ENTERPRISE RISK MANAGEMENT FRAMEWORK

 
1. Introduction
 
Enterprise Risk Management (ERM) is defined as:
". . . a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity's objectives."

In summary, ERM:
  is a comprehensive, systematic, disciplined and proactive process that is used to identify, assess, manage and report on the significant strategic, business and process level risks related to the achievement of the corporate objectives which are inherent in the business strategy and operations at any point in time;

  is a decision making process for measuring and addressing any variation (positive or negative) from the corporate desired objectives;

  forms a basis for the corporate decision making processes from the development of its strategy and objectives to its daily operations, reporting and compliance routines;

  provides the ability for management to make more efficient use/allocation of capital and resources within the organization to optimize capital levels;

  optimizes risk management by balancing the cost of risk with the cost of control for all aspects of the corporate potential risk areas to ensure organizational objectives are met;

  is an integral part of sound business and financial management from the strategic planning process to the day-to-day operations of the corporation that helps identify and manage all material internal and external risks and opportunities that may affect its performance, reputation and viability;

  seeks to enhance value and preserve the longer term viability of the corporation; and

  is a fundamental responsibility and accountability of the Board and senior management.

ERM involves a pro-active holistic enterprise-wide view of all risks and their associated risk appetite and tolerances to ensure that they are fully aligned with the corporate objectives and strategies, and reflects the quality, competencies and capacity of people, technology and capital. ERM also helps identify the interdependency and interaction of risks across the organization and provides the tools to rationalize risk management activities.
 

 

2. Purpose
 
The corporation will maintain a robust ERM framework to ensure:
  significant current and emerging risks and opportunities are identified and understood;

  appropriate and prudent risk management systems to manage these risks are developed and effectively implemented;

  regular reviews are conducted to evaluate the effectiveness of risk mitigation measures; and

  reports are produced on a regular basis regarding adherence to this policy

The purpose of ERM is to create, protect, and enhance member value and the corporation's viability by managing the uncertainties that could influence achieving its objectives.
 

 

3. Objectives
 
The objectives of this policy are to:
establish the risk appetite of the corporation;

identify the key responsibilities of the Board, audit committee and management; and

outline the frequency, form and content of reporting requirements.
 

 

4. Benefits
 
A corporation which successfully implements ERM should expect the following benefits:
More efficient use of capital and resources

Reduced likelihood of operational loss

Lower compliance/auditing costs

Earlier detection of unlawful activities

Fewer surprises

Focus on lower cost prevention rather than higher cost resolution strategies

Cost savings by using risk information to streamline and improve processes

Increased awareness and integrated view of risks (existing and emerging)

Systematic, repeatable approach to mitigate risks and identify opportunities

Clearer, better informed decisions

By being informed, the Board and senior management can be proactive in responding to the significant risks and opportunities that the corporation experiences as a financial institution. ERM helps identify strategically significant high priority risk issues for the Board's attention. Through a comprehensive risk identification and assessment process, corporations can identify who owns the risk and how best to respond to the risk. This ensures that the most appropriate and optimum level of resources is assigned to areas of greatest risk. Enterprise risk management helps identify opportunities as well as identifying risks. To be effective and not create additional overhead, ERM should be integrated into existing processes within the corporation that support such activities as strategic planning, business-planning, compliance monitoring, performance measurement and process re-engineering. Building ERM into existing processes increases awareness and sensitivity to risk and helps create a culture where risk is proactively assessed and managed at every level.
 

 

5. Roles and Responsibilities
 
The Board is responsible for:
setting risk appetite levels;

overseeing ERM activities of the corporation;

understanding the nature and magnitude of significant risks to which the corporation is exposed;

reviewing reports on the assessment of risk levels compared to established strategic risk targets; and

annually reviewing risk management policies, including risk appetite, and strategies to ensure that risk exposures remain appropriate and prudent.

The Audit Committee is responsible for:
reviewing management's identification of the significant risks of the corporation in accordance with the ERM policy;

ensuring there are enterprise risk management processes in place to measure, monitor,

manage and mitigate significant risk exposures, including appropriate policies, procedures and controls;

overseeing the application of ERM practices and the on-going identification of emerging risks; and

reporting to the Board on risk exposure levels.

Management is responsible for:
recommending risk tolerance levels to the Board;

identifying, measuring and evaluating significant strategic, business and process risk exposures;

ensuring an appropriate level of resources are allocated in alignment with established risk

appetite targets for assessing and managing risk;

mitigating of risk exposures through appropriate risk responses;

monitoring the application of risk responses and mitigation strategies; and

reporting on ERM processes and findings, including the level and direction of risk exposures and extent of risk management activities.

 

 

6. Reporting
 
Management will submit a internal control report to the Audit Committee at least quarterly. The report should provide appropriate information on the following:
nature and magnitude of significant risks and opportunities;

significant risks and those risks that exceed their acceptable risk levels ;

timeframe and status of any additional risk management activities that may be required to bring risks within approved risk levels;

any negative trends of higher risk areas and any changes to risk management activities;

any new significant risks including their risk assessment, risk response and management activities;

any emerging risks; and

any exceptions to the corporate established policies or limits for key risks.

The Audit Committee will report to the Board on its review of risk management activities, including the status of any significant current and emerging exposures and trends.
 

 

7. ERM Review
 
The effectiveness of the ERM framework should be assessed from time to time including a review of all significant risks and the risk environment of the corporation. As well, any changes to the framework should be recommended to the Board of Directors.