We have a strong risk management culture and process that enables us to proactively identify and manage risks. Our enterprise risk management (ERM) framework is coordinated across our operating companies to ensure prudent and measured risk-taking and includes well-defined governance responsibilities.
Our ERM processes include the evaluation of environmental and social risks, and we continue to enhance our business leaders’ knowledge of these risks. Our ERM evaluation includes consideration of our risks and risk management practices relative to authoritative approaches, including the COSO Enterprise Risk Management and Internal Control-Integrated Frameworks. The COSO frameworks set out principles, the first of which require organizations to demonstrate a commitment to integrity and ethical values. Our commitment to ethics and integrity is demonstrated through various mechanisms – including our Code of Conduct for our employees, contractors, and directors; our Supplier Code of Conduct for the firms that do business with us; and other related policies.
The Board of Directors provides primary oversight of ERM ensuring that appropriate policies, procedures and controls are in place. Our executive Risk Management Committee is responsible for management oversight of our ERM framework and is accountable to the Board. The Chief Executive Officers of the operating companies have overall responsibility for overseeing risk management of their respective companies.
The Company has assigned responsibility for risk management using the Three Lines of Defence model, with the First Line reflecting the business units having primary responsibility for risk management, supported by Second Line Risk Management functions and a Third Line Internal Audit function providing assurance and validation of the design and effectiveness of the ERM Framework.
The second line of defence includes additional oversight by the Enterprise Risk Management Department. The department develops and maintains our ERM program, framework and processes; provides risk management guidance and training to the company; and provides oversight, analysis and reporting to the Executive Risk Management Committee. The Company has a number of committees of senior business leaders which provide oversight of specific business risks, including the Financial Risk Management and Operational Risk Management committees.
Our Enterprise Risk Management department has ongoing involvement with our change management initiatives and crisis management planning activities.
Also in place to mitigate risk is our Conflicts of Interest Management Committee, which fosters a shared understanding of conflicts across our companies, provides guidance and education to business leaders, and ensures governance and escalation measures are in place.
The company’s risks are broadly grouped into six categories and include identifying and managing significant environmental, social and governance related risks and opportunities. For more information, please see the risk management section of our annual report.
1Includes technology and cyber risk, transaction processing, model risk, fraud and misappropriation of assets, and risks related to internal controls
Environmental and social risks
The Board’s risk management oversight includes environmental and social risks, and the company’s Corporate Responsibility Committee oversees our commitment to environmental and social responsibility. The company’s business areas have responsibility for identifying, assessing, controlling and monitoring these risks as they pertain to their operations. Our business case risk assessment process, coordinated by our Strategy Execution Office, includes the assessment of environmental and social risks for each enterprise-wide project.
Key environmental and social risks to IGM Financial relate to:
- Direct risks associated with the ownership and operation of our businesses, which includes management and operation of company-owned or managed assets and business operations
- Indirect risks as a result of the products and services we offer and our procurement practices
- Identification and management of emerging environmental and social regulatory issues
- Failure to understand and appropriately leverage environment and social trends to meet client demands for products and services
Specific examples of such risks include: climate change, biodiversity, pollution, waste, resource usage, human rights, diversity, and community impacts.
Our commitment to managing these risks is demonstrated through various mechanisms, including our Supplier Code of Conduct, which was formalized in 2018; and our Environmental Policy, Respectful Workplace Policy, Diversity Policy, Code of Conduct, and other related policies.
We recognize that climate change risk is a growing concern and we discuss our management and strategy related to this risk in our CDP reporting.
See Responsible investing for more on how we incorporate environmental, social and governance issues into our investment process and Environmental footprint for details on our actions to reduce our own operational footprint. See Our People and Our Community sections for more information on how we focus on diversity, human rights and community