Aviva 2014 Annual Report Download - page 61
Download and view the complete annual report
Please find page 61 of the 2014 Aviva annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.Our risk management framework
Risk
management
framework
M
e
a
s
u
r
e
I
d
e
n
t
i
f
y
M
a
n
a
g
e
M
o
n
i
t
o
r
R
e
p
o
r
t
1. Our risk appetite framework
Our risk appetite framework comprises:
• Overarching risk appetites:
Quantitative expressions of the level of
risk we can support (e.g. capital we are
prepared to put at risk)
• Risk preferences: Qualitative
statements on the risks we believe we
are capable of managing to generate
areturn, risks we can support but need
to be controlled, and risks we seek to
avoid or minimise
• Operating risk limits and tolerances:
Quantify specic boundaries (e.g. limits
on specic risks).
The Aviva Board has approved four risk
appetite statements:
• Economic capital: Based on economic
capital at risk in an extreme loss event
over a one year time horizon
• European Insurance Groups Directive
(IGD) capital: Based on maintaining an
appropriate level of required regulatory
solvency capital in a severe loss event
• Liquidity: Based on stressing one year
forecast central liquid assets and cash
inows and outows (covering Group
centre costs, debt costs and dividends)
• Franchise value: Long-term sustainability
depends upon the protection of franchise
value and good customer relationships.
As such, Aviva will not accept risks that
materially impair the reputation of the
Group and requires that customers are
always treated with integrity.
Risk appetites are clearly dened,
refreshed on a regular basis and form part
of the planning process. Risk appetites
exist in aggregate and by risk type.
2. Our risk management processes
The core business processes we use to
identify, measure, manage, monitor
andreport (IMMMR) risks, delivered
byour organisation and people, are
setout below:
Identify and measure
Risk identication is carried out on a
regular basis, including as part of the
business planning process and any major
business initiatives, and draws on a
combination of internal and external data,
covering both normal conditions and
stressed environments. Risks are recorded
on a business-wide key risk register.
We measure risks on the basis of
economic capital (as well as other bases
ifappropriate) to determine their
signicance, relative to the potential return
and to appropriately direct resources to
their management.
Manage and monitor
Monitoring ensures that the risk
management and mitigation approaches
(accept, avoid, transfer, control) in place
are effective. Monitoring may also identify
risk-taking opportunities.
We regularly monitor our risk
exposures against risk appetites, as well as
key risk indicators against operating and
nancial risk limits and tolerances. Early
warning indicators are monitored as
triggers for management action, such as
putting into effect pre-prepared
contingency plans.
We monitor the effectiveness of
controls in place to manage operational
risks, including compliance with the
Group’s internal business standards.
Report
Risk reporting is dynamic, focused on:
• Material risks and trends
• Performance and the impact on the
riskprole, historical and prospective
• Decisions, taking account of risk
rewardtrade-offs
• Projections/forward-looking views
• Mitigating actions
• Risk vs. appetite
Supported by our organisation
andpeople
Good risk management is supported by
our staff having clear roles and
responsibilities, the right skills and
capabilities, and the right incentives and
rewards. We strive to embed a risk-aware
culture and values in our business through
employee training and communications.
3. Our risk governance
Risk is governed through group-wide risk
policies and business standards, risk
oversight committees and clear roles,
responsibilities and delegated authorities.
The Aviva plc Board is responsible for
setting the Group’s risk appetite and
establishing and operating controls to
assess and manage the risks. The Board
delegates ‘day-to-day’ risk management to
the Group CEO, who delegates operational
aspects to executives within the Group
through delegated authority letters.
Line management in the business is
accountable for risk management, which
together with the risk function and
internal audit form our ‘three lines of
defence’ of risk management.
1st line
Functions (Product development/
Underwriting/ Sales & Distribution/
Customer service/Claims handling/
Finance & Capital/Investment/IT/HR/
Legal/Procurement)
Accountable for the management
of all risks relevant to the business
ofthefunction.
2nd line
Risk (including regulatory
compliance and actuarial oversight
functions)
Accountable for providing objective
challenge and oversight of the business’
management of all risks and for
developing and maintaining the risk
management framework.
3rd line
Internal Audit
Accountable for providing reliable
independent assessment and reporting
to the Group and business unit Audit
and Risk Committees, Board members
and Executive Management ofAviva plc
and its subsidiaries on theadequacy and
effectiveness of the risk management
and control frameworks operated by the
1st and 2nd lines of defence.
Strategic report
Aviva plc Annual report and accounts 2014 |57