Home » HSBC Annual Reports » 2011 Annual Report - page 244

HSBC 2011 Annual Report Download - page 244

Download and view the complete annual report

Please find page 244 of the 2011 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

HSBC HOLDINGS PLC

Report of the Directors: Corporate Governance (continued)

Internal control / Going concern / Employees > Global People Survey

242

– the top and emerging risk process prompted

a number of reviews and special papers on

key risks, which were presented to the Risk

Management Meeting, GRC and Board;

– managing geopolitical risk and ongoing

instability in the eurozone;

– managing and mitigating the uncertain

economic risks within major markets

particularly in the US;

– a single name concentration risk process for

HSBC’s larger corporate exposures;

– the Group’s global wholesale risk

aggregation system which has been

implemented Group-wide;

– the mitigation of information risks; and

– enhancement of polices and practices

relevant to the prevention of financial

crimes.

• Strategic plans. Periodic strategic plans are

prepared for global businesses, support

functions and certain geographies within the

framework of the Group’s strategy. Rolling

operating plans, informed by detailed analysis of

risk appetite describing the types and quantum

of risk that we are prepared to take in executing

our strategy, are prepared and adopted by all

major HSBC operating companies and set out

the key business initiatives and the likely

financial effects of those initiatives.

• Governance arrangements. Governance

arrangements are in place to provide oversight

of, and advice to the Board on, material risk-

related matters including assurance that risk

analytical models are fit for purpose, used

accordingly and complemented by both model-

specific and enterprise-wide stress tests that

evaluate the impact of severe yet plausible

events and other unusual circumstances not fully

captured by quantitative models.

• IT operations. Centralised functional control

is exercised over all IT developments and

operations. Common systems are employed for

similar business processes wherever practicable.

• Functional management. Global functional

management is responsible for setting policies,

procedures and standards for the following

risks: credit, market, liquidity, capital, financial

management, model, reputational, pension

strategic, sustainability and operational risk

(including accounting, tax, legal, compliance,

fiduciary, information security, security and

fraud, systems and people risk). Authorities to

enter into credit and market risk exposures are

delegated with limits to line management of

Group companies. The concurrence of the

appropriate global function is required, however,

to credit proposals with specified higher risk

characteristics. Credit and market risks are

measured and reported on in subsidiaries and

aggregated for review of risk concentrations on

a Group-wide basis.

• Reputational risk. Policies to guide subsidiary

companies and management at all levels in the

conduct of business to safeguard the Group’s

reputation are established by the Board and the

GMB, subsidiary company boards, Board

committees and senior management.

Reputational risks can arise from environmental,

social or governance issues, as a consequence

of operational risk events or as a result of

employees acting in a manner inconsistent with

HSBC’s Values. As a banking group, HSBC’s

good reputation depends upon the way in which

it conducts its business but it can also be

affected by the way in which clients, to which

it provides financial services, conduct their

business or use financial products and services.

• Internal Audit. The establishment and

maintenance of appropriate systems of internal

control is primarily the responsibility of

business management. The Internal Audit

function, which is centrally controlled, monitors

the effectiveness of internal control structures

across the whole of HSBC focusing on the

areas of greatest risk to HSBC as determined

by a risk-based grading approach. The Head of

this function reports to the Group Chairman,

the Group Chief Executive, the GAC and the

GRC on risk-related matters.

• Internal Audit recommendations. Executive

management is responsible for ensuring that

recommendations made by the Internal Audit

function are implemented within an appropriate

and agreed timetable. Confirmation to this effect

must be provided to Internal Audit. Executive

management must also confirm annually as part

of the internal audit process that offices under

their control have taken, or are in the process of

taking, the appropriate actions to deal with all

significant recommendations made by the

external auditor in management letters or by

regulators following regulatory inspections.

In May 2011, amendments were made to the

terms of reference of the GRC and the GAC to

minimise the overlap between the Committees. As a