JP Morgan Chase 2008 Annual Report Download - page 119

Download and view the complete annual report

Please find page 119 of the 2008 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 240

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240

JPMorgan Chase & Co./ 2008 Annual Report 117
Risk management
The Firm makes direct principal investments in private equity. The
illiquid nature and long-term holding period associated with these
investments differentiates private equity risk from the risk of posi-
tions held in the trading portfolios. The Firm’s approach to managing
private equity risk is consistent with the Firm’s general risk gover-
nance structure. Controls are in place establishing expected levels for
total and annual investment in order to control the overall size of the
portfolio. Industry and geographic concentration limits are in place
and intended to ensure diversification of the portfolio. All invest-
ments are approved by an investment committee that includes exec-
utives who are not part of the investing businesses. An independent
valuation function is responsible for reviewing the appropriateness of
the carrying values of private equity investments in accordance with
relevant accounting policies. At December 31, 2008 and 2007, the
carrying value of the private equity businesses was $6.9 billion and
$7.2 billion, respectively, of which $483 million and $390 million,
respectively, represented publicly traded positions. For further infor-
mation on the Private equity portfolio, see page 75 of this Annual
Report.
PRIVATE EQUITY RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
Operational risk is the risk of loss resulting from inadequate or failed
processes or systems, human factors or external events.
Overview
Operational risk is inherent in each of the Firm’s businesses and sup-
port activities. Operational risk can manifest itself in various ways,
including errors, fraudulent acts, business interruptions, inappropriate
behavior of employees, or vendors that do not perform in accordance
with their arrangements. These events could result in financial losses
and other damage to the Firm, including reputational harm.
To monitor and control operational risk, the Firm maintains a system
of comprehensive policies and a control framework designed to pro-
vide a sound and well-controlled operational environment. The goal
is to keep operational risk at appropriate levels, in light of the Firm’s
financial strength, the characteristics of its businesses, the markets in
which it operates, and the competitive and regulatory environment to
which it is subject. Notwithstanding these control measures, the Firm
incurs operational losses.
The Firm’s approach to operational risk management is intended to
mitigate such losses by supplementing traditional control-based
approaches to operational risk with risk measures, tools and disci-
plines that are risk-specific, consistently applied and utilized
firmwide. Key themes are transparency of information, escalation of
key issues and accountability for issue resolution.
The Firm’s operational risk framework is supported by Phoenix, an
internally designed operational risk software tool. Phoenix integrates
the individual components of the operational risk management
framework into a unified, web-based tool. Phoenix enhances the
capture, reporting and analysis of operational risk data by enabling
risk identification, measurement, monitoring, reporting and analysis
to be done in an integrated manner, thereby enabling efficiencies in
the Firm’s monitoring and management of its operational risk.
For purposes of identification, monitoring, reporting and analysis, the
Firm categorizes operational risk events as follows:
• Client service and selection
• Business practices
• Fraud, theft and malice
• Execution, delivery and process management
• Employee disputes
• Disasters and public safety
Technology and infrastructure failures
Risk identification and measurement
Risk identification is the recognition of the operational risk events
that management believes may give rise to operational losses. All
businesses utilize the Firm’s standard self-assessment process and
supporting architecture as a dynamic risk management tool. The goal
of the self-assessment process is for each business to identify the key
operational risks specific to its environment and assess the degree to
which it maintains appropriate controls. Action plans are developed
for control issues identified, and businesses are held accountable for
tracking and resolving these issues on a timely basis.
Risk monitoring
The Firm has a process for monitoring operational risk-event data,
permitting analysis of errors and losses as well as trends. Such analy-
sis, performed both at a line-of-business level and by risk-event type,
enables identification of the causes associated with risk events faced
by the businesses. Where available, the internal data can be supple-
mented with external data for comparative analysis with industry
patterns. The data reported enables the Firm to back-test against
self-assessment results. The Firm is a founding member of the
Operational Riskdata eXchange Association, a not-for-profit industry
association formed for the purpose of collecting operational loss
data, sharing data in an anonymous form and benchmarking results
back to members. Such information supplements the Firm’s ongoing
operational risk measurement and analysis.