Tip:
Highlight text to annotate it
X
CHAIRPERSON JELINCIC: Let's call the meeting to
order, and we'll start with the roll call. COMMITTEE SECRETARY SANTOS: J.J. Jelincic?
CHAIRPERSON JELINCIC: Here. COMMITTEE SECRETARY SANTOS: Priya Mathur?
VICE CHAIRPERSON MATHUR: Here. COMMITTEE SECRETARY SANTOS: Michael Bilbrey?
COMMITTEE MEMBER BILBREY: Present. COMMITTEE SECRETARY SANTOS: George Diehr?
COMMITTEE MEMBER DIEHR: Here. COMMITTEE SECRETARY SANTOS: Rob Feckner?
COMMITTEE MEMBER FECKNER: Good afternoon. COMMITTEE SECRETARY SANTOS: Ron Lind?
COMMITTEE MEMBER LIND: Here. COMMITTEE SECRETARY SANTOS: And Bill Slaton?
COMMITTEE MEMBER SLATON: Here. COMMITTEE SECRETARY SANTOS: Thank you.
CHAIRPERSON JELINCIC: The second item is the Executive Report. For that I call on Cheryl.
CHIEF FINANCIAL OFFICER EASON: Thank you. Good
afternoon, Mr. Chair and Committee members. Cheryl Eason
CalPERS staff. Today, my executive report to the Risk and
Audit Committee will focus on two key items on today's
agenda, the External Auditor's report on the 2012-13
audited financial CalPERS, and the CalPERS Enterprise
Risk Reports, including the risk dashboard and
top risk report. The CalPERS external auditor, Macias, Gini
& O'Connell have completed their audit of the
CalPERS basic financial statements for fiscal year 2012-13.
These 2013 draft financial statements were presented
to the Finance and Administration Committee earlier today.
Upon approval, the financial statements are provided to the State of California as required
by Government Code Section 20228. The financial
statements and supplementary information, along with
the compliance report, investment, actuarial, and statistical
sections will also go forward as part of the Comprehensive
Annual Financial Report, or CAFR, which is submitted
to the GFOA, Government Finance Officers Association by
December 31st, 2013, as next steps.
On behalf of CalPERS staff, I wish to thank CalPERS internal auditor, Margaret Junker
and the Macias, Gini & O'Connell audit staff for their sort
during the audit process.
The other item of importance is the enterprise risk reports, including the risk management
dashboard and Top Risk Report. The Enterprise Risk Report
identifies the most significant risk domains that may
impact CalPERS ability to achieve its goals and objectives.
And the Top Risk Report highlights those key risks, along
with mitigation strategies, design to reduce the
level of risk and its impact over time.
Risk trends have also been included in the Top
Risk Report to better highlight how risks are being
managed and change over time. Staff will provide you with
details on how process improvements achieved a more
inclusive and comprehensive risk review by all levels of
the organization. Looking ahead to the March 2014 meeting, the
Risk and Audit Committee will be holding the election
of its Chair and Vice Chair. The management letter
will be presented to the Committee by Macias, Gini
& O'Connell with their recommendations for strengthening
internal controls based on their audit of the 2012-13
CalPERS financial statements, along with CalPERS management
responses. Thank you, Mr. Chair. This completes my report,
and if there are any questions. CHAIRPERSON JELINCIC: Any questions?
Seeing none. We will move onto the consent items. There's action consent items. There's
two. There's the approval of the minutes and there's
the revision of the policy on audit resolution,
which has no risk of adopting, but risks of not adopting.
COMMITTEE MEMBER BILBREY: I move approval. COMMITTEE MEMBER DIEHR: Second
CHAIRPERSON JELINCIC: It's been moved by Bilbrey, seconded by Diehr.
Any discussion? If not, all those in favor say aye?
(Ayes.) CHAIRPERSON JELINCIC: Opposed?
It's adopted. Now, we move on to the interesting one, the
audit, and the External Auditor's Report. CHIEF AUDITOR JUNKER: Good afternoon, Mr.
Chair and members of the Committee. Margaret Junker,
CalPERS staff. And this is Agenda Item 5a, which is
an action item. This is the External Auditor's report
presented to the Committee for your acceptance for the
June 30th, 2013 audit.
So I'd like to introduce, first of all, presenting with me today are on my left Rick
Green, who's the engagement partner with Macias, Gini & O'Connell,
and on my right is Debbie Chan, who is a director
with Macias, Gini & O'Connell.
And they'll be presenting the bulk of this presentation, but I'd just like to make a
couple of quick introductory remarks. So CalPERS engages Macias,
Gini & O'Connell to audit the financial statements
that are prepared by CalPERS management. And as Cheryl
mentioned were presented to the Finance and Administration
Committee earlier today.
So the independent auditor's report on their audit of the financial statements is presented
in this item consistent with the Risk and Audit Committee's
oversight of all things audit in the powers reserved for
this Committee. So before I turn this over to Rick and Debbie,
I would like to walk through the attachments
to this agenda item, because there are a few that I'd like
to point out and just describe them to you before Rick
and Debbie start going through them.
So first of all, Attachment 1, right after the
table of contents with the -- for Attachment 1 on pages
two through four of 88, this is the independent auditor's
report, which is prepared by the auditor, and this is part
of what the auditors will be presenting to you today. The
remainder of Attachment 1 is the basic final statements,
as prepared by management, but those are attached for
reference since the auditor's report refers to those.
Attachment 2, which is after page 88, and I'll
give you a moment to get to Attachment 2. Attachment 2 is
a report that's prepared by the auditors required communications, and it's prepared by auditors
in accordance with auditing standards, and it's
addressed to the members of the Risk and Audit Committee.
So that's Debbie and Rick will be going over that in
their presentation.
Attachment 3 was prepared by my office, and it's
just a roles and responsibilities graphic depiction
showing what the role -- what the various roles are
between staff and the auditors during this entire cycle of
financial statement preparation and audit. And that's just for your information, but
if you have any questions, I'd be happy to address
them. And finally Attachment 4 is a transmittal letter
for transmitting the basic financial statements
to the Governor and legislature when the audit is
finally complete.
So with that, I would like to turn it over to
Rick and Debbie who will be presenting those items I
mentioned, as well as giving some verbal comments on what
the preliminary findings are from the audit just
completed. CHAIRPERSON JELINCIC: Before I let you escape,
are there any questions for Margaret? You got to escape for now.
CHIEF AUDITOR JUNKER: Okay. So I'd like to turn
it over to Rick. MR. GREEN: Well, thank you, Margaret.
Mr. Chair, members of the Committee, I want to
thank you for the opportunity to present the results of
our work today. And I also want to thank members of
management and staff for their assistance and hospitality
extended to our staff during the course of our financial
audit. As you are aware, we were engaged to perform
an audit of CalPERS basic financial statements
for the fiscal year-ending June 30th, 2013. And as a result
of that scope of work, we issued three products which
Margaret has identified, but I want to just reiterate.
The three products are the independent auditor's report
on the basic financial statements, and then also a report
to the Risk and Audit Committee. This report is item number
2, and is required by the audit standards for us to
report to those charged with governance.
And then finally, the management letter that will
be forthcoming that will include our observations, recommendations, management's responses to
areas within the internal control structure that we believe
have weaknesses, and also just general observations
on operations and operating effectiveness and
how things are done and processes.
So with that said, I'd like to turn your attention please to the first product that
we issue, and that is Attachment 1, page two of 88, and
it's our independent auditor's report.
CHAIRPERSON JELINCIC: Just for the Committee, it's on 59 of the iPad.
CHIEF AUDITOR JUNKER: I don't have the iPad. MR. GREEN: Oh, okay. I'm sorry. I had the
numbering convention off the website. CHAIRPERSON JELINCIC: That's fine.
MR. GREEN: Okay. CHAIRPERSON JELINCIC: I don't expect you to
have the iPad.
MR. GREEN: If everyone is as the independent auditor's report, I want to briefly go through
it, because it is reformatted by virtue of changes in
audit standards, reformatted from what you would see if you
were to compare it to last year's. But I think equally, if
not more important, it helped put in perspective the
audit process, the division of responsibilities between the
independent auditor and management, certain items in which
we place emphasis, and of course, you know, our audit
opinion. So I will, you know, briefly go through it, and
if there's any questions, please let me know.
The first paragraph is intended to identify the
scope of our work, and which I've already articulated.
The next section of the independent auditor's report,
titled management's responsibility for the financial
statements. It's articulated there that management is
responsible for the preparation of the financial statements in accord with the underlying accounting
standards. They're also -- management is also responsible
for designing, implementing, and monitoring the internal
control structure that governs the reporting to ensure
that material errors are absent from the financial statement reporting process.
The next area, the auditor's responsibilities. Our responsibility is to plan and perform
the audit to obtain reasonable assurance that the financial
statements are free of material error. Now, in order
to fulfill that responsibility, we approach our work using
a risk based audit approach. And, you know, what that really
means is when we talk about, you know, risk, we're
talking about audit risk, the risk of material error.
And so what we do is we look at the internal control structure of the financial statements,
and we identify areas where there's a high inherent
risk where those type of errors can occur. And some of
the risk indicators that we look to are like complexities
in the underlying amounts that have been reported
in the financial statements or disclosures, are they
complex by the nature of the amount, you know, complex
as a result of difficulty in valuation techniques, let's
say for a certain type of investments, or are amounts
a by-product of estimates, which becomes a little more
complex to determine, or complexities as a by-product
of difficult accounting standards.
So these are some of the things we look to. We
also look for transaction cycles that are voluminous in
nature. Are there a lot of transactions flowing through
these transaction cycles, such as the benefit payment
transaction cycle. I'll also look to areas where we have
had weaknesses in the internal control structure in the
past that, as a result, we've had audit adjustments. So these are some of the risk identifiers
that I look to to determine where within the financial
statements we could have a high degree of inherent risk
that would result in an assessment on my part, where
we would need to focus more rigorous audit procedures.
So once we go through this risk assessment process, we design our audit procedures in
response to that risk assessment, and we perform our work
thereafter. Now, once we perform our procedures, we step
back and assess whether or not we have achieved a sufficient
and appropriate level of audit evidence in order
to support our audit opinion, again on whether the financial
statements are free of material error. And I am pleased to report to you that, in
fact, we are able to do that as through the audit
process that we are issuing an unqualified opinion on the
basic financial statements, which once again means
that they are free -- in our opinion, are free of material
error and presented in accordance with the underlying
accounting standards.
And so that -- that opinion is rendered in the
opinion paragraph, which is on the very next page. And
when we talk about opinion, we have -- there's two areas
in the financial statements that -- we render two
opinions, because there's two opinion units. One is on
the fiduciary activities and one on the proprietary activities. So I just wanted to highlight
that and bring that to your attention.
Now, in addition to rendering the opinion, which
again is unqualified, we have areas within our report
where we call emphasis of matters. This is an opportunity
for the independent auditor to emphasize significant things within the financial statements that
we believe informed readers should pay attention to and
be aware of. And I've got four of those matters identified
in our independent auditor's report this year.
The first is discussed in Note 5. It relates to actuarial
data presented for the California Employees Benefit
Trust Fund, and it focuses on the information being derived
from the actuarial valuations performed by employers
of the participating -- or actuaries -- performed
by actuaries engaged by participating employers, even though
those actuary evaluations are performed in accordance
with system OPEB assumption models.
The next area again is in Note 5, and it focuses on actual contributions made by the state
to the Judges' Retirement Fund were significantly less than
the actual determined annual required contributions.
The next is the -- the emphasis of matter area is
discussed in Note 8, and it speaks to the estimated
liability for future policy benefits of the Public
Employees Long-Term Health Care Fund. It is sensitive to
underlying actuarial assumptions, primarily the discount
rate. And finally, in Note 9, we -- the discussion
on the fact that the actuarial accrued liability
exceeds the actuarial value of assets for the PERF fund,
as well as the California Employees' Retirement Benefit
Trust Fund in the amounts of 57.4 billion and 15.5 billion
respectively. And it is important to understand that although
we emphasize these matters that management has fully
disclosed in the notes to the financial statements, they
do not impact our opinion. Again, they're just for those
individuals that are reading the financial statements to
be aware of. There are a couple of other items in the
independent auditor's report. CHAIRPERSON JELINCIC: Rick.
MR. GREEN: Yes. CHAIRPERSON JELINCIC: If I may interrupt you
a minute?
MR. GREEN: Sure. CHAIRPERSON JELINCIC: So in some ways we've
got two opinions, one related to the fiduciary
activities and one related to the proprietary.
MR. GREEN: That is correct. And let me just --
if you -- CHAIRPERSON JELINCIC: Please.
MR. GREEN: I'll quickly -- if you turn to well, I don't have the page conventions. Page
27 in my document. You know, I don't have the numbering
that they're looking at.
CHIEF AUDITOR JUNKER: I don't have the iPad numbers.
MR. GREEN: Just. Mr. Chair, yes, there's a column -- in the financial statements, there's
a column, the total column, 2013 column for the fiduciary
funds, and it's that column in which we're rendering
our opinion on, as opposed to the individual funds, and then
also in the proprietary funds there is a column for 2013,
and is right next to the 2012 column. We render our opinion
on the 2013 column. So it's the combination of the
fund's activities.
CHAIRPERSON JELINCIC: Okay. And then on this last one that you raised, the actuarial accrued
liability exceeds the actuarial value, that's the difference
between the market value and the --
MR. GREEN: It's your funded status. And those are all done on actuarial valuation techniques,
the liability as well as the assets. And if you
go to Footnote 9, you'll see the funded status for
the various plans in which I'm referring to.
CHAIRPERSON JELINCIC: Thank you. MR. GREEN: Okay. And these, I believe -- I
know most of these, if not all these items, have
been reported in the past. But again, because I just wanted
to highlight it. And they are -- it's an area
of the financial statements in which there -- I think
most readers -- informed readers, should just pay
attention to given the nature of the financial reporting
process here. Now, continued on in our report, I'll just
-- I'm going to skip down to another area, required
supplementary information. The first paragraph identifies
the various schedules that are required by the accounting
standards to be included, and accompany the basic financial
statements. We make sure that the information within these
schedules do not conflict with the basic financial statements.
However, we don't render an opinion on those schedules. And the primary reason for that
is many times information is included in the required supplementary
schedules or information is not derived from the
accounting of financial reporting system, but rather
outside of that system. And since our audit simply focuses on the
system that is used to generate the financial statements,
we cannot render or audit that information. And
you compare that to the next section when it's titled
"other information", there is other supplementary
information and it's listed in the first paragraph that management
has selected to include in the financial statements.
This information is a by-product of the underlying
accounting and financial reporting systems, so we can
audit the information, and we render it in relation
to opinion on it.
So that is the difference between those two areas. So with that said, that is the -- that
is the makeup of the independent auditor's report,
the components of it. And again, the most important thing,
at least given our responsibilities, is the opinion
where we rendered the unqualified audit opinion, okay?
So that's our independent auditor's report.
Quickly, I'd like to go through the next document that we issue. Given the scope of our work,
it's the report to the Risk and Audit Committee. And
again these items here are --
CHIEF AUDITOR JUNKER: Attachment 2. MR. GREEN: Attachment 2. The information and
items that we speak to in this letter is required by the
audit standards as promulgated by the AICPA. And I'm just
going to highlight certain key areas. The first area is the qualitative aspects
of accounting practices. It's important to note
that management is responsible for selection -- the
selection and appropriate use of accounting policies.
These policies are articulated in Note 1 to the
financial statements. It also will include in this year's
financial statements reference to two new accounting
standards, which I believe Ms. Eason identified during
her presentation, GASB 62 and 63.
We look at these accounting policies that are
articulated in Note 1, and that all the financial transactions that are reported in the financial
statements are subject to, to determine that they are
appropriate and that they are consistently applied from one
year to the next, to the extent that you don't have a
new accounting standard. And we determined that in fact they
are appropriate and were properly and consistently
applied to the transactions that are ultimately reported
in the financial statements before you.
The next area within this section is a discussion on accounting estimates. As I'd mentioned
earlier, accounting estimates are a little more difficult
for management to determine and for us to audit
by the very nature of being an estimate. So we have to
design audit procedures to a -- that are unique to address
such areas. And I've highlighted four areas down below
for you. It's the -- first bullet point is the
actuarial valuations for pension and Other Post Employment
Benefits, both the assets, liabilities, and required
contributions. The next area are the fair value of real estate
and private equity investments, otherwise known as the
alternative investments. And then the third bullet point
is -- are the estimated insurance claims in the health
care fund, and then finally estimated liability for the
future policy benefits in the long-term care fund.
The first and third and fourth bullet points are
estimates. Actuarial valuations are used predominantly in
determining these amounts. And one of the ways in which
we respond to these unique and more complicated areas is
to contract with an independent actuary to supplement our
own expertise in this area. So we had an independent actuary review this information to determine
that the information was -- or the numbers were calculated
in accordance with actuarial sciences, the underlying
accounting standards, and just properly performed. And so
that they concluded that, in fact, they were. With respect to the fair value of the alternative
investments, we have designed more rigorous procedures
there, and really look at the methodologies that are used
by management in order to derive these amounts. And we
performed those procedures, and I'm pleased to present to
you that, in fact, everything -- the key assumptions and
methodologies were appropriate under the circumstances. Let's see the next area of this document that
I'd like to focus on is a section called "Corrected
and Uncorrected Misstatements". You will have
two schedules here that relate to this area. The first schedule,
Schedule 1, summarizes uncorrected misstatements of the
financial statements. And what this effectively means is
in Schedule 1 you'll see an adjustment here that has not
been made to the financial statements, and it has been
determined by management, and with our concurrence that
the adjustment is immaterial. It does not have an impact
on the financial statements one way or the other. And so
what we call is we passed on the adjustment, but yet we
want to still bring it to your attention that, in fact,
this adjustment was not reflected in the financial statements, and which is appropriate and common
due to the immateriality of the adjustment to the financial
statements taken as a whole. The next schedule, Schedule 2, is a summary
of corrected financial misstatements. So these
adjustments here are adjustments that came as a by-product
of the audit process, were accepted by management,
and were made and reflected within the financial statements.
So the financial statements have been adjusted as
a result of these items that you see before you.
Let's see, finally -- CHAIRPERSON JELINCIC: Excuse me.
MR. GREEN: Yes. CHAIRPERSON JELINCIC: Priya.
VICE CHAIRPERSON MATHUR: Thank you. Is it all
right if I interrupt you for a question? MR. GREEN: Sure.
VICE CHAIRPERSON MATHUR: So in looking at the
corrected and uncorrected misstatements, do you have a
threshold at which you think something is material or
immaterial? MR. GREEN: Yes. Well, the whole concept of
materiality is a by-product of a quantitative and
qualitative type of thought process. On the quantitative
side, I think we use -- is it about one percent, Debbie?
MS. CHAN: Um-hmm. MR. GREEN: One percent of assets.
MS. CHAN: Yes. MR. GREEN: Okay. And so that's the
quantitative. And the qualitative, you know, that's, you
know, more of the science -- or the art part of the
equation. And we look to see whether or not leaving
something out, even though it may not be quantitatively material, would impact the decisions that
an informed reader would make. So that's how we look at
materiality. VICE CHAIRPERSON MATHUR: Thank you.
CHIEF AUDITOR JUNKER: And that's per fund, right? The materiality is --
MR. GREEN: We plan on a fund by fund basis, but
since the opinion unit is done on total fiduciary column
and proprietary column, that's how you ultimately will
determine whether or not something is material to the
financial statements. But that's where -- that's where the qualitative
aspect comes into play. If you happen to have an
adjustment to one of the funds, say one of the trust funds
that even though it's immaterial to the total column, but
yet you think needs to be made, because it's just from a,
you know, a qualitative perspective, the same thing a
reader would like to see it or should see it, in making
decisions, we make those adjustments. So that's more of
an example of how we apply the materiality thresholds.
VICE CHAIRPERSON MATHUR: Okay. And if -- so management -- just process-wise, management
says, okay, we believe that these are immaterial and brings
it to -- and then do you advise them at that point or do
you just -- MR. GREEN: No, these are all adjustments that
we -- that come as a by-product of the audit process.
Okay. And then we present them to management, and then
management can make the decision to book the adjustments
or not. And for those that are deemed, you know,
immaterial, you have a choice. You can either book it or
not. And if they are material, then we -- you know, they
generally will do so. VICE CHAIRPERSON MATHUR: Yeah. Okay. All
right. Thank you. CHAIRPERSON JELINCIC: And then when I look
at Schedule 2, my reaction is those are typical
year-end adjustments. There wasn't anything particularly
unusual there. Is that a fair assumption?
MS. CHAN: So again, Schedule 2, all of these adjustments, as Rick mentioned, are part of
our audit procedures. So in addition to all of these
adjustments, there are, you know, year-end adjustments
posted by management, which are not included in this
schedule. CHAIRPERSON JELINCIC: Okay. But none of these
in Schedule 2 are particularly extraordinary? I mean,
they're typical of year-end adjustments. And I'm not
trying to put words in your mouth, so if I'm not stating
it fairly, please correct. MS. CHAN: These are, I wouldn't say, typical
year-end adjustments, but these are errors that was
detected as a result of our audit, and was corrected in
the financial statements. So this amount, you know, originally was reported
in the financial statements, you know, for some of these
examples incorrectly classified. So as a result of our
audit, it was reclassified to the proper financial statement line items.
CHAIRPERSON JELINCIC: Okay. MR. GREEN: Mr. Chair, let me further address
it. Some of these are the type of adjustments
that you would expect during the course of a financial statement
audit, but some of them also, you know, reflect some
areas of opportunity for improvements in the internal
control structure, okay?
And so those -- and those areas will be discussed in more further detail, and when we issue
our management letter to the Audit Committee.
CHAIRPERSON JELINCIC: Okay. Thank you. MR. GREEN: Okay. So moving on. The other area
that I wanted to just spend a few minutes on are
disagreements with management. We had no disagreements with management. And typically, when you do
report something, it's a disagreement on the application
or interpretation of GAAP. That did not occur.
I have to say that there's been some, what I
would -- meaningful improvement in Fiscal Services this
year. We worked well with Ms. Eason and her staff, and
responsive, and I believe are definitely moving in the
right direction. We've had issues in the past, as you
could tell by looking at our management comments from the
past in this area. And although there's still room for
some improvement, there has been some substantial movement
in that direction. I wanted to just highlight that to the
Audit Committee. Let's see, there will be a management
representation letter that will be signed by management
regarding their representations on certain assertions that
are made within the financial statements. We'll receive
that fairly soon. And that will effectively complete the
audit of the basic financial statements. And again, there will still be a CAFR issued
within, I think, about a month. And then we'll come back
and report to the Audit Committee, through the management
letter comments, on the areas that we feel are
opportunities for improvement in the internal control
structure. Now, with that, I want to turn the presentation
over to Debbie, who is going to -- just summarize what
we've seen and what you can expect to see in the
management letter that's forthcoming. CHAIRPERSON JELINCIC: If I can interrupt for
a minute.
MR. GREEN: Sure. CHAIRPERSON JELINCIC: You made the comment
that there were -- as far as you were aware of,
there were no consultant -- consultations with independent
auditors. And so I'm going to ask staff, were there?
I mean, they're not aware of any, but are you aware
of any? CHIEF FINANCIAL OFFICER EASON: No, I'm not
aware of any.
CHAIRPERSON JELINCIC: Okay. Thank you. Okay. Carry on.
MS. CHAN: Thank you. Okay. So as Margaret and
Cheryl mentioned earlier, we'll come back to you in the
next Risk and Audit Committee meeting to present the final
part of the management's comments and along with
recommendations and management responses. So I want to verbally inform you today that
as a by-product or as a result of our audit, we
will have five new written observations. And out of the five
observations, one of them will be classified as a
significant deficiency. So in the significant deficiency observation
from the 2013 audit, we will summarize several
errors that we noted from our audit. And these are, you know,
errors in financial and accounting -- financial reporting
and accounting of transactions.
So that's not including the status of some of the
prior year's observations. So we'll also be reporting to
you the status of those items as well. CHAIRPERSON JELINCIC: Okay. I sort of look
forward to that. MS. CHAN: So that -- I can -- that's my
presentation, and I can -- if you have any questions that
you -- the detail of our observation, I'll be happy to
answer any questions you have. MR. GREEN: Let me also add, Mr. Chair, we
can meet with the -- well, we can meet with members
of the Audit Committee like I did before in the past
with you prior to us doing the formal presentation,
just to give you a feel for what we can expect to be reported.
Of course, as always, you know to the extent that
we were to come across something of significance, and
illegal activity, you know, fraud, anything like that, we,
of course, would reach out proactively, and not wait to
just report it to you. Fortunately, we did not come across any instances
of matters as such, and it would be a little more the
typical type of reporting on the management comments that
you've experienced in the past. CHIEF AUDITOR JUNKER: And we'll be bringing
that back, and we'll have management's responses
and corrective action plans to any of the findings that MGO
has. And we'll bring that back at the March meeting.
CHAIRPERSON JELINCIC: Okay. And the -- was this
an action item? CHIEF AUDITOR JUNKER: Yes.
CHAIRPERSON JELINCIC: The -- okay. So it's an
action item. Is there a motion from the Committee? VICE CHAIRPERSON MATHUR: Move staff's
recommendation. COMMITTEE MEMBER BILBREY: Second.
CHAIRPERSON JELINCIC: Moved by Priya, seconded by Michael. The only question I have is since
the auditor's report includes the management letter
that we're not getting, is it appropriate to accept it
at this point? MR. GREEN: The auditor's report --
CHAIRPERSON JELINCIC: Yeah. MR. GREEN: I'm sorry. The auditor's report
does not include reference to the management letter.
CHAIRPERSON JELINCIC: Okay. MR. GREEN: The auditor's report reports on
the basic financial statements.
CHAIRPERSON JELINCIC: Okay. Any discussion on
the motion? If not, all those in favor say aye?
(Ayes.) CHAIRPERSON JELINCIC: Opposed?
It's adopted. Thank you.
CHIEF AUDITOR JUNKER: Thank you very much. CHAIRPERSON JELINCIC: Moving onto the next
item, the Enterprise Risk Reports.
CHIEF RISK & COMPLIANCE OFFICER WEBB: Good afternoon, Mr. Chair and Committee members.
Kathleen Webb, CalPERS staff. And today I'm joined
by Larry Jensen our Chief Risk Officer to present Agenda Item
6a, the Enterprise Risk Reports, which is an information
item. The enterprise risk management dashboard and
top residual risk reports provide an overview
of CalPERS risk environment. The dashboard represents CalPERS
overview of the current risk profile broken down into
strategic, operational, financial, and compliance and
ethics categories.
Since our last Risk and Audit Committee, an enterprise risk assessment was conducted.
The activity expanded our engagement of stakeholders and
the risk identification and assessment process and
substantially elevated the maturity of our program. Larry
Jensen will address this further in his presentation of
the dashboard and the top risks.
Before we leap into the dashboard and the top
risks though, I'd like to take a few minutes to review the
risk report process map, which is Attachment 1. While the
process map is displayed in a linear path, I think it's
important to note that it's a full cycle process, which is
repeated in an ongoing basis. Page one provides the summary of the process,
and two provides additional detail with regards
to the phases within the process. While data and intelligence
gathering happens throughout the process, there are
also specific activities that facilitate the input of information.
One of those activities is our presentation to
the Board, and the Board's opportunity to provide input on
the current risk profile and identify potential risks
to be assessed. Are there any questions on the process map
before I turn it over to Larry?
CHAIRPERSON JELINCIC: I do not see any. CHIEF RISK & COMPLIANCE OFFICER WEBB: Okay.
Thank you. CHIEF RISK OFFICER JENSEN: Good afternoon,
Mr. Chair and Committee members. Larry Jensen,
CalPERS staff. To further implement the strategic planning
goal to cultivate a risk intelligent organization
here at CalPERS, the division chiefs participated
in a series of progressive training sessions to understand
the risk assessment process and reporting methodologies
as outlined in Attachment A of the agenda item.
Historically the, division chiefs have participated in the annual enterprise-wide
risk assessment. And a periodic refresh of the
risk dashboard was performed by the Executive Risk Management
Committee. Consistent with the Board approved annual
risk assessment plan, the division chiefs participated
this time in the recalibration of the risk dashboard
for this reporting period by developing detailed risk
registers. This involved identifying, assessing, and
responding to the key risk supporting the domains shown
on the enterprise risk dashboard.
As a result, the risk in the portfolio increased from approximately 150 risks to 190 risks
that were individually assessed and support the risk
dashboard ratings.
To enhance risk governance, the division chief counsel also reviewed the enterprise risk
dashboard and made several recommendations to the Enterprise
Risk Committee. After review and evaluation by
the Executive Risk Management Committee, the risk dashboard
was updated as outlined in the agenda item. The enterprise
risk dashboard represents CalPERS risk profile
or degree of exposure considering our operating environment
and achievement of our strategic objectives and
operations. While the domain ratings did not change overall
for this reporting period, we see changes in the trend
indicators as outlined in the agenda item. In addition,
other minor changes were made to the report.
A couple of examples might include some domain titles and definitions that were updated that
more accurately reflect the underlying risks within
the domain. For example, strategy and policy was retitled
to strategic planning and implementation. A couple of the
risk domains were also moved from the strategic category
to either financial or operational categories again
to be consistent with the underlying types of risk within the
domain. And some of the domains were consolidated
during this last reporting period. As noted on the
dashboard, ethical conduct domain will be replaced by
ethical conduct and standards. And this will be the last reporting
period for that domain. On the dashboard, there are
14 top risks that are outlined and highlighted and annotated
in red. Attachment 3 of this agenda item is our Top
Risk Report. This report was modified to show the
domain rating trend over the last three reporting
periods, in addition to the current reporting period.
While many of the train ratings have remained the same over
the four reporting periods, I'd like to remind the
Committee that the domain ratings is an aggregate rating,
and in some periods certain risks may decrease while others
increase, so that the overall domain rating remains
the same from one period to the next.
The operating environment may also change from
one period to the next, for example, if new legislation
was introduced that may change the operating environment.
Also, many of the mitigation strategies are strategic
initiatives that may take one to three years to fully
implement, as noted in the comment section of the report,
for each of the top risk domains. We do, however, see a decrease in the investment
controls and systems domain. The current trend indicators
for all of the top risks of the organization are either
constant or decreasing, which is a good sign. Additionally, the report was updated to show
the key risks for each -- that management is addressing
within each of the domains. In the past, we showed just the
domain definition, along with the mitigation strategies.
Now, the Committee can see the key issues that
are being dealt with.
These mitigation strategies are management's response to these key risks. The strategies
are reported at a high level in this report, but are often
tied to action plans as part of the business plan
objectives, a roadmap, or a Target Operating Model. And
according to management, all mitigation strategies are
currently on track. During this next reporting period,
the Office of Enterprise Risk Management will validate the
status of the mitigation strategies and report our findings
to the Risk and Audit Committee in our next report.
That concludes my presentation. I'm happy to
answer any questions. CHAIRPERSON JELINCIC: Bill.
COMMITTEE MEMBER SLATON: Thank you, Mr. Chair. I'd like to explore just a little further
the summary of top residual risk. And than you
for putting the three prior quarters in there, so we can
see if we see the trends a little bitter.
But I want to understand better, we have none of
these top risks that are increasing in trend, which
immediately makes -- you know, raises a question in my
mind, what does it take for it to be increasing versus
it's always comfortable to be either neutral or down?
So talk to me more about what you would have to
see in order to have an upper arrow in trend? CHIEF RISK OFFICER JENSEN: Sure. I can give
you an example and maybe -- so, for example, with
regards to pension reform, if we saw that there was new
legislation that was being introduced that may impact
operations here at CalPERS, over the next reporting period,
then that trend indicator would be likely an upward
type of a trend that we would see over the next period there.
So if any types of changes in our operating environments, if we see that we're going into
-- for example, maybe in the health area, if we see
that we're going into contract negotiations or open enrollment,
that those are kind of changes to our environment
that may increase our risk during those periods.
What this doesn't necessarily reflect is how those trend indicators were over the various
reporting periods. Some of them may have been -- in
fact, I know that in past periods, some of them were in
an upward, you know, increased trend, but because of the
actions that were taken to try to mitigate those, then
they moved to either a constant or a downward trend.
COMMITTEE MEMBER SLATON: So do -- and we don't see the -- we don't see the ones that are
in green right now. Do we have --
CHIEF RISK OFFICER JENSEN: No, we don't display those that are in green right now.
COMMITTEE MEMBER SLATON: Do we have any of those
that have an upward trend? CHIEF RISK OFFICER JENSEN: That would be
indicated in our enterprise risk dashboard. And I'm
reviewing quickly here. I do not see any that are green
that -- with an upward trend. They all have a constant
trend. COMMITTEE MEMBER SLATON: Okay. So, for
instance -- CHIEF RISK OFFICER JENSEN: So I just wanted
to add. We do, however, monitor those that are
green because, you know, those are the ones that
really, you know, might surprise you. And if it's -- and
we determine is it really green or not. And so we do monitor
all of them.
COMMITTEE MEMBER SLATON: So we have a potential legislation that's been introduced, or at
least a Constitutional Amendment that's being talked
about in regard to pension reform. Would that affect
one of these, and if so, which one?
CHIEF RISK OFFICER JENSEN: So that would fall under the legislative regulatory category,
which is under our strategic risk. It's not considered a
top risk at this time. So it's not on the Top Risk Report.
However, on the enterprise risk dashboard, that type
of initiative that you described would fall under the legislative
regulatory category. COMMITTEE MEMBER SLATON: Okay. And if I look
at legislative regulatory, I see an arrow just
steady. So you don't view that as a risk that would necessitate
an up arrow.
CHIEF RISK OFFICER JENSEN: Not at this point. In that scenario if it's -- we do consider
it to be a moderate level risk. We are monitoring that.
We have controls in place that are monitoring and
assessing the likely impact to CalPERS.
And in this case, right now, we believe that the
mitigation strategies and the actions that were taken will
not have a significant impact to our operations or
achievement of our strategic objectives. COMMITTEE MEMBER SLATON: Okay. How often does
your team meet to go over this dashboard? CHIEF RISK OFFICER JENSEN: The Executive Risk
Management Committee, which is composed of all of our
executive staff and also our internal auditor and Chief
Operations Officer for the investment area meets every
other month. And so we have a discussion about the dashboard
and it's really kind of where the rubber hits the road, is
during those discussions. And so we will talk about all
of those underlying risks that are identified. We will
look whether we agree with the ratings or not, the trends
as well, and the strategies. And so every other month
they meet. COMMITTEE MEMBER SLATON: And is that consistent
with industry practice? Is that the frequency with which
you -- the management team reviews this? Is it monthly at
other organization or less frequently? CHIEF RISK & COMPLIANCE OFFICER WEBB: Kathleen
Webb, CalPERS staff. Great question, Mr. Slaton. And I
had the benefit of actually joining a lot of my peers at a
recent conference on Friday. And I will tell you, we are
probably more frequently reviewing our risk dashboard and
presenting both to the Board as well as the executives
that many of the Fortune 500 organizations out there that
have a similar organizational structure. COMMITTEE MEMBER SLATON: Okay. All right.
Thank you very much. Thank you, Mr. Chair. CHAIRPERSON JELINCIC: Okay. I have a couple
of observations on Attachment 3, page two of
six, the residual risk status overview. In the briefing,
Priya raised the issue of, you know, some of these
are already implemented, and some are in the process of
being implemented. Some are future implementations.
And so in the future, you've said you will break those
out, so that people have a better understanding of it.
One of the other expressions you've made is you
don't feel you're getting enough feedback from this
committee. And part of my response was, well, we don't --
my perception is we don't actually know enough to really
say, hey, you know, what about this? You know, if you
tell us these are the risks and these are the mitigation
strategies, we kind of take that on faith. But this report is a consensus report. You
have your meeting and you say okay collectively
we agree this. So my question is which of the issues were
toughest to reach consensus on? Where is there the biggest
dispersion of interest, because, in some ways, that's
where, you know, the Committee needs to focus. And if
we're not aware of where those dispersions are, we don't
have a basis on which to actually kind of focus there.
So I've traditionally asked Larry if I made him
God what would we change. So let me rephrase that. I
mean, where is the biggest -- what part of reaching a
consensus was the toughest? And I'll invite Cheryl or Kathleen or Larry
to answer that one, or all three of you.
CHIEF RISK & COMPLIANCE OFFICER WEBB: I think through the reassessment process that we initiated
over the summer and into the fall, one of the things
that I think really proved vital in elevating and
maturing our program was engaging the division chief counsel
in the discussion, and their identification of risk,
which we then brought to the Executive Risk Management
Committee. And based on roles and responsibilities, people
are going to look at risks and their exposures a little
bit differently. So it was a great opportunity
to merge both of those observations and their roles and
responsibilities together in the identification of risk.
What also we engaged in was really a robust discussion around the defining the risk domains.
So based on those risks that were identified, how do
we define this risk domain, so that it's also considered
what is the risk exposure to the organization?
And that, I think in some cases, was probably the
most interesting discussion and debate that would go on.
I think at the end everybody felt very comfortable with
the changes in the definition that it more globally
reflected the risk domain and the changing environment. I
think that's also important to understand is the
environment is not constant. It is ever changing. And
how do we make sure that we're appropriately addressing
and scanning our environment and capturing the risks and
making sure that we're keeping an eye on it within the
risk domains that we should be keeping an eye on it.
I think Larry can talk to more of the discussions he had with the division chief counsel and
some of the discussion along those lines.
CHIEF RISK OFFICER JENSEN: Some of the areas, you know, in past discussions that we've really
had that were I think robust discussions with both
the division chiefs and the executive team have centered
around governance and leadership of the organization,
and its focus that we've had on that in the last couple
of years with defining governance roles within -- and
roles and responsibilities delegations of authority
within the organization. We've had a lot of healthy discussions
there. We've also had a lot of discussions around
the Long-Term Care Program. In the past, it had
an elevated rating and it was kind of like, you know,
when do we move that to a lower rating than what it was in
the past based on actions taken by the Board and by management.
We also have a lot of discussion around the pension funding or asset liability management
domain. It's a particular area of focus for the Committee,
and there's a lot of discussion that occurs between
the Investment Office and the actuaries and the
CFO. That's -- the municipal bankruptcy, we are
always focused on that domain and a lot of discussion there
as well. Some of the areas of, you know, kind of, as
you describe back and forth, kind of around financial
controls and systems versus our financial reporting
-- excuse me. You know, the view of the investment world
versus the financial accounting world and we've had some
discussions about that that have been very robust discussions.
And then I think maybe one other area that's kind
of interesting is in our human resources management area,
where we might see pockets of issues within certain
divisions. You know, it's kind of an issue within that
division, but yet it's reflected whether -- you know, in
the overall human resources domain. And so it's really
not necessarily an HR issue or an enterprise-wide issue at
this point. It's just kind of pockets of issues, and so
we discussed that as well. I think those are kind of the focus of our
discussions that we have. And generally, you know, you're
right it is consensus -- consensus by majority. And so
while we have those robust discussions, at the end of the
day, everybody does have consensus with regards to the
reporting. CHAIRPERSON JELINCIC: Okay. So the -- what
I've heard is the places where there's the most
internal disagreement really is HR, and that's kind
of pocketed. And then some issues about the accounting
and -- between the accounting and INVO. And I think that
probably goes to some of the issues that we're going to
see in the audit report.
So those are areas that, you know, perhaps the
Board should focus on a little more closely, if I'm
hearing you correctly. And if I'm not hearing you
correctly, tell me, "No, that's not what I meant to say",
or, "That's not what I said. You didn't hear it right".
CHIEF FINANCIAL OFFICER EASON: Well, I think what I would advise the Board is that I think
you'd still want to look at the top risks, because I guess
-- you know, I believe that that's where we still
feel that the Board's focus needs to be. But I do agree
that with Larry's and Kathleen's observation that I
think for really the first time we've had such a robust discussion,
because we've involved the division chiefs in that
discussion. It was really quite -- I think it was really
quite enlightening for all of us, because we were
able to have a difference of opinion, and really -- In fact,
we had two meetings, because we couldn't fit it all into
one meeting and it spilled over into another one.
But I would agree with Larry that I think those
are the areas. And I think there was some -- also some --
I would add to the point to Mr. Slaton about just the --
some of the initiatives coming forward in terms of the
regulatory and the legislative. There was a lot of
discussion around that as well. One thing I did want to add, Mr. Chair, is
that we -- in response to your questions, we are
looking at the January off-site to dig deeper into taking
one of these risks and working at that off-site with you
to just dig deeper into one, and going through that robust
discussion, because I think that would be helpful.
CHIEF RISK OFFICER JENSEN: So if I could, Mr.
Chair, I'd like to just clarify my comments there. I
don't know that there was disagreements per se. It was
more of robust discussion to come to an understanding of
the various perspectives, right? And so I don't know that
there was a disagreement, per se. CHAIRPERSON JELINCIC: Okay. So let's call
it argument in the best sense of the word.
CHIEF RISK OFFICER JENSEN: Okay. But I agree with focusing on the top risks that's exactly
where the focus should be.
CHAIRPERSON JELINCIC: Ron. COMMITTEE MEMBER LIND: Thank you. So, you
know, there's obviously a lot of subjectivity here,
and, you know, what's elevated versus what's high,
right? So I assume there's not a whole lot of time and
effort and discussion as to whether, you know, something
goes from one point to the other. But to the point that
J.J. brought up, that in the briefing you folks
mentioned that you would like more input from the Committee,
I'm not clear on what sort of input you're looking
for? I mean, would you want us on particular topics
to say, no, we think that's high. It's not elevated.
You know, obviously some of the internal working
stuff we don't have the knowledge to do that, but maybe
some of the bigger issues like bankruptcy or, you know,
pension reform or whatever. We could give that kind of input
if that's what you're saying is appropriate. So I'm
just not clear on what it is you're looking for.
CHIEF RISK & COMPLIANCE OFFICER WEBB: That's a
very good question, Mr. Lind, and I appreciate it. And I
think there are a couple of things that are afoot that I
think will help evolve all of our maturity in the Risk and
Audit Committee and our responsibilities and our
respective responsibilities. One of the things that we would like to do
at the January Board off-site is talk about really
the fundamental role and responsibility for a
Risk Committee of the Board, and how should you go ahead
and focus your efforts, and what should be the questions
appropriately asked of myself and of Larry and Gary with
regards to our Risk and Compliance Program.
With regards to this whole process and what we
would expect from you is, based on your experiences, based
on your role and responsibility and the constituencies that you serve, in looking at this dashboard
what are the things that you see are the things that you're
hearing and does this match up?
In your respective roles on other committees for
the Board, for those of you that serve as chairs for other
committees or on other committees, do these risks that
we've identified in the mitigation strategies match with
what you're hearing from the other committees? Is there
some cross population going on and some cross-discussion taking place?
So we see that as a tool for you with regards to
your work with other committees to really make sure that
they're presenting and talking about those mitigation
strategies and the risks that we've identified. I think the other piece that we look to you
for especially in your capacities and your involvement
with external stakeholders, are there any emerging
risks that you're aware of? You all attend conferences.
You're all out there also working with other external
stakeholders. What are you hearing? Is there anything that
we should be paying attention to that you don't see displayed
here that you feel that we should maybe do some further
research and do an assessment on?
So that's what we would appreciate from you. And
I think this is again, you know, a journey for all of us,
and we're all maturing in kind of what our role and
responsibilities our and our understanding. And I hope in
January that we'll provide some more insight for all of
you on how to really kind of improve that process between
what we present to you and the feedback that we would like
to get back from you as well. CHIEF RISK OFFICER JENSEN: If I might add
just one thing. You know, we updated -- at the
request of the Committee, we updated the Top Risk Report
to identify the key risks that are being addressed within
each of these top domains. And so if there's areas that
you feel that
may be are not being addressed that we should address
within there, you know, we would like that feedback as
well. CHAIRPERSON JELINCIC: Priya.
VICE CHAIRPERSON MATHUR: Thank you. Well, you
mentioned something, Kathleen, that continues -- I
continue to struggle with, and that's how these risks map
to the various committees. For some it's obvious. Health
costs obviously maps to the Pension and Health Benefits
Committee, but for others it might not be quite as
obvious. And then also how do we ensure that there
is that cross communication, in that issues that are
raised here are also being addressed at the committee
level and vice versa. How do we ensure that issues that might
be raised through the committee -- through the other
committees come back and are integrated into this reporting.
And I don't think we've hit on that yet. There's something
missing process wise perhaps.
I still really struggle with that. So I guess I'd ask you, and maybe all of us, to keep
thinking about how to improve that.
CHIEF RISK & COMPLIANCE OFFICER WEBB: Yeah. To
that point, Ms. Mathur, there are some things that we are
working. One, we're in work with the strategic planning
operation to determine how best to align kind of the whole
risk dashboard with the strategic planning information
that's presented. One of the things that we've batted
around, and I think this will help provide some
clarification as well is within the mitigation strategies,
is -- provides some sort of alignment and linkage to a
business plan initiative. So if their mitigation strategy is specifically
called out in our business plan as a part of what we're
doing, then go ahead and call that out within the
mitigation strategy. If it's part of their Target
Operating Model -- for example, INVO has a number of items
they're working on through their Target Operating Model
indicate that, so you can see the linkage in the reports
that we're providing. And I think the work that we can do is working
with our division chiefs and with the deputies as well is
making sure the information they're presenting back to you
is how does that align with the enterprise risk dashboard
that you've received as well, and what are they doing to
help mitigate the risks that have been previously identified.
So to your point, absolutely it's this ongoing, you know, continuous improvement. And we'll
continue to look for ways to provide that alignment for
you, because in some cases it's not intuitive. In some
cases it's very intuitive, and some cases it's not. But I
think that's our job to make sure that we help provide
that since you're only seeing this dashboard maybe twice
a year. So how can we make this more of a useful tool
for you in the work you do with your other committees.
VICE CHAIRPERSON MATHUR: You know the other piece is a resource question. Are we allocating
our resources to our top risks? I mean -- and
somehow we don't -- it might be something that you formally
review at the executive and staff level that we don't
see at the Board level, or maybe it's in Finance Committee,
which I'm not as engaged with, so perhaps it's addressed
there. But somehow, you know, at each committee at Pension
and Health Benefits Committee are we spending enough
of our time on those things that have been identified as
top risks, both at a committee level, in terms of our time,
but also in terms of the attention of the staff and the
direction of our other resources -- of our financial resources.
CHIEF FINANCIAL OFFICER EASON: I just -- I think
that's great observations. You know, I think we can take
that back, and we will take that back and look at ways
that we can help support that, because I think it is
important for the Board to feel comfortable in terms of
each of the committees and the questions that you feel you
need to ask staff to ensure that they are mitigating risk.
But let me just talk briefly to, as part of our
business planning and budgeting process, last year what we
introduced was that for each of the initiatives we asked
staff to tie that back to their mitigation strategies and
to the top risks. So that's something we can certainly
show as part of our business planning, how we actually
tie, not only, our business planning, but our budgeting
and our resourcing to ensure that we are tying that
mitigation into those decision-making processes and to
support the mitigation of top risks. VICE CHAIRPERSON MATHUR: Thank you.
CHAIRPERSON JELINCIC: I have no one else on the
list. I want to thank the Committee for this discussion.
I think we need more discussion. I want to commend staff
on the residual risks status overview. I think that
actually is a helpful addition. It adds to your workload,
but I think it helps the Board. And since nobody else wants to speak, public
comment? I don't see anybody. I don't have a list for
public comment, and I don't see anybody rushing down, so
we are -- the open session is adjourned.