1. 1
Strategic Risk Management
How A Comprehensive Approach to Risk
Management Can Improve Corporate Governance
and Increase Shareholder Value
Ron Harasym
Vice-President Risk Management
ron.harasym@aegoncanada.ca

2. 2
Agenda
 Risk Management Post Sarbanes-Oxley
 Governance Process
 Best Practices – Risk Management & Internal Controls
 Risk Management Infrastructure
 Risk Management Hierarchy
 Risk Culture – Processes vs. Getting it Right
 Summary – Success Factors

3. 3
Risk Management Post Sarbanes-Oxley
• Regulators and rating agencies are intensifying focus on Risk
Management standards; there is less room for negotiation.
• Recognition that risks are increasingly correlated across businesses
and sometimes across different risk types, requiring a much more
integrated approach to managing them.
• Heightened market sensitivity to unanticipated risk events; fiscal
surprises of any kind now leading to market penalties often a
multiple of the real economic loss to shareholders.
• Boards and CEOs have responded by becoming more involved.
End result has been the overhaul of Risk Management practices.

4. 4
Governance Process
Board Committees
• Approve risk appetite limits and set strategic direction for the
Corporation
• Provide oversight for Risk Management activities
Management Committees
• Develop strategic vision for key enterprise-level activities
• Approve policies governing enterprise level activities
Working Committees
• Develop framework for implementing key risk activities
• Develop and adopt policies governing key risk activities

5. 5
Best Practices – Risk Management &
Internal Controls
• Best practices are about management, not models.
• Has Sarbanes-Oxley helped or hindered best practices?
• Core elements to best practices risk management are:
• Defining the risk strategy & risk appetite
• Instilling effective and efficient risk processes
• Full risk transparency
• Establishing a robust risk organization with a shared risk
culture

6. 6
Risk Management Infrastructure
• Strong and visible commitment from top management
• Central oversight of risk management across the enterprise
• Separation of duties
• Clearly defined responsibility and accountability
• Full ownership of risk and risk management at business unit level
• Cost effectiveness & Cost efficiency
• Adds value (not just bureaucracy) both defensively and
offensively.

7. 7
Risk Management Hierarchy
Long-Term Strategic Plan
Performance Objectives & Compensation Risk Philosophy/Appetite
Risk Management Policy
Corporate Risk Management Policies
• Aligned with strategy
• Risk limits/tolerances by risk pool
• Absolute standards in line with risk appetite
Business Level Policy Guidelines
• Business specific guidelines
• Aligned with Policy standards
Board Level
Management Committee
Level
Business/Management
Committee Level
Credit Administration Procedures
• Consistent measurement/monitoring of risk
• Specific processes
Business/
Administration Level
Approval and
Exception Reporting: Examples:
• Risk Tolerance Limits
• Risk Culture & Philosophy
• Policies for Key Risk Drivers
•Administration Procedures
Manuals
•Risk-specific policies geared for
the business unit

8. 8
Risk Culture: Processes vs. Getting it Right
• Processes:
• Risk limits & policy setting.
• Capital allocation
• Risk adjusted performance measurement
• Model validation
• Documentation
• Getting it Right:
• Building a partnership between Risk Management and the
Business Units
• Aligning incentives & compensation
• The search for talent.

9. 9
Summary – Success Factors
• Board Involvement
• Management Leadership
• Corporate-wide Initiative
• Values Based Process
• Regulatory Partnership
Drivers of SuccessSuccess Factors
• Enterprise-wide View
• Effective & Efficient Governance
• Separation of Duties
• Aggregation of Risks
• Transparency of Risks & Reporting
• Consistency of Practices
• Accountability
“Best-in-class” Risk Management
Organization
Objective