Capital One 2009 Annual Report Download - page 18
Download and view the complete annual report
Please find page 18 of the 2009 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8 -
9 -
10 -
11 -
12 -
13 -
14 -
15 -
16 -
17 -
18 -
19 -
20 -
21 -
22 -
23 -
24 -
25 -
26 -
27 -
28 -
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
 |
 |
5
Risk Management and Control Framework
Capital One uses a consistent framework to manage risk. The framework applies at all levels, from the development of the Enterprise
Risk Management Program itself to the tactical operations of the front-line business team. The framework has six key elements:
1. Objective Setting;
2. Risk Assessment;
3. Control Activities;
4. Communication and Information;
5. Program Monitoring; and
6. Organization and Culture.
Objective Setting is at the beginning of our risk management approach. We set strategic, financial, operational, and other objectives
during our strategic and annual planning processes and throughout the year. These objectives cascade through the organization to
individual teams of associates.
Risk Assessment is the process of identifying risks to our objectives, evaluating the impact of those risks and choosing a response.
Responses include avoidance, mitigation, or acceptance. Risk responses are guided by our established risk appetite. In certain risk
categories, risk assessment is largely conducted by central risk groups or jointly between business areas and central groups (market,
liquidity, legal, credit, compliance). In other risk categories, risk assessment is primarily the responsibility of business areas with more
limited central support (strategic, operational, reputation).
Control Activities are the day-to-day backbone of our Enterprise Risk Management Program. Controls provide reasonable assurance
that financial accounting and reporting, legal, regulatory, and business requirements are met, and identified risks are being mitigated,
avoided, or accepted according to our risk appetite. We have practices in place to ensure key controls are established, evaluated, and
effective in preventing a breakdown. Control activities include the monitoring of adherence to current requirements, regular reporting
to management, and regular reviews and sign-offs. They also include the resolution of regulatory and audit findings and issues and the
procedures that trigger objective setting and risk assessments when new business opportunities are evaluated or business hierarchy
changes occur.
Communication and Information must provide a solid infrastructure to support the objective setting, risk assessment, and control
activities described above. We have established policies for each risk category which define the specific reports to be used and the
communication infrastructure. Robust risk management requires well-functioning communication channels to inform associates of
their responsibilities, alert them to issues or changes that might affect their activities, and to enable an open flow of information up,
down, and across the company.
Program Monitoring is critical to the Enterprise Risk Management Program itself because it assesses the accuracy, sufficiency, and
effectiveness of current objectives, risk assessments, controls, ownership, communication, and management support. Where
deficiencies are discovered, the Enterprise Risk Management Program must be updated to resolve the deficiencies in a timely manner.
Clear accountability must also be defined when resolving deficiencies to ensure the desired outcome is achieved. Risk management
programs are monitored at every level; from the overall Enterprise Risk Management Program to the individual risk management
activities in each business area.
Our Organization and Culture promote risk management as a key factor in making important business decisions. An effective risk
management culture starts with a well-defined risk management philosophy. It requires established risk management objectives that
align to business objectives and make targeted risk management activities part of ongoing business management activities.
We have a corporate Code of Business Conduct and Ethics (the “Code”) (available on the Corporate Governance page of our website
at www.capitalone.com/about) under which each associate is obligated to behave with integrity in dealing with customers and
business partners and to comply with applicable laws and regulations. We disclose any waivers to the Code on our website. We also
have an associate performance management process that emphasizes achieving business results while ensuring integrity, compliance,
and sound business management. Our risk management culture is also encouraged through frequent direction and communications
from the Board of Directors, senior leadership, corporate and departmental risk management policies, risk management and
compliance training programs and on-going risk assessment activities in the business areas.