Freddie Mac 2004 Annual Report Download - page 108

Download and view the complete annual report

Please find page 108 of the 2004 Freddie Mac annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 246

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246

A major corporate reorganization in early 2005 resulted in a functional organization structure with
responsibilities for operations and technology under a new executive vice president position. We also
completed a full integration of all Ñnancial accounting functions under the Chief Financial OÇcer to enable
greater accountability and role clarity.
Finally, we have undertaken a key initiative to improve our capabilities to better measure our operational
risks. We have deÑned an operational risks framework that we believe is consistent with the Basel II Advanced
Measurement Approach scheduled to be adopted by large U.S. banks. See ""BUSINESS Ì Regulatory and
Governmental Matters Ì Other Regulatory Matters.'' The framework includes common risk language, the
operational loss event, tracking key risk indicators and control self-assessments. We believe that the
implementation of this framework improves our operational risks management capabilities. We are in the early
stage of a multi-year eÅort to fully implement the components of this framework.
Sources of Operational Risks
Process Risk. Process risk includes transaction execution, modeling, and vendor management risk.
Transaction execution risk is mitigated through comprehensive product development processes, suitable
approval authorities, data quality standards and identiÑcation and execution of control procedures. While we
are exposed to the risk of loss from failure to develop or follow appropriate processes for our business
transactions, process risk management enables us to fulÑll our commitment to introduce new products and
programs to improve homeownership opportunities for low- and moderate-income borrowers and to meet our
customers' needs. We have strengthened our controls over the new product process with the creation of a New
Products Committee, designed to clearly identify the requirements for implementing all new product ideas.
We make signiÑcant use of business and Ñnancial models. In 2004, we strengthened our processes to
validate assumptions, model code and theory. We have enhanced our oversight processes, including
establishing a corporate function to focus on the key models used in management decisions and Ñnancial
reporting. While controls over model risk have been enhanced, signiÑcant eÅorts remain with respect to
controls over model applications. We plan to further remediate model oversight issues during 2005.
Vendor management is critical for us because we currently outsource to external parties certain key
functions. These functions include processing functions for trade capture, market risk management analytics,
asset valuation (Blackrock Financial Management, Inc.), and processing functions for mortgage loan
underwriting (Electronic Data Systems Corporation). We may enter into similar outsourcing relationships in
the same or other business areas in the future. If one or more of these key external parties were not able to
perform their functions for a period of time or at an acceptable service level, there is a risk that our Ñnancial
condition or results of operations would be adversely aÅected, perhaps materially. Our use of vendors also
exposes us to the risk of a loss of intellectual property or a breach of conÑdentiality or other harm. We
endeavor to mitigate these risks through detailed vendor requirements, active vendor management, legal
contracts, business continuity planning, and third party review of vendors. In addition, to ensure the integrity
of data used in Ñnancial reporting, we have implemented quality assurance processes valuations and processes
performed by Blackrock.
Technology Risk. Technology risk includes the risk of inadequate or failed systems, inappropriate
systems implementation and inadequate system security that allows unauthorized access to computer systems.
We monitor computer security measures and applications and we use corporate information access policies
and periodic access reviews to verify that only authorized personnel have access to our systems. We identiÑed
material weaknesses related to system security, change management and information technology application
and general controls during our control reviews in 2004. These weaknesses related not only to Ñnancial
reporting systems, but other business applications as well. Remediation eÅorts to correct these weaknesses
began in 2004 and will continue through 2005. See ""Internal Controls over Financial Reporting'' for more
information concerning internal control issues related to our systems.
We are making signiÑcant investments to build new Ñnancial reporting systems and to move to more
eÅective and eÇcient business processing systems. During the transition period, however, we are more reliant
on end-user computing systems than we prefer. End-user computing systems increase the risk of errors in
Freddie Mac
96