2020 Fall Reports of the Auditor General of Canada to the Parliament of Canada Independent Auditor’s ReportReport of the Auditor General of Canada to the Board of Directors of the Canada Deposit Insurance Corporation—Special Examination—2020

2020 Fall Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Directors of the Canada Deposit Insurance Corporation—Special Examination—2020

Canada Deposit Insurance Corporation—Report of the Auditor General of Canada—2020

Independent Auditor’s Report

Introduction

Background

1. Since 1967, the Canada Deposit Insurance Corporation has helped protect the savings of millions of Canadians. Under its enabling legislation, the Canada Deposit Insurance Corporation Act, this Crown corporation is mandated to

Exhibit 1—Deposit insurance coverage provided by the corporation

At the time of our audit

Covered by the corporation

Eligible deposits held in each member institution up to a maximum of $100,000 (principal and interest combined) separately in each of the following:

  • deposits held in one name
  • joint deposits
  • trust deposits
  • registered retirement savings plans
  • registered retirement income funds
  • tax-free savings accounts
  • deposits held for paying taxes on mortgaged property

Eligible deposits

  • savings accounts and chequing accounts
  • term deposits, such as guaranteed investment certificates, of 5 years or less
  • money orders and bank drafts issued by member institutions, and cheques certified by them

Deposits must be payable in Canada, in Canadian currency.

Not covered

Mutual funds, stocks, foreign currency deposits (including those in AmericanUS dollars), and digital and cryptocurrencies

Upcoming changes resulting from 2018 amendments to the Canada Deposit Insurance Corporation Act

Effective on 30 April 2020

  • expanded coverage of eligible deposits held in foreign currencies
  • extended coverage of eligible deposits with terms longer than 5 years
  • elimination of coverage for travellers’ cheques

Effective on 30 April 2021

  • separate coverage for up to $100,000 in eligible deposits held under registered education savings plans
  • separate coverage for up to $100,000 in eligible deposits held under registered disability savings plans
  • removal of separate coverage for deposits in mortgage tax accounts (instead, deposits to be combined with eligible deposits in other categories)
  • new requirements for deposits held in trust, enhancing the corporation’s ability to protect these deposits and reimburse them quickly in case of failure of a member institution

Source: Based on information from the Canada Deposit Insurance Corporation’s 2019 Annual Report and website

2. The corporation reports to Parliament through the Minister of Finance. It is funded entirely by premiums paid by its member institutions. These include banks, trust companies, loan companies, federal credit unions, and credit associations.

3. A stable financial system is a key support for a healthy economy. A number of federal government organizations work together to provide what the corporation refers to as Canada’s “financial safety net.” Aside from itself, the corporation identifies 4 other safety net agencies:

4. As of 31 March 2019, the corporation had 85 member institutions. These included Canada’s 6 largest banks: the Bank of Montreal, the Bank of Nova Scotia, the Canadian Imperial Bank of Commerce, the National Bank of Canada, the Royal Bank of Canada, and the Toronto-Dominion Bank. Also included were other deposit-taking institutions providing residential or commercial mortgages, business loans, consumer loans and credit cards, and fee-based services. The corporation has its headquarters in Ottawa and has approximately 120 full-time employees.

5. As of the same date, the corporation insured deposits totalling $807 billion. This compared with $512 billion of insured deposits at the time of our 2010 special examination report.

6. Since our last special examination, Parliament has amended the corporation’s enabling legislation. Some of the changes have come into effect—for example, the introduction of an additional resolution tool to be used specifically for Canada’s largest banks (see paragraph 36). Some changes have yet to come into force, such as the expansion of the corporation’s deposit insurance coverage (see Exhibit 1).

7. The past decade has brought technological developments that could have an impact on the corporation’s ability to fulfill its mandate. For example, social media platforms can spread news of instability at a member institution instantaneously, and customers can easily move their deposits to a different institution electronically. These developments heighten the risk that a large number of customers will withdraw their deposits at the same time, creating liquidity problems for the member institution.

8. The corporation has acted to adapt to its changing environment and ensure a systematic, comprehensive approach to managing a crisis. The measures it has implemented include the following:

Focus of the audit

9. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canada Deposit Insurance Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively, as required by section 138 of the Financial Administration Act.

10. In addition, section 139 of the Financial Administration Act requires that we state an opinion, with respect to the criteria established, on whether there was reasonable assurance that there were no significant deficiencies in the systems and practices we examined. A significant deficiency is reported when the systems and practices examined do not meet the criteria established, resulting in a finding that the corporation could be prevented from having reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.

11. On the basis of our risk assessment, we selected systems and practices in the following areas:

The selected systems and practices, and the criteria used to assess them, are found in the exhibits throughout the report.

12. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.

Findings, Recommendations, and Responses

Corporate management practices

The corporation had good corporate management practices, but compensation was lower for the President and Chief Executive Officer than for other executives, and there was a weakness in risk management

13. We found that the corporation had good practices for corporate governance, strategic planning, and risk management. However, we found that the compensation range for the President and Chief Executive Officer was lower than the compensation ranges for the corporation’s other executives. We also found that the corporation did not set out its risk appetite and risk tolerance levels.

14. The analysis supporting this finding discusses the following topics:

15. The corporation’s Board of Directors consists of the Chairperson and up to 5 other private sector members. In addition, 5 director positions are reserved for

In 2018, all of the 5 private sector directors were new appointees.

16. The board has formed the following committees:

17. The board has a charter outlining its mandate, including operational principles and expectations.

18. The board oversees the strategic direction of the corporation and ensures that significant business risks are identified and well managed.

19. Our recommendations in this area of examination appear at paragraphs 24, 25, and 30.

20. Analysis. We found that the corporation had good governance practices. However, the compensation range for the President and Chief Executive Officer was lower than the compensation ranges for the corporation’s other executives (Exhibit 2).

Exhibit 2—Corporate governance—Key findings and assessment

Exhibit 2—Corporate governance—Key findings and assessment
Systems and practices Criteria used Key findings Assessment against the criteria

Board independence

The board functioned independently.

The board functioned independently of management in its decision making.

The board had a code of conduct and a business ethics policy.

Board members were asked to declare conflicts of interest at board and committee meetings and in an annual statement.

The board held regular meetings in private without management.

Check  mark in a green circle, meaning met the criteria

Providing strategic direction

The board provided strategic direction.

The board was active in setting the corporation’s strategic direction.

The corporation’s strategic objectives aligned with its mandate.

The board was active in setting the President and Chief Executive Officer’s objectives.

Check  mark in a green circle, meaning met the criteria

Board appointments and competencies

The board collectively had capacity and competencies to fulfill its responsibilities.

The board determined the skills and expertise it needed to be effective.

The board periodically assessed whether its directors had the appropriate skills and knowledge to carry out their responsibilities.

Board members were provided orientation sessions when appointed, as well as ongoing training.

The board communicated with its responsible Minister about board appointments, renewals, and vacancies.

Weakness

The compensation range for the President and Chief Executive Officer was lower than the ranges for the corporation’s other executives.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Board oversight

The board carried out its oversight role over the corporation.

The board restructured its committees (including the creation of a Risk Committee) to better focus their oversight role.

The corporation’s Internal Audit team conducted regular audits. The Chief Internal Auditor regularly met in private with the Audit Committee.

The board monitored the corporation’s compliance with laws, regulations, and key corporate policies, as well as with requirements of its Code of Business Conduct and Ethical Behaviour.

The board assessed its performance as well as the performance of its members. It also assessed the performance of the President and Chief Executive Officer.

Board members received information that they used to challenge, direct, and make decisions.

Check  mark in a green circle, meaning met the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

21. Weakness—Board appointments and competencies. We found that during the period covered by the audit, the compensation range for the President and Chief Executive Officer was lower than the ranges for the corporation’s other executives. The Governor in CouncilDefinition i sets the compensation range for the President and Chief Executive Officer. The Board of Directors established the compensation ranges for other executive positions on the basis of market standards.

22. This weakness matters because the discrepancy could limit the corporation’s ability to attract and retain qualified individuals to the President and Chief Executive Officer position, putting at risk the management of the corporation.

23. We also found that the corporation did not publicly disclose executive compensation—for example, in its annual report. Compensation is one of the corporation’s largest operational expenditures. Disclosing executive compensation or salary structures would promote transparency and be in accordance with the practice in government and the financial industry. Disclosure would also help stakeholders better understand salary structures and issues related to them.

24. Recommendation. The corporation should continue to engage with its responsible Minister and the Privy Council Office to address the issue related to the President and Chief Executive Officer’s compensation.

The corporation’s response. Agreed. The corporation will continue to engage with its responsible Minister and the Privy Council Office to review the total compensation structure of the President and Chief Executive Officer position in light of the expansion of the corporation’s mandate, legislative framework, and powers. The objective is to ensure that the corporation continues to have the ability to attract and retain qualified candidates for the President and Chief Executive Officer position.

25. Recommendation. The corporation should consider disclosing its compensation framework as well as the total compensation for its executive positions (for example, in its annual report), to be in line with the practice in government and the financial industry.

The corporation’s response. Agreed. The corporation will improve executive compensation transparency for Canadians while protecting the privacy of all its employees. To support this commitment, the corporation will conduct a review of the annual disclosures of both the compensation framework and the total compensation for senior executive positions of peer organizations in government and in the financial industry.

26. Analysis. We found that the corporation had good systems and practices for strategic planning (Exhibit 3).

Exhibit 3—Strategic planning—Key findings and assessment

Exhibit 3—Strategic planning—Key findings and assessment
Systems and practices Criteria used Key findings Assessment against the criteria

Strategic planning process

The corporation established its strategic plan and strategic objectives that aligned with its mandate.

The corporation established a strategic plan, which was communicated throughout the organization.

To establish the plan, the corporation considered its internal and external environments, its competitive strengths and weaknesses, and its key risks.

The corporation developed strategic objectives that aligned with its legislative mandate and government priorities.

Management’s performance objectives aligned with the corporation’s strategic objectives.

Check  mark in a green circle, meaning met the criteria

Performance measurement

The corporation established performance indicators in support of achieving strategic objectives.

The corporation established performance indicators in support of achieving strategic objectives set out in the corporate plan.

The corporation tracked initiatives and key deliverables, and monitored progress toward the achievement of targets and expected outcomes.

Check  mark in a green circle, meaning met the criteria

Performance monitoring and reporting

The corporation monitored and reported on progress in achieving its strategic objectives.

The corporation monitored progress monthly against strategic objectives and reported this information quarterly to senior management and the board.

The corporation assessed progress against strategic objectives and used performance information in its decision making.

The corporation’s 2019 Annual Report included results on its performance measures.

Check  mark in a green circle, meaning met the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

27. Analysis. We found that the corporation had good systems and practices to manage risk. However, it had not set out its risk appetite and risk tolerance levels (Exhibit 4).

Exhibit 4—Corporate risk management—Key findings and assessment

Exhibit 4—Corporate risk management—Key findings and assessment
Systems and practices Criteria used Key findings Assessment against the criteria

Risk identification and assessment

The corporation identified and assessed risks to achieving strategic objectives.

The corporation developed risk identification and assessment processes, and a suite of policies for managing risks.

The board and Risk Committee described roles and responsibilities for directors and senior management related to risk.

The corporation identified its key risks related to economic and financial vulnerabilities, regulatory changes, resolution preparedness, cyber security, change management, and reputation.

The corporation assessed its key risks quarterly.

Check  mark in a green circle, meaning met the criteria

Risk mitigation

The corporation defined and implemented risk mitigation measures.

The corporation defined and implemented risk mitigation measures for its most significant risks.

Check  mark in a green circle, meaning met the criteria

Risk monitoring and reporting

The corporation monitored and reported on the implementation of risk mitigation measures.

The corporation monitored risk mitigation activities and reported on them quarterly to the board.

Weakness

The corporation had not set out its risk appetite and risk tolerance levels to guide management decision making.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Business continuity plans and information technology (IT) security

The corporation had information systems that were available and accessible when needed, and that resisted attacks and recovered from failures.

The corporation had a Business Continuity Plan, which was tested in 2018 and updated in 2019.

The corporation had a Corporate Security Policy addressing IT assets and information management.

The corporation hired external experts to perform regular risk assessments on critical IT systems and processes.

The Risk Committee received regular updates on cyber risk activities and corresponding action plans.

Check  mark in a green circle, meaning met the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

28. Weakness—Risk monitoring and reporting. We found that the corporation had not set out its risk appetite and risk tolerance levels to guide management decision making.

29. This weakness matters because risk appetite and tolerance levels would help the corporation identify a need for action; make informed, risk-based decisions; allocate resources; set priorities; and achieve corporate objectives.

30. Recommendation. The corporation should include risk appetite and risk tolerance levels in its risk identification and assessment processes.

The corporation’s response. Agreed. By March 2020, the corporation will transform its Enterprise Risk Management (ERM) program. The corporation has instituted a Risk Committee of the Board of Directors to provide oversight of the program and appointed a Chief Risk Officer to lead this effort. The corporation will articulate its risk appetite, define its risk tolerance levels, and develop an ERM framework. The corporation’s ERM program will drive strategic resource allocation and will guide management’s decision making going forward.

Management of operations

The corporation had good practices for managing its operations

31. We found that the corporation had good practices for managing its operations.

32. The analysis supporting this finding discusses the following topics:

33. The corporation provides deposit insurance against the loss of eligible deposits at member institutions in the event of a failure. The corporation insured deposits amounting to $807 billion as of 31 March 2019.

34. The corporation has a member risk assessment process, which actively monitors and assesses the ongoing performance of member institutions and their risk of failure. The purpose is to identify problems early so that appropriate action can be taken. The corporation uses a risk-based monitoring strategy, under which the level of monitoring is commensurate with the member institution’s level of risk. To help determine risk levels, the corporation has access to information from its member institutions and other financial safety net partners.

35. The corporation is Canada’s resolution authority—that is, to protect eligible deposits, it takes the lead in handling the possible failure of its member institutions. The corporation has a number of tools that it can use to help resolve a member institution’s failure.

36. The resolution tools used will differ depending on the size of the member institution. For example, an amendment to the Canada Deposit Insurance Corporation Act that came into force in 2018 added “bail-in” to the corporation’s suite of resolution tools. The bail-in tool is to be used only for Canada’s largest banks. The tool allows the corporation to take temporary control of a failing member institution and help restore it to viability by converting some of its debt into common shares.

37. For small to medium-sized member institutions, the corporation has various other mechanisms that it can use to protect depositors while minimizing its exposure to loss. The circumstances would determine which tool it selects. Among the factors to be considered are the size and complexity of the institution, as well as the current availability of private sector solutions. The tools available to the corporation include helping the institution become viable again, restructuring the institution, and reimbursing insured deposits.

38. The last time that the corporation experienced a member failure was in 1996. The corporation maintains a state of readiness through regular simulation exercises. These involve various scenarios featuring different sizes of member institutions, different resolution tools, different types of assets, and multiple concurrent member failures. The corporation’s readiness preparation also includes reviewing the lessons learned from failures experienced by its counterparts in other countries.

39. We made no recommendations in this area of examination.

40. Analysis. We found that the corporation had good systems and practices to manage its members’ risk (Exhibit 5).

Exhibit 5—Management of members’ risk—Key findings and assessment

Exhibit 5—Management of members’ risk—Key findings and assessment
Systems and practices Criteria used Key findings Assessment against the criteria

Operational planning

The corporation defined operational plans that aligned with strategic plans and the mandate.

The corporation had a framework to define its operational plans for managing members’ risk, in line with the strategic objectives.

The framework clearly defined roles and responsibilities, frequency of assessments, risk indicators, and monitoring strategies commensurate with the level of risk.

Check  mark in a green circle, meaning met the criteria

Operational plan implementation

The corporation implemented the operational plans to manage the risk of its member institutions.

The corporation had systems and practices to implement the operational plans for managing members’ risk.

The corporation performed quarterly risk assessments of each member institution, determining the potential impact, severity, and likelihood of the member’s failure.

As part of its process for managing members’ risk, the corporation identified and reported new and emerging risks, including environmental and regulatory factors.

The corporation ensured its readiness to act promptly and effectively if it identified an elevated risk of member failure.

Check  mark in a green circle, meaning met the criteria

Performance monitoring and reporting

The corporation monitored and reported on its results.

The corporation monitored its management of members’ risk regularly.

The corporation reported to the board quarterly on its performance results.

Check  mark in a green circle, meaning met the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

41. Analysis. We found that the corporation had good systems and practices to manage its readiness to resolve the failure of a member institution (Exhibit 6).

Exhibit 6—Management of resolution—Key findings and assessment

Exhibit 6—Management of resolution—Key findings and assessment
Systems and practices Criteria used Key findings Assessment against the criteria

Operational planning

The corporation defined operational plans that aligned with strategic plans and the mandate.

The corporation put in place plans for resolving the failure of a member institution.

The corporation’s plans for resolution described roles and responsibilities for its various internal services and the resolution tools available.

Check  mark in a green circle, meaning met the criteria

Operational plan implementation

Management implemented operational plans to manage a resolution.

The corporation had systems and practices to implement and monitor plans in the event of a resolution.

The corporation documented the suite of resolution tools and processes.

The corporation ensured its readiness to act promptly and effectively if there were indicators of an elevated risk of failure.

The corporation regularly prepared simulation exercises for a range of possible resolution scenarios.

The corporation integrated lessons learned from simulation exercises and from resolution activities into its readiness processes.

Check  mark in a green circle, meaning met the criteria

Performance monitoring and reporting

The corporation monitored and reported on its results.

The corporation monitored its resolution preparedness regularly.

The corporation reported to the board quarterly on its performance results.

Check  mark in a green circle, meaning met the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Conclusion

42. In our opinion, on the basis of the criteria established, there was reasonable assurance that there were no significant deficiencies in the corporation’s systems and practices we examined. We concluded that the Canada Deposit Insurance Corporation maintained its systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.

About the Audit

This independent assurance report was prepared by the Office of the Auditor General of Canada on the Canada Deposit Insurance Corporation. Our responsibility was to express

Under section 131 of the Financial Administration Act, the corporation is required to maintain financial and management control and information systems and management practices that provide reasonable assurance of the following:

In addition, section 138 of the act requires the corporation to have a special examination of these systems and practices carried out at least once every 10 years.

All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard on Assurance Engagements (CSAE) 3001—Direct Engagements, set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.

The Office of the Auditor General of Canada applies the Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.

In conducting the audit work, we complied with the independence and other ethical requirements of the relevant rules of professional conduct applicable to the practice of public accounting in Canada, which are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.

In accordance with our regular audit process, we obtained the following from the corporation:

Audit objective

The objective of this audit was to determine whether the systems and practices we selected for examination at the Canada Deposit Insurance Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively, as required by section 138 of the Financial Administration Act.

Scope and approach

Our audit work examined the Canada Deposit Insurance Corporation. The scope of the special examination was based on our assessment of the risks the corporation faced that could affect its ability to meet the requirements set out by the Financial Administration Act.

In performing our work, we reviewed key documents related to the systems and practices selected for examination. We tested the systems and practices in place to obtain the required level of audit assurance. We also examined a selection of activities, such as risk assessment of member institutions, resolution planning for member institutions, and crisis simulations. The activities were selected on the basis of assessed risk and professional judgment.

We also interviewed members of the Board of Directors, senior management, and other employees of the corporation. In addition, we observed meetings of the Board of Directors and its committees.

We did not examine the systems and practices of the Canada Deposit Insurance Corporation’s subsidiary, Adelaide Capital Corporation, because it is not wholly owned and is therefore not subject to the Financial Administration Act.

The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.

In carrying out the special examination, we did not rely on any internal audits.

Sources of criteria

The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.

Corporate governance

Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board of Canada Secretariat, 2005

Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Department of Finance Canada and Treasury Board of Canada Secretariat, 1996

Corporate Governance Guideline, Office of the Superintendent of Financial Institutions Canada, 2018

20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006

Performance Management Program for Chief Executive Officers of Crown Corporations—Guidelines, Privy Council Office, 2016

Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014

Strategic planning

20 Questions Directors Should Ask about Strategy, Canadian Institute of Chartered Accountants, 2012

Guidelines for the Preparation of Corporate Plans, Treasury Board of Canada Secretariat, 1996

Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015

Corporate risk management

20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006

Enterprise Risk Management—Integrating with Strategy and Performance, Committee of Sponsoring Organizations of the Treadway Commission, 2017

Control Objectives for Information and related TechnologyCOBIT 5 Framework—APO13 (Manage Security), BAI10 (Manage Configuration), DSS05 (Manage Security Services), MEA03 (Monitor, Evaluate and Assess Compliance with External Requirements), Information Systems Audit and Control AssociationISACA

Operational management

Plan-Do-Check-Act management model adapted from the Deming Cycle

Key Attributes of Effective Resolution Regimes for Financial Institutions, Financial Stability Board, 2014

Best Practices in Crisis Management Planning, Tamara Parris, 2017

Organisation for Economic Co-operation and DevelopmentOECD Risk Management: Strategic Crisis Management, Organisation for Economic Co-operation and Development, 2013

20 Questions Directors Should Ask About Crisis Management, Canadian Institute of Chartered Accountants, 2008

Period covered by the audit

The special examination covered the period from 1 January to 31 October 2019. This is the period to which the audit conclusion applies.

Date of the report

We obtained sufficient and appropriate audit evidence on which to base our conclusion on 26 November 2019, in Ottawa, Canada.

Audit team

Principal: Normand Lanthier
Director: Laurie Girard

List of Recommendations

The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.

Corporate management practices

List of Recommendations
Recommendation Response

24. The corporation should continue to engage with its responsible Minister and the Privy Council Office to address the issue related to the President and Chief Executive Officer’s compensation. (20 to 23)

The corporation’s response. Agreed. The corporation will continue to engage with its responsible Minister and the Privy Council Office to review the total compensation structure of the President and Chief Executive Officer position in light of the expansion of the corporation’s mandate, legislative framework, and powers. The objective is to ensure that the corporation continues to have the ability to attract and retain qualified candidates for the President and Chief Executive Officer position.

25. The corporation should consider disclosing its compensation framework as well as the total compensation for its executive positions (for example, in its annual report), to be in line with the practice in government and the financial industry. (20 to 23)

The corporation’s response. Agreed. The corporation will improve executive compensation transparency for Canadians while protecting the privacy of all its employees. To support this commitment, the corporation will conduct a review of the annual disclosures of both the compensation framework and the total compensation for senior executive positions of peer organizations in government and in the financial industry.

30. The corporation should include risk appetite and risk tolerance levels in its risk identification and assessment processes. (27 to 29)

The corporation’s response. Agreed. By March 2020, the corporation will transform its Enterprise Risk Management (ERM) program. The corporation has instituted a Risk Committee of the Board of Directors to provide oversight of the program and appointed a Chief Risk Officer to lead this effort. The corporation will articulate its risk appetite, define its risk tolerance levels, and develop an ERM framework. The corporation’s ERM program will drive strategic resource allocation and will guide management’s decision making going forward.