and strategy, while seizing opportunity and enhancing stakeholder value. This facilitates efficient allocation of the bank s personnel and resources according to the risk reward relationship. In this context, risk management systems should effectively act as performance management systems. Summary of Risk Management Responsibilities The directors and senior management are responsible for providing oversight of the bank s risk management activities, including (each step is further described in the following section): 1. Recognizing and understanding the overall risk profile and the levels and types of risk to bank earnings and capital, including on-going monitoring of changes to existing risks and risks that may arise from new activities (while ensuring that capital levels are maintained commensurate with the overall level of risk); Page 1 of 5

2. Overseeing corporate governance processes, including risk management/operating systems, internal control systems and internal/external audit programs, and ensuring they are maintained at levels of effectiveness commensurate with the bank s overall risk profile; 3. Ensuring the capability of risk management systems to pro-actively identify, measure, monitor and control risks to an acceptable level; 4. Assessing the adequacy of senior management and board oversight of the risk management process, and the related policies, procedures and limits. Description of Risk Management Responsibilities 1. Recognizing and Understanding the Overall Risk Profile Senior management and the Board may generally be kept apprised of the bank s activities and better understand the overall risk profile by: Actively participating in meetings, asking probing questions about risks and critically reviewing reports, and approving exceptions to policy statements and understanding the rationale for the exceptions and the resultant impact on the bank s risk profile. Reviewing internal/external audit and examination reports, covering all material areas of risk within the bank, and periodically meeting with the auditors and examiners. Holding management accountable for resolution of audit and examination findings and recommendations, and especially following-up on repeat criticisms. Providing a forum for employee or other forms of feedback regarding the effectiveness of the accounting and control environment. Providing comprehensive documentation of Board activities in the minutes, including individual votes or positions taken by Board members where appropriate. The bottom line is that the Board must be able to detect/take action when management materially fails their responsibilities, and risks are no longer minimized to an acceptable level. The Board should place reliance on management, but not blind faith. 2. Overseeing Corporate Governance Processes Senior management and the directors are responsible for ensuring the following objectives are met (each area is described below, and in separate policy and procedure statements). The overall responsibility for achievement of these objectives remains with senior management and the Board; the responsibility cannot be delegated to others within the bank or to outside parties. The bank s corporate governance process is supportive of a strong risk management culture (referred to as inherent risk ). Risk management and operating systems are pro-active and effective ( operating risk ). The system of internal control operates effectively ( control risk ). An effective internal audit and external audit program is in place ( audit/detection risk ). Page 2 of 5

Corporate governance objectives Senior management and the Board must ensure that the importance of internal control is understood and respected throughout the organization, often referred to as the tone at the top. They should also foster an environment of forthright communication and critical examination of issues. Risk management/operating system objectives In order to avoid uncontrolled or unacceptable exposure to risk, it is essential that any changes in the risk profile of the bank be pro-actively matched by commensurate changes in the bank s risk management, operating and control systems. To help accomplish this, management and the directors should oversee material new, expanded, or modified products or services through an effective risk management process, including: Performing adequate due diligence prior to introducing the product or service, including those obtained through third party providers, including identification of potential risks; Developing and implementing controls, operating processes and management information systems to ensure risks are properly measured, monitored, and controlled; and Developing and implementing appropriate performance monitoring and review systems, including key performance targets and indicators, and status reports to management/board. Internal control objectives Effective internal control is a foundation for safe and sound operations. The overall objective of the internal control process is to provide reasonable, but not absolute, assurance that the bank will achieve: Effective and efficient operations, including safeguarding of assets; Reliable financial reporting; and, Compliance with applicable laws and regulations. Management is responsible for ensuring the effectiveness of internal control. Management self-assessments and on-going monitoring are an important first layer in ensuring the effectiveness of controls, but they are not impartial. Therefore, an important element in assessing the effectiveness of the internal control system is an internal/external audit function. Internal and external audit objectives The board is responsible for ensuring that the bank has an internal audit function, as supplemented by an external audit program as needed or required, that is appropriate to the size and the nature and scope of its activities. The overall objective of the internal audit function is to independently and objectively evaluate and report on the effectiveness of the bank s risk management, internal control, and governance processes, and the quality of performance in carrying out assigned responsibilities. This objective includes promoting effective control at reasonable cost. The directors and senior management should be confident that the internal audit function addresses the risks and meets the demands posed by the bank s current and planned activities. When properly structured and conducted, internal audit provides vital information about weaknesses in the internal control system so that management can take prompt, remedial action. Page 3 of 5

3. Ensuring the Capability of Risk Management Systems The bank s risk management systems should be effective in pro-actively managing and minimizing risk to an acceptable level, including the ability to: Identify risk To properly identify risks, the bank must recognize and understand existing risks or risks that may arise from new business initiatives. Risk identification should be a continuing process, and risks should be understood at the transaction and portfolio levels. Measure risk Accurate and timely measurement of risk is essential to effective risk management systems. The measurement systems will vary depending on the type and complexity of the products and services. Management should periodically test the measurement tools to make sure they are accurate. Sound risk measurement systems assess the risks individually (transaction level) and in aggregate (portfolio level). Monitor risk The bank must monitor risk levels to ensure timely review of risk positions and exceptions. Monitoring reports should be timely, accurate, and informative and should be distributed to appropriate individuals to ensure action, when needed. Control risk The bank must establish and communicate risk limits through policies, standards, and procedures that define responsibility and authority. These limits should serve as a means to control exposures to the various risks associated with the bank s activities. The limits should be tools that management can adjust when conditions or risk tolerances change. The bank shall also have a process to authorize and document exceptions or changes to risk limits when warranted. 4. Assessing the Adequacy of Senior Management and Board Oversight Management is responsible for the implementation, integrity, and maintenance of risk management systems. Management must keep the Board adequately informed about risk-taking activities through relevant and reliable board reports and other communications. Management should: Implement the bank s strategies, as part of a deliberate risk reward strategy; Develop policies that define the bank s risk tolerance and ensure that they are compatible with strategic goals; Ensure that strategic direction and risk tolerances are effectively communicated and adhered to throughout the bank; and Oversee the development and maintenance of management information systems to ensure that information is timely, accurate, and pertinent. Senior management and the Board should consider the bank s policies, processes, personnel, and control systems, as further described below: Policies are statements, either written or verbal, of the bank s commitment to pursue certain results. Policies often set standards (e.g., on risk tolerances) and may recommend courses of action. Policies should express the bank s underlying mission, values and principles. A policy review should be triggered when the bank s activities or risk tolerances change. Processes are the procedures, programs, and practices that impose order on the bank s pursuit of its objectives. Processes define how daily activities are carried out. Effective processes are consistent with the Page 4 of 5

underlying policies and are governed by appropriate checks and balances. As a smaller bank, the regulators point out that our processes may be effective even when less formal in nature. Personnel are the staff and mangers that execute or oversee processes. They should be qualified and competent; perform as expected; and understand the bank s mission, values, policies, and processes. Control systems including the tools and information systems (and internal/external audit programs) that bank managers use to measure performance, make decisions about risk, and assess the effectives of processes. Feedback should be timely, accurate, and pertinent appropriate to the level and complexity of risk taking. Categories of Risk The bank s regulators have defined the following broad categories of risk: credit risk; market, interest rate and liquidity risk; transaction and operational risk; compliance and legal risk; strategic and reputation risks, including regulatory risk. For each area or activity, the bank should assess the quantity of risk, quality of risk management, aggregate risk, and the direction or trend of the risk profile. * * * * * Page 5 of 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback