Capital One 2003 Annual Report Download - page 27

Download and view the complete annual report

Please find page 27 of the 2003 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 136

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136

The Company maintains a system of internal control with the objective of providing proper transaction
authorization and execution, safeguarding of assets from misuse or theft and ensuring the reliability of financial
and other data. The internal control system is intended to provide management with timely and accurate
information about the operations of the Company and has been designed to manage operational risk at
appropriate levels given the Company’s financial strength, the environment in which it operates and considering
factors such as competition and regulation. The Company has established procedures that are designed to ensure
that policies are followed on a uniform basis. Management continually monitors and improves its internal control
systems, processes and procedures to reduce the potential likelihood and impact of events related to operational
risk.
The key governance forum for operational risk is the ERM Committee, described above. The committee reviews
significant operational risks from self assessments, progress against mitigation plans and analyses of the
Company’s operational loss event experience. In addition, key risk management initiatives and programs are
reviewed by the Committee. Operational risk information is also shared with the Executive Committee, described
above, and the Audit and Risk Committee of the Board of Directors. Corporate Audit Services also assesses
operational risk and the related quality of internal controls and quality of risk management through its audit
activities.
Legal Risk Management
Legal risk represents the risk of loss related to (i) contracts that are not properly drafted so as to strike the
appropriate balance between the Company’s business interests and its legal exposure, (ii) the Company’s legal
entity structure and (iii) changes in laws and regulations, whether domestic or from international jurisdictions in
which the Company conducts business. The management of legal risk is overseen by the Company’s General
Counsel. Due to the Company’s significant reliance on certain contractual relationships, including with its
funding providers, as well as its unique corporate structure and heavily regulated industry, the Company faces
significant levels of legal risk. The Company also faces risk of loss from litigation, which is primarily managed
by the Company’s legal department.
Strategic Risk Management
Strategic risk is the risk to earnings or capital from operating the Company in a competitive environment. The
Executive Committee, described above, is the principal management forum for discussion of strategic risk. The
Company assesses strategic risk in its annual planning process, which includes both a top-down process set by
the Board of Directors and a bottom-up process led by business lines. The Company also performs quarterly
business reviews at the Executive Committee to compare business performance and risk assessments to plan.
Consideration of strategic risk is also a vital component of due diligence when evaluating new products, ventures
or markets.
Reputation Risk Management
Reputation risk represents the risk to earnings or capital arising from negative public or associate opinion. The
management of reputation risk is overseen by the Executive Vice President, responsible for the Company’s
corporate reputation and governance programs, with the advice and guidance of the Corporate Reputation
Committee, a committee of senior management. The Company currently utilizes qualitative criteria to measure
reputation risk. Several measures, both internal and external, are considered to gauge changes to the Company’s
reputation and overall reputation risk and include brand market research, customer studies, internal operational
loss event data and external measures.
Compliance Risk Management
Compliance risk is the risk of non-conformance to laws, rules and regulations. The management of compliance
risk is overseen by the Chief Enterprise Risk Officer with the advice and guidance of the ERM Committee and its
9