Capital One 2013 Annual Report Download - page 109
Download and view the complete annual report
Please find page 109 of the 2013 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99 -
100 -
101 -
102 -
103 -
104 -
105 -
106 -
107 -
108 -
109 -
110 -
111 -
112 -
113 -
114 -
115 -
116 -
117 -
118 -
119 -
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
 |
 |
RISK MANAGEMENT
Risk Framework
We use a risk framework to manage risk. We execute against our risk management framework with the “Three
Lines of Defense” risk management model to demonstrate and structure the roles, responsibilities and
accountabilities in the organization for taking and managing risk. The “First Line of Defense” is comprised of the
business areas that through their day-to-day business activities take risk on our behalf. As the business owner, the
first line is responsible for identifying, assessing, managing and controlling that risk, and for mitigating our
overall risk exposure. The “Second Line of Defense” provides oversight of first line risk taking and management,
and is comprised of our Risk Management organization and other staff control functions. The second line assists
in determining risk capacity, risk appetite, and the strategies, policies and structure for managing risks. The
second line is both an ‘expert advisor’ to the first line and an ‘effective challenger’ of first line risk activities. The
“Third Line of Defense” is comprised of our Internal Audit and Credit Review functions. The third line provides
independent and objective assurance to senior management and to the Board of Directors that first and second
line risk management and internal control systems and its governance processes are well-designed and working
as intended. Our risk framework, which is built around governance, processes and people, consists of the
following eight key elements:
Establish governance processes, accountabilities, and risk appetites
The “starting point” of our risk framework is the establishment of governance processes, accountabilities and
appetites. Our Board of Directors and senior management establish the tone at the top regarding the importance
of internal control, including standards of conduct and the integrity and ethical values of the company.
Management reinforces the expectations at the various levels of the organization. This portion of the framework
sets the foundation for the methods that govern risk taking, the interactions within and among the lines of defense
and the risk appetites and tolerances.
Identify and assess risks and ownership
Identifying and assessing risks and ownership is the beginning of the more detailed day-to-day process of
managing risk. This portion of the framework clarifies the importance of strong first-line management and
accountability for identifying and assessing risk while specifying the roles of the second line to identify and
assess risk, particularly when taking on new initiatives.
Develop and operate controls, monitoring and mitigation plans
We develop, operate and monitor controls to manage risk within tolerance levels. The first line develops controls
to oversee and manage identified risks. Controls may prevent risks from occurring (e.g., ensuring compliance
with a law or regulation), discover when a risk has been realized, or measure the amount of risk being taken so
that the amount may be proactively managed. Whenever possible, plans are implemented to mitigate risks or
reduce them to lower levels to reduce exposure. The first line leads mitigation, control and monitoring actions.
The second line is a consultant on control design when needed.
Test and detect control gaps and perform corrective action
While the first line is principally accountable for taking, controlling and monitoring risk, the second line oversees
and monitors first line risk taking, including the effectiveness of first line controls, and the third line
independently tests first and second line controls. These activities provide the second and third lines of defense
with the ability to reduce the likelihood of unauthorized or unplanned risk taking within the organization.
Identified control gaps are closed by first line corrective action.
89