The Next Frontier for Internal Controls Beyond SOX 404 Keynote Luncheon Presentation

Similar documents
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Westpac Banking Corporation 2017 Annual General Meeting

EY Center for Board Matters. Leading practices for audit committees

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Annual Governance Report. Union National Bank-Egypt. Compliance & Governance Department

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Senior Vice President and Chief Accounting Officer

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

SECTION 2 HUMAN RESOURCE STRATEGY 2.01 CORPORATE HR PLANNING

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

CORPORATE GOVERNANCE GUIDELINES

NEWFOUNDLAND AND LABRADOR BOARD OF COMMISSIONERS OF PUBLIC UTILITIES ACTIVITY PLAN

Our progress in Creating a more delicious world

The Accenture 2011 High Performance Finance Study. Redefining High Performance in the Insurance Finance Function

Guide to Internal Controls

About Accenture s values

POSITION DESCRIPTION MEMBER BOARD OF DIRECTORS

Payments solutions for the innovation era: A renewed commitment to our cooperative system

KPMG N.V. Code of Conduct. kpmg.nl

KEYNOTE ADDRESS ARAB REGULATORS CONFERENCE. By H.E Abdullatif Al Othman. Chairman, Saudi Arabian Industrial Investments Co (SAIIC)

Deutsche Bank. Code of Business Conduct and Ethics for Deutsche Bank Group

i am pleased to transmit to you a summary of the Public Company Accounting

CIBC Annual Accountability Report 2005 For what matters

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

Management Excluded Job Description

In October 1997, the Trade Commissioner Service (TCS) Performance measurement in the Canadian Trade Commissioner Service THE MANAGER S CORNER

KEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT. The 7-S for Success Framework

Doing the right thing the PwC way

Qatar, 24 May Basel II and Corporate Governance Issues

POSITION NUMBER: LOCATION: Vancouver. DATE: January 2013

The Updated COSO Internal Control Framework

Leadership Agility Profile: 360 Assessment. Prepared for J. SAMPLE DATE

38 Years of Excellent Client Service New COSO Model and How Internal Controls Help to Reduce Opportunity for Fraud

Benchmarking 101: Shaping your E&C Program for Maximum Value

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Strategic Plan

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

USING PR MEASUREMENT TO BEAT YOUR COMPETITORS: A HOW-TO GUIDE

Taxpayer Accountability Principles: Strengthening Public Sector Governance and Accountability June 2014

Moving Internal Audit Back into Balance

LCBO Executive Compensation Framework

STRATEGIC FRAMEWORK. National CASA Association

Supply Management Three-Year Strategic Plan

The ADT Corporation. Board Governance Principles. December 2013

Internal Audit Policy and Procedures Internal Audit Charter

WHY EMPLOYEE ENGAGEMENT MATTERS. Kathy Bowersox

Risk Advisory Services Developing your organisation s governance for competitive advantage

Asset Acceptance Capital Corp.

Director, Aboriginal Trust Services

ARBONNE UNIVERSITY. SuccessPlan Basics. BY Donna Johnson. Independent Consultant, Executive National Vice President

PRICING AND VALUATIONS

OPPORTUNITY PROFILE. Senior Advisor & Council Relations

See your auditor clearly. Transparency report: How we perform quality audit engagements

Developing a successful governance strategy. By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

ITServices Strategic Plan

Enterprise Risk Management 2016

Transforming Learning into a Strategic Business Enabler:

United States Postal Service Supplier Diversity Corporate Plan Fiscal Years

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

COSO s ICIF Update. Discussion with PCAOB s Standing Advisory Group. March 24, 2011

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

CHAPTER 15: ENTERPRISE RISK MANAGEMENT - SUPPLEMENTAL MATERIAL

CAPITA PLC POLICY PREVENTION OF MODERN SLAVERY STATEMENT PUBLIC. Classification Version 1

*** It is a pleasure for me to speak to you today on the subject of Corporate

PROGRESSIVE MINDS APPLY

How to Select, Align, Develop, and Retain Highly-Engaged People in Healthcare

The Strategy Alignment Model: Defining Real Estate Strategies in the Context of Organizational Outcomes

MISSION STATEMENT. Board Mission Statement and Charter February DTCC Public (White)

Review of Duke Energy Florida, LLC Internal Audit Function

FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY

Project management is a critical skill in today s marketplace especially. Part V End-User Information Systems Project Management

Putting our behaviours into practice

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Getting Started with BPM. Kathleen Donahue, Sr. Director, BPM Deb Boykin, Director, BPM June 22, 2010

An Assessment of the Corporate Governance Practices of Fifth Federal Reserve District Banking Institutions

Miles CPA Review: BEC Q Updates for 2017 Edition

Code of Corporate Governance

Taking a Global Stance on Employee Engagement Benchmarking against the World s Most Admired Companies

MAGNA INTERNATIONAL INC. BOARD CHARTER

Auditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards

Governance Education That Brings More to the Table.

Beginning a Business Sustainability Plan

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

npliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for

THE HR GUIDE TO IDENTIFYING HIGH-POTENTIALS

The way we do business

Finance Division. Strategic Plan

INDUSTRY TRAINING AUTHORITY THREE-YEAR STRATEGIC PLAN Three-Year Strategic Plan:

LEADERSHIP OPPORTUNITY EXECUTIVE DIRECTOR

REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY

National Defense University. Strategic Plan 2012/2013 to 2017/18 One University Evolution

Internal Controls and Risk Management Report

SIFMA Anti-Money Laundering & Financial Crimes Conference New York, NY February 8, 2017

onesource tax provision

Transcription:

THE CONFERENCE BOARD OF CANADA S WESTERN CORPORATE GOVERNANCE FORUM 2005 Shaping Governance Controls to Fit Your Organization Calgary, Canada The Next Frontier for Internal Controls Beyond SOX 404 Keynote Luncheon Presentation Ron Lalonde, CIBC Senior Executive Vice-President, Chief Administrative Officer and Chief Privacy Officer Friday, April 8, 2005

1 Setting the stage commitment to good governance Good afternoon everyone. I am delighted to have this opportunity to return once again to the to talk about our continued commitment to building a strong corporate governance culture across our organization. Last year, my colleague and CIBC s Chief Risk Officer, Wayne Fox, spoke at this Forum about CIBC s two-year build of our management strategy for corporate governance. This covered risk, reputation, compliance and, of course, the Sarbanes-Oxley Section 404 (SOX 404) requirements for financial reporting. Since those remarks, CIBC has moved forward in implementing a more formalized and structured control and governance plan across the organization that has enabled us to be one of the first North American public companies to meet the management reporting requirements of SOX 404 as well as to set in place a framework for managing other internal controls more comprehensively.

2 Specifically, I ll be speaking today about CIBC s decision and long-term commitment to voluntarily go beyond the Sarbanes-Oxley model of financial reporting and control in order to create a more complete and overarching framework of governance and control. I will share with you the progress CIBC has made in meeting new and evolving demands from regulators. As well, I will describe for you the approach that we are taking at CIBC to ensure not only full and ongoing compliance, but to ensure that we have set our own high standards and have put in place an appropriate organizational structure that will enable us to forge a path to and be ready for - what we believe will be the next frontier in governance and control. From all of this, I hope to provide you with some practical insights into a few best practices and impart to you some of our lessons learned so that you can forge your own paths. Background current regulatory and business environments Like other organizations around the world, CIBC has responded to the evolving demands of a changing business environment. With increased legislation and regulatory scrutiny, the bar has been raised in many areas.

3 Businesses are faced with the ongoing requirements of the US Sarbanes-Oxley Act, section 404 (SOX 404) and its Canadian equivalent, Bill 198, which represent some of the most sweeping legislation and set of securities enhancements seen in decades. CIBC, as a US securities dealer, is also expected to meet the new market surveillance guidelines adopted by the National Association of Securities Dealers (NASD). And financial institutions have additional responsibilities in responding to the international Basel II framework, which requires linking regulatory capital with the risk profile of their businesses. A strategy of risk reduction Our business strategy at CIBC has been to reduce earnings volatility and risk, while aggressively growing our core banking businesses by becoming the leader in client relationships. CIBC has made dramatic improvements in our risk profile. We have shifted capital so that our Retail and Wealth Management businesses now have more than 70% of the bank s capital. Our Wholesale Banking business has done very well under tighter risk controls and a reduced capital base. Our corporate loan and merchant banking portfolios are significantly smaller; our credit quality has improved and our capital foundation is strong.

4 Consistent with this strategy of risk reduction, we believe that risks in the areas of reputation, control and governance represent increasingly important risks to financial institutions. So we have also developed a comprehensive approach to managing these risks. Given a business strategy of focusing on client relationships, we believe that strong reputation and governance controls are essential to building a climate of trust with our clients. Going beyond Sarbanes-Oxley The new Sarbanes-Oxley regulations, and its Canadian equivalent in Bill 198 specify a rigorous set of documentation, testing and reporting requirements around controls relating to companies financial reporting. While these controls are unquestionably very important, we believe that there are many other controls that are just as important in the low-tozero tolerance environment where many of us live Controls to ensure compliance with the myriad of laws and regulations that we face Controls governing privacy commitments and Controls around operational processes where failure has the potential to result in material financial losses or reputational embarrassment. We believe that controls in all these areas represent the next frontier of requirements for financial institutions and maybe for many other public companies.

5 So, at CIBC, we took the decision to get ahead of these issues rather than wait and have to catch up as laws, regulatory requirements and market reputation evolve in these areas. An integrated approach to governance and control So let me review the components of our integrated approach to controls and governance at CIBC. First: The CIBC controls program is a corporate-wide initiative to document and test the significant internal controls across CIBC. The program has five interrelated subprojects: General Entity Controls, which examine the effectiveness of CIBC s entity level controls things like tone at the top, culture, and codes of conduct, as well as performance management processes and other bank-wide high level controls. Financial Process Controls, an evaluation of the reliability of our financial process controls. Our work during 2003 and 2004 in these two programs positioned CIBC to attest to the management reporting requirements of section 404 of the Sarbanes-Oxley Act a full year ahead of the originally scheduled reporting deadlines.

6 In fact, CIBC was the first financial institution in the world to achieve this attestation. The other two subprojects in the Controls program include: Legislative Compliance Management - a review of the effectiveness of our controls to ensure compliance with the many laws and regulations we are subject to and Operational Process Controls, to assess the effectiveness of the controls over our operations. In both areas, we are applying the same documentation and testing standards as we set for financial and general entity controls. Our work on operational process controls is nearing completion but we will continue our work on Legislative Compliance controls for some time. A fifth and foundational element of the CIBC controls program is the design and development of an Internal Controls Repository. This application when implemented, will provide CIBC with the ability to store, update and track control documentation and manage remediation plans across all of the control streams. Not an insignificant requirement, when you consider that our final control framework will have documentation, testing and remediation update data for literally thousands of individual controls, organized into lines of business and oversight responsibilities.

7 Separate from the Controls program we also introduced a number of other governance and control initiatives, which include: Global Reputation and Legal Risk where we developed and implemented a process to ensure ongoing sustainability in managing global reputation and legal risk, including training more than 37,000 CIBC staff. We introduced a new bank-wide policy to guide the management of all client transactions across the organization. Internally we established a senior committee to review escalated transactions; and provided employees with a confidential hotline where they can report any potential irregular business activities. Board and Senior Management Reporting where we redesigned the key reports to our Board and senior management, enhancing the information provided for effective governance and decision-making Board Renewal Plan where our Chairman developed and implemented a Board Renewal Plan that included the review and update of our Board mandates, including benchmarking them to leading practices and making them available online via our corporate website.

8 Compliance Review where we completed a review of our Compliance function and re-engineered the department and its processes to strengthen our internal controls over regulatory compliance, and Anti-Money Laundering where we updated our anti-money laundering initiatives and training for all employees and introduced advanced training to all US and Canadian employees working in specific business units who support or conduct cash transactions. Given their size and scope, some of these initiatives as well as those in the CIBC controls program were run as projects with dedicated project managers. We recognized early that sophisticated project management was required to meet the extremely tight deadlines we had set for ourselves. Building upon the COSO framework CIBC s control framework has been modeled on the internal control framework endorsed by the Committee of Sponsoring Organizations of the Treadway Commission commonly referred to as COSO, the industry standard.

9 We adopted the COSO model for a number of reasons. Not only is it the industry standard and one of the recommended models to help meet the SOX 404 requirements, more importantly, it provides a sound basis for establishing a system of internal control that ensures comprehensiveness and effectiveness if properly implemented. Ultimately the four fundamental management objectives that form the basis of the COSO framework will help us monitor whether: The high level strategic goals of CIBC are aligned with and support our entity s mission. The operations of CIBC make effective use of our limited resources. The financial reporting provided to shareholders and other external stakeholders is reliable and fairly presented, and The conduct and actions of CIBC s Board of Directors, executives and employees is in compliance with applicable laws and regulations. The framework also forms the basis for an ongoing attestation process by management that will affirm ongoing control in all aspects of the business. To-date, CIBC s investment in governance and control implementation strategies has surpassed $60 million. Add to this the time and human capital investment and you have an intense commitment no matter which way you measure it.

10 This commitment and investment has begun to be recognized with some tangible results. In fiscal 2004, we were pleased to receive external validation of the strength of our governance practices in several governance surveys and rankings. Received AAA+ rating in the 2004 Board Shareholder Confidence Index assessed by the Clarkson Centre for Business Ethics and Board effectiveness at the Rotman School of Management Tied for 11 th place with a score of 92/100 in The Globe and Mail s Report on Business Corporate Governance Ranking Scored in the 93 rd percentile overall, relative to global peers, by GovernanceMetrics International. Received a score of 93/100, tying for 11 th place in Canadian Business magazine s ranking of Best Boards. CIBC s strong governance performance also contributed to CIBC s inclusion once again in the Dow Jones Sustainability World Index in 2004. And in early fiscal 2005, CIBC was rewarded for its governance and control efforts with an improved credit rating from one of our key bond rating agencies. In its assessment, Dominion Bond Rating Service (DBRS) credited CIBC for its improvements in governance and control.

11 This immediate and tangible evidence of governance and control return on investment is not only attractive to shareholders and regulators, it helps to prove just how critical and influential a sound governance and control strategy can be. Challenges and lessons learned So, what were some of our challenges and lessons learned? At the risk of making a complete understatement, I need to emphasize that the rollout of an initiative of this scope and scale is not easy. While we exceeded our expectations, we encountered more than a few challenges along the way. Engaging all stakeholders to secure buy-in. We needed to convince business partners that this work was essential, on strategy, and would help us meet our vision of leadership in client relationships Coordinating efforts among separate project streams Managing resistance to change once theory turns into reality Ensuring framework and processes align with legislative and regulatory requirements (SOX, BASEL II) while supporting day-to-day management and measurement of operational risk Aligning and integrating technical applications Planning timing and rollouts with various assertion and reporting requirements

12 Recommendations for others To help your respective organizations meet with success, here are some recommendations or what we call internal control principles, to consider: Demonstrate a clear and supportive tone at the top Projects like this don t happen without that support Define key roles and responsibilities clearly Solicit input and buy-in and create a sense of ownership Invest (over invest) in planning, training, testing and communicating. I d especially emphasize the planning component. If we could start over, we d spend more time on planning to ensure smoother implementation Determine an appropriate pace but set the bar high Orient external resources to the culture and nature of your business so that work is conducted in a way that is right for your organization Create advisory teams but make sure everyone knows who is running the program Focus on sustainability to make sure that you preserve the value of the project exercise Recruit and retain key resources early to ensure retention and transfer of knowledge Recognize and reward the people that need to implement this difficult work. It s people that make change successful.

13 Governance and control sustainability So where do we stand on our efforts? Well, after more than a year of tremendous effort across the organization, the critical first phase of our governance and control work is now complete. Next comes the equally challenging second phase of ensuring our global governance and control work can be sustained over the long term. The combination of all of these initiatives remains a significant agenda for CIBC. Our governance and control initiatives represent many person-years of effort, many millions of dollars of execution cost, and critical objectives we simply must meet. To succeed and continue our leadership position, we remain committed to a delicate balance between discipline, flexibility, anticipation and innovation. Conclusion trust, teamwork and accountability At CIBC, our Governance and Control program is about building and deepening trust with our clients. While trust, teamwork and accountability are the core values at CIBC, being the leader in client relationships and having trusting relationships with those clients is the vision we strive to achieve every day and one that is fundamental to our future. Thank you for your attention. I d be pleased to respond to questions.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback