Home » HSBC Annual Reports » 2015 Annual Report - page 277

HSBC 2015 Annual Report Download - page 277

Download and view the complete annual report

Please find page 277 of the 2015 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

HSBC HOLDINGS PLC

275

Strategic Report Financial Review Corporate Governance Financial Statements Shareholder Information

Internal control

The Board is responsible for maintaining and reviewing the

effectiveness of risk management and internal control

systems and for determining the aggregate level and types

of risks it is willing to take in achieving its strategic

objectives.

Procedures

To meet this requirement and to discharge its obligations

under the FCA Handbook and PRA Handbook, procedures

have been designed for safeguarding assets against

unauthorised use or disposal; for maintaining proper

accounting records; and for ensuring the reliability and

usefulness of financial information used within the business

or for publication.

These procedures can only provide reasonable but not

absolute assurance against material mis-statement, errors,

losses or fraud. They are designed to provide effective

internal control within HSBC and accord with the Financial

Reporting Council’s guidance for directors issued in 2014,

internal control and related financial and business

reporting. Our procedures have been in place throughout

the year and up to 22 February 2016, the date of approval

of the Annual Report and Accounts 2015.

In 2014, the GAC endorsed the adoption of the COSO 2013

framework for the monitoring of risk management and

internal control systems to satisfy the requirements of

Section 404 of the Sarbanes-Oxley Act of 2002. Additionally,

the risk management framework enabled the GRC to

monitor controls over principal risks to meet the

requirements of the UK Corporate Governance Code and

the Hong Kong Corporate Governance Code.

HSBC’s key risk management and internal control

procedures include the following:

• Group Standards. The Global Standards Manual (‘GSM’)

brings together the common standards and principles

used in the conduct of all business, whatever its location

or nature. The GSM overlays all other manuals

throughout the Group and is a fundamental component

of the Group’s risk management structure. It establishes

the high level standards and policies by which, and

within which, all members of the Group conduct their

businesses. The GSM is mandatory and applies to, and

must be observed by, all businesses within the Group,

regardless of the nature or location of their activities.

• Delegation of authority within limits set by the Board.

Subject to certain matters reserved for the Board, the

Group Chief Executive has been delegated authority

limits and powers within which to manage the day-to-day

affairs of the Group, including the right to sub-delegate

those limits and powers. Each relevant Group Managing

Director or Group Executive Director has delegated

authority within which to manage the day-to-day affairs

of the business or function for which he or she is

accountable. Delegation of authority from the Board

requires those individuals to maintain a clear and

appropriate apportionment of significant responsibilities

and to oversee the establishment and maintenance of

systems of control that are appropriate to their business

or function. Appointments to the most senior positions

within HSBC require the approval of the Board.

• Risk identification and monitoring. Systems and

procedures are in place to identify, control and report

on the material risk types facing HSBC as set out below:

– wholesale credit risk;

– retail credit risk;

– insurance risk;

– asset, liability and capital management risk;

– market risk;

– financial management risk;

– model risk;

– reputational risk;

– pension risk;

– strategic risk;

– sustainability risk; and

– operational risk (including accounting, tax, legal,

regulatory compliance, financial crime compliance,

fiduciary, political, physical, internal, external,

contingency, information security, systems,

operations, project and people risks).

Exposure to these risks is monitored by risk

management committees, asset, liability and capital

management committees and executive committees in

subsidiaries and, for the Group, in Risk Management

Meetings of the GMB (‘RMM’) which are chaired by

the Group Chief Risk Officer. The RMM meets regularly

to discuss enterprise-wide risk management matters.

Asset, liability and capital management matters are

monitored by the Group ALCO, which reports to the

RMM.

HSBC’s operational risk profile and the effective

implementation of the Group’s operational risk

management framework are monitored by the Global

Operational Risk Committee, which reports to the RMM.

Model risks are monitored by the Model Oversight

Committee which also reports to the RMM.

• Changes in market conditions/practices. Processes are

in place to identify new risks arising from changes in

market conditions/practices or customer behaviours,

which could expose HSBC to heightened risk of loss or

reputational damage. The Group employs a top and

emerging risks framework at all levels of the organisation,

which enables it to identify current and forward-looking

risks and to take action which either prevents them

materialising or limits their impact. During 2015,

attention was focused on:

– economic outlook and capital flows;

– geopolitical risk;

– turning of the credit cycle;

– regulatory developments affecting the business

model and profitability;

– regulatory commitments and consent orders;