RISK MANAGEMENT CORPORATE GOVERNANCE Friday 26 th July

RISK MANAGEMENT & CORPORATE GOVERNANCE Friday 26 th July 2013 Gibson Hotel Jason Dowling CPA 1

A Little About Me!! • • • Jason Dowling CPA Director & Co-Founder RISC Manager Partner – Whelan Dowling & Associates 22 Years Practice – 15 Years Advising CU’s Married – 3 Kids Twin 2

What we’ll address today • • Legislation – Future Implementation Risk Management Process Corporate Governance RISC Manager - Features Final Thoughts Q & A – At The End Of Seminar Keep It Light & Keep Your Attention !!! 3

Legislation 4

Legislation • • Commission Report September 2011 – Interim Commission Report March 2012 – Final Credit Union Bill 2012 – June 2012 CU Act 2012 – December 2012 CU Handbook – July 2013 – Draft CU Handbook – September 2013 – Final Implementation Plan – October 2013 5

Legislation 1 August 2013 – 9 parts 1 October 2013 – 20 – parts 3 March 2014 – 3 parts 1 April 2014 – 8 parts Already Commenced -34 parts See - http: //www. finance. gov. ie/documents/pressreleases/2013/mn 232 appenda. pdf 6

Risk Management Framework 7

Risk Management Process - Cycle 8

Risk Management Process - Cycle 9

RISK MANAGEMENT SYSTEM • Covered under Section 76 B CU Act 2012 • “A credit union shall develop, implement, document and maintain a risk management system with such governance arrangements and systems and controls to allow it to identify, assess, measure, monitor, report and manage the risks which it is, or might reasonably be, exposed to. ” • The risk management system— – (a) shall be clearly set out and documented, and – (b) shall clearly set out the related tasks and responsibilities within the credit union 10

RISK MANAGEMENT SYSTEM • Covered under Section 76 B CU Act 2012 • • “A credit union shall develop, adopt, implement, monitor, document and maintain systems and controls to manage and mitigate the risks identified by the risk management system. ” • “The board of directors of a credit union shall appoint a person (in this Act referred to as a ‘risk management officer’) with the necessary authority and resources to manage the risk management function within the credit union” 11

RISK MANAGEMENT SYSTEM • CU Handbook Section 18. 1 - Guidance • • “The risk management system, which shall be clearly set out and documented, should cover the following at a minimum: A risk management policy A risk management process A risk register Systems & controls; and Review by the board of directors 12

Risk Identification 13

Risk Identification 14

Risk Identification • • Credit Unions Seem To Struggle Here Over Complicate / Over Simplify Mix-up Risk & Compliance Issues Risk Identification Process Blank Page, Questionnaires, Copy Other CU, Outside Consultant, ILCU, Auditor, Solicitor, Investment Adviser, Oversight Committee, Staff, History, Brainstorming, Workshop, ETC…. RISC Manager (Preloaded 50+ Generic CU Risks) 15

Risk Assessment 16

Risk Assessment. Matrix/Heat Map 17

Risk Assessment / Measurement • • Impact Probability / Likelihood Appetite / Tolerance PRISM – Category & Sub Category Treatments Heat Map Inherent Risk &Residual Risk 18

Risk Monitoring 19

Risk Monitoring • • Assign Treatments Allocate To Individuals Track Progression – Measurement Record Control Points Amend Treatments if Ineffective History & Archive Consider Oversight Committee & IAF Residual Risk Growing 20

Risk Reporting 21

Risk Reporting – CU Handbook 18. 1. 5 Reports should cover the following at a • • minimum: Significant risks and the effectiveness of systems and controls; any risk events that have occurred and the actions taken or proposed to mitigate the risk; likely or actual deviations from risk tolerance levels or established systems and controls and should include the timeframe and status of any activities that are proposed to address these; any negative trends in higher risk areas and any recommended changes to risk management activities; any new risks including their risk assessment, risk rating and systems and controls; any material emerging risks and recommended course of action; updates on risk management actions arising from previous reports that have been approved by the board of directors (or risk committee where one exists); and any recommended remedial action required. 22

Risk Reporting – CU Handbook 18. 1. 5 Warning to Directors: Where a significant risk event occurs, the risk management officer should bring this to the attention of the board of directors (or risk committee where one exists) immediately. The board of directors should ensure that any risks arising from the risk event are managed and mitigated in a timely manner. 23

Corporate Governance 24

Corporate Governance 25

Corporate Governance Definition: The definition of corporate governance most widely used is "the system by which companies are directed and controlled" (Cadbury Committee, 1992). More specifically it is the framework by which the various stakeholder interests are balanced, or, as the IFC states, "the relationships among the management, Board of Directors, controlling shareholders, minority shareholders and other stakeholders". 26

Corporate Governance Principles: • The OECD Principles of Corporate Governance states: • "Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. " 27

Corporate Governance - Changes • Executive vrs Non Executive • Board Meetings – Strategy – Risk – Internal Audit – Governance • Fitness & Probity, CPD, Training • Board Oversight – 40+ pieces legislation 28

The Central Bank wants … Poor governance and a weak business model are good leading indicators that problems at a firm are likely to emerge… Governance. . . the processes, structures and information flows which are used to allow the board and senior management to satisfy themselves that effective control mechanisms are in place to protect all stakeholders. . . Meaning 1. Are the Board members competent in fulfilling roles? Minimum Competency Regime, Fitness & Probity 2. Do they give sufficient time to their duties? Meeting frequency 3. Have they documented their functions? Policies, reviewed, implemented 4. Do they understand how the business operates? Risks 29

Corporate Governance - Sanctions 30

RISC Manager 31

What is RISC Manager? • Three main functions – Risk, Internal Audit, Governance • Simple for users – You only need a browser • Satisfies all compliance requirements – 1997 & 2012 Acts plus Audit standards • Future legislation & Central Bank regulation – Part of your purchase agreement – no extra cost 32

33

34

35

Final Thoughts Don’t Reinvent the Wheel !!! 36

Final Thoughts Re-active 37

Questions – At The End 38

Contact Details For further information or to arrange a demo please contact Jason Dowling jason. dowling@risc-manager. com Visit - www. risc-manager. com Office: 01 6771411 39