Capital One 2008 Annual Report Download - page 25
Download and view the complete annual report
Please find page 25 of the 2008 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15 -
16 -
17 -
18 -
19 -
20 -
21 -
22 -
23 -
24 -
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
 |
 |
7
Control Activities are the day-to-day backbone of our Enterprise Risk Management Program. Controls provide reasonable assurance
that legal, regulatory, and business requirements are met, and identified risks are being mitigated, avoided, or accepted according to
our risk appetite. We have practices in place to ensure key controls are established, evaluated, and effective in preventing a
breakdown. Control activities include the monitoring of adherence to current requirements, regular reporting to management, and
regular reviews and sign-offs. They also include the resolution of regulatory and audit findings and issues and the procedures that
trigger objective setting and risk assessments when new business opportunities are evaluated or business hierarchy changes occur.
Communication and Information must provide a solid infrastructure to support the objective setting, risk assessment, and control
activities described above. We have established policies for each risk category which define the specific reports to be used and the
communication infrastructure. Robust risk management requires well-functioning communication channels to inform associates of
their responsibilities, alert them to issues or changes that might affect their activities, and to enable an open flow of information up,
down, and across the company.
Program Monitoring is critical to the Enterprise Risk Management Program itself because it assesses the accuracy, sufficiency, and
effectiveness of current objectives, risk assessments, controls, ownership, communication, and management support. Where
deficiencies are discovered, the Enterprise Risk Management Program must be updated to resolve the deficiencies in a timely manner.
Clear accountability must also be defined when resolving deficiencies to ensure the desired outcome is achieved. Risk management
programs are monitored at every level; from the overall Enterprise Risk Management Program to the individual risk management
activities in each business area.
Our Organization and Culture promote risk management as a key factor in making important business decisions. An effective risk
management culture starts with a well-defined risk management philosophy. It requires established risk management objectives that
align to business objectives and make targeted risk management activities part of ongoing business management activities.
We have a corporate Code of Business Conduct and Ethics (the Code) (available on the Corporate Governance page of our website
at www.capitalone.com/about) under which each associate is obligated to behave with integrity in dealing with customers and
business partners and to comply with applicable laws and regulations. We disclose any waivers to the Code on our website. Currently,
there are no waivers. We also have an associate performance management process that emphasizes achieving business results while
ensuring integrity, compliance, and sound business management. Our risk management culture is also encouraged through frequent
direction and communications from the Board of Directors, senior leadership, corporate and departmental risk management policies,
risk management and compliance training programs and on-going risk assessment activities in the business areas.
Risk Appetite
Capital One organizes its Enterprise Risk Management Program around eight risk categories. The risk categories enable us to
efficiently aggregate risks, provide a mechanism to discuss risk appetite, and facilitate the assignment of expert risk resources to
support our business activities. While we customize specific risk objectives and control methodologies to each risk category, they
share, at the highest level, a common approach to describing and measuring risk appetite.
Risk appetites are approved by the Board of Directors and are used both to monitor the companys evolving risk position and to guide
strategic and tactical decision making. The risk appetite framework assesses each risk category across the following three dimensions:
1. Net Risk: Assessment of the level of risk given internal and external factors;
2. Quality of Governance and Controls: Evidence demonstrating the strength (or weakness) of our risk governance structure
and/or controls associated with the risk category and our ability to address issues; and
3. Mitigation Plan Status: When needed, the status of key mitigation activity needed to reduce risk.
Risk Categories
Capital Ones risk management program is organized around eight risk categories. They are:
1. Liquidity
2. Credit
3. Reputation
4. Market
5. Strategic
6. Operational
7. Compliance
8. Legal