Blackberry 2010 Annual Report Download - page 56

Download and view the complete annual report

Please find page 56 of the 2010 Blackberry annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 98

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98

RECOMMENDATION RESPONSE
10. Risk Oversight
The board should determine how it will carry out its risk oversight
responsibilities. The board should develop and formalize the related
communication and reporting protocols — at both the audit
committee and full board level — to effectively carry out its risk
oversight responsibilities including:
- Understanding the risks inherent in the organization’s strategy
and the risk appetite of management in executing that strategy;
- Ensuring the implementation of appropriate processes and
systems to manage the organization’s critical risks;
- Accessing relevant information from internal and external
sources about the critical assumptions underlying the strategy;
- Being alert to organizational behaviour and financial and other
incentives that can lead to excessive risk taking;
- Providing input to executive management regarding critical risk
issues on a timely basis; and
- Identifying significant changes to the Company’s risk profile and
their implications to the business.
This recommendation has been accepted and has been addressed.
The Board has determined how it will carry out its risk oversight
responsibilities and has developed and formalized the related
communication and reporting protocols — at both the AR&M
Committee and full Board level. Risk oversight is carried out by the
Board and committees at different levels. The Board mandate
allocates responsibility for the assessment of principal business
risks in the Board. The Board, through its committees and their
respective charters, has delegated additional responsibilities for
risk oversight:
Audit Committee. In connection with the April and December, 2009
quarterly meetings, the role of the then Audit Committee was
enhanced to better encompass risk management in a number
areas. In particular, in April, the charter of the committee was
enhanced to better reflect best practices for audit committees,
better align with other Board committee charters and assume
certain duties of the disbanded Oversight Committee. Among
others, enhancements in the areas of oversight of financial
reporting process & internal controls, oversight of the annual
audit/quarterly reviews; oversight of the Company’s Risk
Performance and Audit group; an annual review of legal and
regulatory matters; and the review of Company policies were
made at that time. In December, the charter was further
enhanced to specifically address oversight of risk management
and to acknowledge/address the increasing focus on risk
management in the governance realm generally. As a result of
its increased role in risk management, the Audit Committee was
renamed the Audit and Risk Management Committee.
The A&RM Committee is also responsible for the oversight of the
Company’s Risk Performance and Audit Group which was started
by the Company in 2008. Pursuant to its charter approved by the
A&RM Committee, the group’s scope of work includes assessing
whether the management’s risk performance, control and
governance processes are adequate and functioning such that,
among other things, risks are identified and managed; risk
management is embedded in the business; employee’s actions
are in accordance with policies, standards, procedures and
applicable laws/regulations & significant legislative or regulatory
issues are recognized and addressed appropriately. The group
currently consists of a Senior Vice-President and 12 employees who
have joined the Company since 2008. Pursuant to its charter,
the Senior Vice-President reports directly to the A&RM Committee
(administratively to one of the Co-CEOs) and the group is to
perform its function in a manner that would not impair its
objectivity and independence. The group prepares an annual
audit plan which is submitted to and approved by the A&RM
Committee and the group’s progress on the approved plan is
reported to the A&RM quarterly. The group’s Senior Vice-President
also meets with the A&RM Committee in-camera as appropriate.
CNG Committee: The CNG Committee also has risk
management and control responsibilities. Its charter requires
the committee to annually review: the administration of
the Company’s equity-based compensation plans; the risk
management and controls of the Company’s other
compensation and benefit plans; and management’s
assessment of compliance with laws and regulations as
they pertain to its responsibilities under the Charter. It also
requires the committee to provide oversight related to
compliance with the Sarbanes-Oxley Act of 2002 for
executive compensation purposes.
MD&A
48