Home » AIG Annual Reports » 2012 Annual Report - page 182

AIG 2012 Annual Report Download - page 182

Download and view the complete annual report

Please find page 182 of the 2012 AIG annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

.....................................................................................................................................................................................

Additionally, each business unit is responsible for managing liquidity within a framework designed for the

measurement and monitoring of liquidity risks inherent to the business. Current cash and liquidity positions are

reviewed for changes and against minimum liquidity levels. Future cash inflows and outflows are tracked through

cash flow forecasting. If the business unit projects a breach of the minimum liquidity levels, the amount of required

liquidity resources will be identified and we will determine any actions to be taken. Business unit level key indicators

are assessed to provide advance warning of potential liquidity risks.

Operational Risk Management

..............................................................................................................................................................................................

Operational risk is inherent in each of our business units and corporate functions. It may extend beyond financial

losses, including errors, fraudulent acts, business interruptions, inappropriate behavior of employees, or vendors that

do not perform in accordance with agreed upon terms.

Our Operational Risk Management (ORM) function, which supports AIG’s ORC has the responsibility to provide an

aggregate view of our operational risk profile. AIG ORM oversees our Operational Risk policy and framework, which

includes risk identification, measurement, monitoring and reporting.

Each Business Unit is primarily responsible for managing its operational risks and implementing the components of

the operational risk management program. In addition, certain control functions have been assigned accountability for

enterprise-wide risk management oversight for their respective areas. These control functions include: Sarbanes-

Oxley (SOX), Business Continuity Management (BCM), Information Technology Security Risk, Compliance, and

Vendor Management. Senior business operational risk executives report to their respective business unit chief risk

officer and to the Head of our ORM. This reporting structure enables a close alignment with the businesses while

ensuring consistent implementation of operational risk management practices.

A strong operational risk management program facilitates the identification and mitigation of

operational risk issues. In order to accomplish this, our operational risk management

program is designed to:

• pro-actively address potential operational risk issues;

• create transparency at all levels of the organization; and

• assign clear ownership and accountability for addressing identified issues.

As part of the ORM framework, we use a risk and control self assessment (RCSA) process to identify key operational

risks and evaluate the effectiveness of existing controls to mitigate those risks. Corrective action plans are developed

to address identified issues. Businesses are accountable for tracking and resolving these issues. A standard RCSA

approach is also followed firm-wide for certain key risk processes (for example, SOX, IT Security Risk, Compliance,

Business Continuity Management and Vendor Management).

Operational risk management reporting to senior management and operational risk governance committees provides

awareness of operational risk exposures, identifies key risks and facilitates management decision making. Reporting

includes RCSA information such as operational risk events, self-assessment results and the status of issue resolution

to senior management.

Insurance Operations Risks

..............................................................................................................................................................................................

Our insurance businesses are conducted on a global basis and expose us to a wide variety of risks with different

time horizons. We manage these risks throughout the organization, both centrally and locally, through a number of

procedures:

• pre-launch approval of product design, development and distribution;

• underwriting approval processes and authorities;

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, systems,

or from external events. Operational risk includes legal risk and reputational harm.

Except as described above, we manage our business risk oversight activities through our insurance operations.

..................................................................................................................................................................................................................................

AIG 2012 Form 10-K 165

ITEM 7 / ENTERPRISE RISK MANAGEMENT