Aviva 2009 Annual Report Download - page 59

Download and view the complete annual report

Please find page 59 of the 2009 Aviva annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 328

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328

57
Performance review
Aviva plc Risk management continued
Annual Report and Accounts 2009
Strategic risks include issues such as customer, brand,
products and markets as well as any risks to our business
model arising from changes in our market and risks arising
from mergers and acquisitions.
Operational risks arise from inadequate or failed internal
processes, or from people and systems or from external
events. This includes business protection, information
technology, people, legal and regulatory compliance risks.
We operate within a three lines of defence model. Primary
responsibility for risk identification and management lies with
business management (the 1st line of defence). Support for and
challenge on the completeness and accuracy of risk assessment,
risk reporting and adequacy of mitigation plans are performed
by specialist risk functions (the 2nd line of defence).
Independent and objective assurance on the robustness of the
risk management framework and the appropriateness and
effectiveness of internal control is provided by group internal
audit (the 3rd line of defence).
We employ effective processes to identify, assess, mitigate,
manage and monitor the risks to which we are exposed. We
make appropriate decisions to limit and control the impact the
risks may have on our strategic objectives.
We set limits to manage our material risks to ensure we
stay within our risk appetite (the amount of risk we are willing
to accept). To work out how “material” a risk is to our business
we assess its size and scale based on how likely it is to occur and
what potential impact it would have on our business and our
stakeholders if it were to occur. Most importantly, when risks
are outside of appetite, we agree what actions need to be taken
to manage the risks.
What risk management activity happens in Aviva?
To ensure that risks are effectively identified and assessed and
that appropriate controls and responses are in place, our risk
management activity needs to operate through clearly defined
and agreed structures and processes.
At Aviva, we support and coordinate all group-wide risk
management activities through a central risk team, led by the
group chief risk officer. In each of our regions, regional chief
risk officers ensure that the regional risk profiles remain within
the limits set centrally.
The regional chief risk officers work with business
management to ensure that our risk management framework is
being used consistently across all our businesses. They also work
with the group chief risk officer to coordinate and communicate
decisions that are taken at a group level.
As well as working with the regions, the central risk team is
also responsible for managing group risk governance and oversight.
Risk management framework
At group centre, the Risk Management Framework enables us
to understand all the material risks that we currently face and
to identify early emerging risks. This knowledge helps the risk
teams to provide effective challenge and support to the regions
and its businesses.
The central risk team monitors these risk exposures on a
regular basis with a specific focus on financial risks via regular
reporting to the Group Executive Committee and, as part of the
performance management process, senior management review
risk management information to ensure the successful delivery
of our business objectives.
As well as the ongoing monitoring activities the central risk
team produces a formal quarterly risk report for the Risk and
Regulatory Committee of the board and the various risk
oversight committees.
Corporate responsibility
Governance
Shareholder information
Financial statements IFRS
Financial statements MCEV
Other information
Corporate governance and oversight
Our Risk Governance Framework allocates responsibility for the
oversight of risk management to a number of committees at
group centre with the Group Asset Liability Committee (ALCO)
and the Group Operational Risk Committee (ORC) providing
a key focus on financial and operational risk. The group centre
committees are in turn supported by similar governance
structures in the regions. These relationships are summarised
in the diagram below.
Board
— Set strategic objectives
— Monitor performance
— Set and uphold values
Group
— Set risk policies
— Monitor performance
— Oversee risk management
— Provide challenge
— Recommend risk activity
Region
— Oversee risk management
— Monitor regional risk profile
— Operate in line with policy
— Report to Group
Aviva plc Board
Audit
Committee
Risk and
Regulatory
Committee
CSR
Committee
Disclosure
Committee
Group Executive
Committee
Group ALCO Group ORC
ALCO ORC
Sub-committees Sub-committees
Regional
ExCo
Regional Risk
Committee
These committees monitor the aggregate risk profile, provide
challenge and recommend risk management activity and
ensure that our ris0k policies are used to manage risk to
agreed standards.
Board oversight is maintained on a regular basis through
its Risk and Regulatory Committee (RRC). The group chief risk
officer is a member of the Group Executive Committee and has
a reporting line to the group chief executive and to the RRC
with access to the RRC chairman, assuring independence of
the function.
Policies and procedures
We have formal risk policies that ensure a consistent approach
to the management of all our risks across all the businesses and
locations in which we operate. These risk policies define our risk
appetite and set out risk management and control standards for
the group’s worldwide operations. The risk policies also set out
the roles and responsibilities of businesses, regions, policy
owners, and the risk oversight committees.
As our business needs to change and respond to market
conditions and customer needs, we regularly monitor the
appropriateness of our risk policies and risk appetite to ensure
they remain up-to-date. This helps to provide assurance to the
various risk oversight committees that there are appropriate
controls in place for all our core business activities, and that
the processes for managing risk are understood and followed
consistently across our global businesses.
Risk and economic capital
We already use economic capital models within our decision-
making and were early adopters of stress and scenario analysis
across the risks we face, making us well placed for the
forthcoming Solvency 2 regulatory regime. However, the use
of models is balanced with sound business judgement.
The Financial Services Authority (FSA) requires Aviva
to assess its economic capital requirements to ensure that
it adequately reflects business and control risks. In turn
this analysis supports our strategic planning and decision-
making processes.
Performance review