Capital One 2011 Annual Report Download - page 112

Download and view the complete annual report

Please find page 112 of the 2011 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 298

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298

Objective Setting
Risk Assessment
Control Activities
Communication and Information
Program Monitoring
Organization and Culture
Objective Setting
Our risk management approach begins with objective setting. We establish strategic, financial, operational and
other objectives during our strategic and annual planning processes and throughout the year. These objectives
cascade through the organization to individual teams of associates. The risk management approach helps identify
and manage risks that have the potential to interfere with the achievement of our stated objectives.
Risk Assessment
Risk assessment is the process of identifying risks to our objectives, evaluating the impact of those risks and
choosing and executing on a response. Our risk responses include risk avoidance, mitigation or acceptance.
Generally, our risk responses are guided by our established risk appetite. For certain risk categories (legal,
compliance, liquidity, credit and market risks), risk assessment is largely conducted by central risk groups or
jointly between business areas and central groups. For other risk categories (strategic, reputational and
operational risks), risk assessment is primarily the responsibility of business areas with less central support.
Control Activities
We consider our control activities to be the day-to-day backbone of our risk management. Controls provide
reasonable assurance that legal, regulatory, and business requirements are being met, and identified risks are
being mitigated, avoided, or accepted according to our risk response choices and risk appetite. We have practices
in place designed to establish key controls and assess their effective in preventing a breakdown. Control activities
include the monitoring of adherence to current policy and procedure requirements, sign-offs, and regular
reporting to management. They also include the resolution of regulatory and audit findings and issues and the
procedures that trigger objective setting and risk assessments when new business opportunities are evaluated or
business hierarchy changes occur.
Communication and Information
Communication and information infrastructures must be solid and are necessary to support the objective setting,
risk assessment, and control activities described above. Robust risk management requires well-functioning
communication channels to inform associates of their responsibilities, alert them to issues or changes that might
affect their activities, and to enable an open flow of information up, down, and across our company. Robust risk
management also requires management information to enable controls to work effectively and to support the
analysis needed to set objectives and assess risk accurately. Our risk governance structure is designed to support
solid and ongoing communication. Specific reports and communication infrastructure are defined within our
individual risk category policies.
Program Monitoring
Program monitoring is critical to our overall risk management program. Program monitoring involves assessing
the accuracy, sufficiency, and effectiveness of current objectives, risk assessments, controls, ownership,
communication, and management support. The assessment of a risk program or activity can be qualitative or
quantitative. We encourage the use of measurements and metrics where it is possible, recognizing that some risks
92