Management’s Discussion and Analysis
Operational Risk
We define operational risk as the risk of loss resulting from inadequate or failed processes or systems, human factors or external events. Operational risk is an inherent risk element in each of our businesses and related support activities. Such risk can manifest in various ways, including breakdowns, errors, business interruptions and inappropriate behavior of employees and can potentially result in financial losses and other damage to us.
To monitor and control such risk, we maintain a system of policies and a control framework designed to provide a sound and well-controlled operational environment. The goal is to maintain operational risk at appropriate levels in view of our financial strength, the characteristics of the businesses and the markets in which we operate, and the related competitive and regulatory environment. While each operating unit is responsible for risk management, we supplement this decentralized model with a centralized enterprise risk management function. This risk management function is responsible for ensuring that each business unit has proper policies and procedures for managing risk and for identifying, measuring and monitoring risk across our enterprise. We utilize an enterprise-wide control self-assessment process. The focus of the process has been to identify key risks specific to areas impacting financial reporting and disclosure controls and procedures.
Notwithstanding these risk and control initiatives, we may incur losses attributable to operational risks from time to time, and there can be no assurance such losses will not be incurred in the future.