Evaluation of EXIM’s Portfolio Risk Management Procedures and CRO Responsibilities
Report Information
Recommendations
Assess the underwriting process to evaluate whether an independent review or other controls would be appropriate to ensure independence of the risk management function from underwriting for transactions that exceed the threshold for delegated authority....
Complete development of and implement its enterprise risk management (ERM) training policy, including training to EXIM’s enterprise risk committee (ERC) members.
Strengthen EXIM’s internal controls review program by expanding it to apply to all operational processes. Once the internal controls review program is developed, EXIM should communicate it to all business units for awareness and implement it agency-wide.
Determine whether EXIM can incorporate information for root cause events and intermediate events to measure and monitor as key risk indicators (KRIs).
Update its KRIs so that they are forward-looking and measurable through specific metrics and determine specific thresholds for KRIs above which EXIM would assess the need for further analysis or action.