Credit Unions - Enterprise Risk Management ... - BDO Canada

Credit Unions | BDO Risk Advisory ServicesCredit unions careabout personal service.So do we.How BDO works with credit unionsCredit unions are dedicated to delivering the highest level of servicecompetence and professionalism. From personal and commercial bankingto investing and borrowing, BDO’s Risk Advisory Practice understandsthe unique grassroots nature of credit unions and their place in Canadiancommunities.We pride ourselves on offering practical, local advice combined with nationaland international resources to effectively serve organizations like yours.Where BDO Risk Advisory Services can helpWe will work with your audit committee and board of directors to remaininformed of regulatory changes, while ensuring standards are upheld.We provide services in complex accounting (including IFRS), enterprise riskmanagement, and internal audit.CREDIT UNION EXPERTISEWe are committed to providing the guidance and expertiserequired to help your credit union proudly serve its communityand members. As knowledgeable, reliable providers of a widerange of financial services, we understand the deep roots thatcredit unions have in their communities.Our team is proud to offer value-added services that positivelyimpact our communities. Our cross-functional team is specificallydevoted to credit union issues. We encourage collaborationamong our credit union specialists and exchange information andideas to better serve valued clients like you.

Credit Unions | BDO Risk Advisory ServicesEnterprise risk managementIn 2011, DICO revised by-law #5 - Sound Business and Financial Practices- to reflect recent changes to industry best practices and emerging issues.Part of the review process consisted of the development of an enterpriserisk management (ERM) framework which includes Class 2 Credit Unions.DICO further prescribed the basic requirements for an ERM program forCredit Unions to include, at a minimum a:1. ERM policy that should be reviewed at least annually.2. Appropriate risk appetite statement that describes its overall approachto risk.3. Defined responsibility of the Board, Audit Committee and seniormanagement.4. ERM reporting structure that clearly identifies the risk profile and thestatus of significant risk.Our ERM service offerings range in nature and are specifically designed andare scaled to reflect and size and complexity to meet your credit union’sindividual needs. Practical and proactive ERM strategies, be it ad-hoc orfull-scale, can help an organization meet strategic organizational goalsand objectives, moreover, allow you to protect and create value of yourstakeholders. BDO’s Risk Advisory Services team can assist you with thefollowing types of ERM-related projects:• Identifying or validating your business risk registry or universe.• Establishing an ERM policy, framework and ERM program whichseamlessly blends in with the size and culture of your organization.• Evaluating your current ERM program or process and provide abenchmark against similar organizations.• Facilitating ERM workshops and training within your organization to enhanceyour current ERM program and thereby validate or establish risk rankings.• Integrating your ERM program with other established corporategovernance initiatives such as CEO/CFO certification, business continuitymanagement, internal audit and other initiatives.Most credit unions have already established methods of risk managementin their organizational environments and in daily activities. They may seemsimple and basic but they are still proven and substantiated approacheswhich help mitigate risk. The ability to establish such processes andprocedures can help a credit union achieve corporate objectives as well asindirectly mitigate some of the risks that may arise by association. Somecommon examples of risk categories and sub categories already provided byDICO include:Strategic risks• Strategy development andimplementation• Competition• Performance and viability• Member demographics• Economic/external riskCredit risks• Default risk• Concentration riskFinancial risks• Market/investment risk• Structural risk (asset/liabilitymismatch risk)• Liquidity and fundingmanagement• Capital managementOperational risks• Fiduciary risk• Information technology risk• Outsourcing• Fraud• Member satisfaction• PersonnelCompliance risks• Regulatory (CU/CP Act)• Other legislative requirementsBDO ERM FrameworkGovernance & PlanningIdentify & Rank RiskAssign & Assess RisksMonitoring & Reporting01020304ObjectiveEstablish ERM roles and responsibilitiesEstablish an ERM ProgramEstablish a risk universe with periodic risk assessmentAlign risk with business objectivesQuantify key risksDetermine risk treatment strategiesAssign risk to process ownersIdentify key metrics for risk monitoring and reportingEstablish management reports for the ERM programDeliverableEstablish an ERM poicyEstablish an ERM frameworkRisk registry or risk universeSummary of key risksDepartmental risk reportsDepartmental action plansRisk Management reportsAction plan status report

Credit Unions | BDO Risk Advisory ServicesInternal audit servicesAll companies face new corporate governance concerns, as well as intenseinternal and external scrutiny. A reactive approach to internal audit is nolonger acceptable; there can be no surprises when it comes to managingthe risks and opportunities in your business. We have found that manyinternal audit groups struggle with a number of conflicting demands, mostnotably contention for resources while trying to maintain traditional IAfunctionality. The BDO Risk Advisory Services practice has developed asuite of services designed to help clients develop and implement an internalaudit function or, transform a standard, compliance driven IA function intoone that is proactive and risk-oriented that fits with their risk managementframework and strategy.We can help you align your internal audit function with the overallobjectives of your credit union. Our services include:• Establishing an effective internal audit function• Quality Assurance Reviews gauging the effectivenessof the internal audit function• Strategic partnering and co-sourcing• Risk assessment services• Managing the internal audit function• Constructing audit services• Financial institutions compliance• IT audit servicesIn recent years the Internal Audit function has taken a more dynamicapproach or value added approach and now provides consulting on theoverall “Risk Assessment Approach” within an organization as well asproviding assistance with process improvement or process reengineering.The BDO Internal Audit Continuum depicts the range from traditional“compliance approach” to the more dynamic “value added” RiskManagement approach.Internal Audit MethodologyThe BDO International Internal Audit Methodology is our approach toproviding Internal Audit services of the highest professional standard,consistently on a global basis. Our methodology is based on world’s bestpractice for Internal Audit services. It reflects standards established bythe Institute of Internal Auditors’ International Professional PracticesFramework, Standards for the Professional Practice of Auditing andStandards for Risk Management.Stages 1 to 3 of our methodology (depicted in the figure in the top right)set out our approach to risk based planning. It is designed to understandthe complexities of the operating environments in which the risk basedInternal Audit function is planned and performed. Our understanding isbuilt in consultation with key stakeholders. Supported by our own networkof multi-industry and multi-disciplinary specialists, it provides the basisfor the development of a risk based review strategy and plan. Essentially,our understanding is applied and developed throughout all phases of ouriterative process.Compliance ApproachFinancial & Regulatory Compliance AuditsOperational AuditingReview Internal Risk Assessment ProcessBusiness Process ImprovementsEnterprise Risk ManagementRisk Management Approach

Credit Unions | BDO Risk Advisory ServicesComplex accountingGenerally, credit unions are involved in many of the most complex accountingpractices. Treasury practices like hedges and swaps are used to minimizerisk and require specialized knowledge and expertise to properly account fortransactions. Our professionals can provide assistance and the appropriateaudit services for your year-end assurance requirements.For example, BDO’s IFRS Conversion Services Group has used its expertise andextensive knowledge of credit unions’ regulatory environment to develop aunique, cost-effective solution for small to mid-sized credit unions. ExpressIFRS Conversion (CU-IFRS) provides a pre-packaged consulting solution tostreamline the compliance process, and mirrors common IFRS conversionrisks that are specific to credit unions.This group has presented webinars in association with DICO (“IFRSConversions – Keeping it Practical”) and has provided expert advice oncomplex accounting issues that may arise on transition to IFRS, such asLoan Loss Provisioning.The BDO differenceIn a marketplace that typically provides two types of accounting firms —the large scale global provider, or the smaller relationship driven local firm— BDO provides a real and sensible alternative. We want to give our clientsan option that is distinctively different.What sets us apart from our competitors is the way we see, listen andthink about our clients. It’s this dedication and commitment to our clientsthat helps us deliver distinctively different relationships and results. Thereare many advisory firms with experience in the financial services sector;however there are many organizations within this sector with specialrequirements that can only be properly serviced when those who have theexperience are made directly available.Our Risk Advisory Services partners and senior professionals are availablefor hands-on client support and interaction. The partners and seniorteam members are the ones who have the experience and can make theengagement as smooth as possible. We take a partner-led approach whichdelivers the highest quality of service.Global Resource Sector specializationBig 4Proximity/Intimacy/LoyaltyBDOThe restAbout BDOAs one of the largest firms in Canada and a true single partnership across the country, BDO Canada is clearly placed in a strong competitive position relativeto the “Big 4”. BDO possesses the size and strength to provide our clients with a full range of comprehensive accounting and business advisory services,while retaining the local flexibility and personal attention needed to focus on individual client needs. BDO Canada has over 100 offices nationally with morethan 2,500 professional staff.

Credit Unions | BDO Risk Advisory ServicesOUR TEAMSam Khoury, CA•IT, CPA, CITP - Partnerskhoury@bdo.caDirect: 416 369 6030Sam has extensive years of assurance and risk advisory experiencespecializing in the implementation of change management projects,including IFRS conversions, enterprise risk management, and othercorporate governance initiatives. He previously articled in assuranceand advisory services where he managed a client portfolio of bluechip corporations, financial institutions and medium-sized publiccompanies. His further expertise includes internal controls, projectmanagement (PMBOK), risk management, change management,business process re-engineering, and technology solutionsalignment with business objectives.Carlo Mariglia, CA, CPA, CISA, CIA - Partnercmariglia@bdo.caDirect: 416 369 3078Carlo manages and supervises numerous Risk Advisoryengagements across multiple industries. He has extensiveexperience in co-sourcing Internal Audit functions and ERMconsulting. He has also played a key role assisting numerousCanadian public companies and other publicly-accountableenterprises in their transitions from Canadian GAAP to IFRS. Hepreviously articled in assurance and business advisory services,managing various public company engagements, and laterfocused on evaluating internal controls over financial reporting,business process enhancement, IT audit, internal audit, andrisk management. His further expertise includes corporategovernance practices, project management framework andpractices, implementing the Business Continuity ManagementProgram under BS 25999, and establishing and maintaining aninternal audit function in accordance with IIA standards.

Credit Unions | BDO Risk Advisory ServicesOUR TEAMPierre Taillefer, CA, CISA, CFE - Partnerptaillefer@bdo.caDirect: 514 931 0841 ext. 2504Pierre leads the RAS practice in Montreal with 20 years of in-depthexperience. He has been involved in various engagements coveringservice organization controls reports, the Sarbanes-Oxley Act of 2002and Multilateral Instrument 52-109, investigation and anti-fraudprograms, management of internal audit outsourcing engagements,outsourcing contract reviews, compliance mandates, and businessprocess, internal controls, due diligence and security reviews. He hasalso worked with cash logistics, IT outsourcing (including applicationsand hardware) and broker-dealers. His further expertise includesbusiness process re-engineering, technology solutions alignment withbusiness objectives, and IT risk and controls.David Knott, CISA - Senior Managerdknott@bdo.caDirect: 416 369 3016David is responsible for the management and supervision ofnumerous information technology, internal controls, and IT securityrelated engagements for the BDO Technology and Risk ServicesPractice. Prior to joining our firm, he provided IT security servicesin assurance and business advisory services in the technology riskmanagement groups of two other leading firms, managing variousinformation system services engagements for a wide range ofclients. His further expertise includes information systems auditservices, IT general controls assessments, payment card industryservices, internal IT controls design and testing, ISO 27001consulting services, IT forensic services, CEO and CFO certificationservices, ethical hacking services, disaster recovery and businesscontinuity planning, and IT project management consulting.

Contact BDOSam Khoury416 369 6030skhoury@bdo.caCarlo Mariglia416 369 3078cmariglia@bdo.caDavid Knott416 815 3016dknott@bdo.caPierre Taillefer514 934 7806ptaillefer@bdo.cawww.bdo.caBDO Canada LLP, a Canadian limited liability partnership, is a member of BDO InternationalLimited, a UK company limited by guarantee, and forms part of the international BDO networkof independent member firms. BDO is the brand name for the BDO network and for each of theBDO Member Firms.GB-CU-R.03.11