Bank of America 2010 Annual Report Download - page 67

Download and view the complete annual report

Please find page 67 of the 2010 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 252

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252

enterprise and line of business levels for their respective control functions.
Enterprise control functions consist of the Chief Financial Officer group, Global
Technology and Operations, Global Human Resources, Global Marketing and
Corporate Affairs, and Legal.
The Corporate Audit function and the Corporate General Auditor maintain
independence from the lines of business and governance and control func-
tions by reporting directly to the Audit Committee of the Board. Corporate
Audit provides independent assessment and validation through testing of key
processes and controls across the Corporation. Corporate Audit provides an
independent assessment of the Corporation’s management and internal
control systems. Corporate Audit activities are designed to provide reason-
able assurance that resources are adequately protected; significant financial,
managerial and operating information is materially complete, accurate and
reliable; and employees’ actions are in compliance with the Corporation’s
policies, standards, procedures, and applicable laws and regulations.
To ensure that the Corporation’s goals and objectives, risk appetite, and
business and risk strategies are achieved, we utilize a risk management
process that is applied across the execution of all business activities. This risk
management process, which is an integral part of our Risk Framework,
enables the Corporation to review risk in an integrated and comprehensive
manner across all risk categories and make strategic and business decisions
based on that comprehensive view. Corporate goals and objectives and our
risk appetite are established by management, approved by the Board, and are
key drivers to setting business and risk strategy.
One of the key tools of the risk management process is the use of Risk and
Control Self Assessments (RCSAs). RCSAs are the primary method for facili-
tating the management of Business Environment and Internal Control Factor
(BEICF) data. The end-to-end RCSA process incorporates risk identification and
assessment of the control environment; monitoring, reporting and escalating
risk; quality assurance and data validation; and integration with the risk appe-
tite. The RCSA process also incorporates documentation by either the line of
business or enterprise control function of the business environment, risks,
controls, and monitoring and reporting. This results in a comprehensive risk
management view that enables understanding of and action on operational
risks and controls for all of our processes, products, activities and systems.
The formal processes used to manage risk represent a part of our overall
risk management process. Corporate culture and the actions of our associates
are also critical to effective risk management. Through our Code of Ethics, we
set a high standard for our associates. The Code of Ethics provides a framework
for all of our associates to conduct themselves with the highest integrity in the
delivery of our products or services to our customers. We instill a strong and
comprehensive risk management culture through communications, training,
policies, procedures, and organizational roles and responsibilities. Additionally,
we continue to strengthen the link between the associate performance man-
agement process and individual compensation to encourage associates to work
toward enterprise-wide risk goals.
Board Oversight of Risk
We maintain a governance structure that delineates the responsibilities for
risk management activities, as well as governance and oversight of those
activities, by management and the Board. The majority of our directors,
including the Chairman of the Board, are considered independent and meet
the requirements of our Director Independence Categorical Standards and the
criteria for independence in the listing standards of the New York Stock
Exchange. Also, all members of the Audit and Enterprise Risk Committees
are independent and all members of the Credit Committee are non-manage-
ment directors.
The Board is responsible for the oversight of the management of the
Corporation. As part of its oversight, the Board oversees the management of
the various types of risk faced by the Corporation. Our corporate risk man-
agement governance structure is designed to align the interests of the Board
and management with those of our stockholders and to foster integrity
throughout the Corporation.
The Board, under the leadership of its independent Chairman, oversees
the management of the Corporation through the governance structure, which
includes Board committees and management committees. The Board main-
tains standing committees to oversee risk. The committees with the majority
of risk oversight responsibilities include the Credit, Enterprise Risk and Audit
Committees.
Bank of America 2010 65