Fannie Mae 2002 Annual Report Download - page 84

Download and view the complete annual report

Please find page 84 of the 2002 Fannie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 134

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134

82 FANNIE MAE 2002 ANNUAL REPORT
Operations Risk Management
Operations risk is the risk of potential loss resulting from
a breakdown in, or failure to establish, controls and
procedures. Examples of control breakdowns include
circumvention of internal controls, human error, systems
failure, and fraud. Management has implemented extensive
policies and procedures to both establish and monitor
internal controls to decrease the likelihood of any control
breakdowns. Fannie Mae’s Office of Auditing also
independently tests the adequacy of, and adherence to,
internal controls and related policies and procedures.
We actively manage Fannie Mae’s operations risk through
numerous oversight functions, such as:
Exception reporting and management oversight of
financial and forecasting information through
verification, reconciliation, and independent testing
•Management questionnaires that identify key risks,
controls in place to mitigate those risks, and control
weaknesses
•Key performance indicators (KPIs) that track
operational metrics and potential risk exposure
Quarterly senior and executive management internal
control certifications
Internal audit work that substantiates the adequacy
of the internal control environment as well as direct
reporting of this work to the Audit Committee of
the Board of Directors
Comprehensive disaster recovery planning
and testing
Management regularly reconciles financial and accounting
information and model results to source documents to ensure
completeness and accuracy of financial reporting. Financial
forecast model results are regularly reconciled to actual
results and the models are recalibrated as necessary to
mitigate modeling risk. The Office of Auditing also
periodically benchmarks the critical models, evaluates the
reasonableness of the underlying assumptions, and validates
the key algorithms embedded within them.
Control weaknesses are identified as well as the steps being
taken to address them. The Office of Auditing reviews and
validates these assessments for reasonableness and accuracy.
KPIs have been established to monitor primary operational
metrics and to facilitate quick and effective senior
management attention should any adverse trends develop.
KPIs focus on the following operational risks:
Modeling: Losses due to improperly modeled interest
rate risk and credit risk
Underwriting Effectiveness: Losses due to the failure
of management or our lender counterparties to apply
appropriate underwriting techniques
•Counterparty: Losses due to inadequate monitoring
and risk mitigation resulting in exposure to
counterparties who fail to meet their obligations
to Fannie Mae. These counterparties include
lender/servicers, providers of credit enhancement,
document custodians, derivatives counterparties,
and other service providers.
•Transaction Processing: Losses due to inadequate
transaction processing controls, such as ineffective
management oversight and reconciliation processes.
Examples include erroneous wire transfers or loan
deliveries, fraud, trade failures, or release of inaccurate
securities information.
Systems Availability: Inability to achieve corporate
goals due to a lack of systems availability, consistent
performance, or capacity to recover from a disaster
Information Security: Financial loss and incurrence of
additional liability due to unauthorized systems access
and corruption or destruction of critical, proprietary,
or confidential data
•Mission Alignment: Ineffective leadership or
inappropriate business models resulting in litigation,
regulatory sanctions, and reputation damage due to
noncompliance with applicable laws, regulations, and
Charter Act requirements
•Financial Reporting: Economic and reputational loss
or disruption due to erroneous or delayed release of
financial reports
Each KPI is based upon clearly defined and quantifiable
performance thresholds that are monitored by our Office of
Auditing. Senior managers are responsible for evaluating and
monitoring KPI activity as well as implementing prompt
corrective action. The Office of Auditing also tests the
integrity of this process on a periodic basis. The Operations,
Transactions and Investments Committee, headed by our
Chief Operating Officer, reviews the KPIs and ensures
prompt and effective resolutions.
On a quarterly basis, senior and executive management
certify that internal controls are adequate, questionnaires and
KPIs are accurate, and that all significant issues or control
weaknesses that could have a material impact on the financial