Enterprise Risk Management

for Internal Auditors

The New York Chapter of the Institute of

Internal Audit - 39th Annual Audit Seminar

May 18, 2012

Patchin Curtis, Director

Michele Crish, Senior Manager
Michael Schor, Senior Manager
Contents

Defining Risk and Risk Management

State of Enterprise Risk Management (ERM)

Risk Management Framework

Role of Internal Audit – A Discussion

Leading Practices and Insights from Deloitte’s Global Risk Survey

Questions and Answers

1 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk management in the news
“Given the central role of effective, firmwide risk
management in maintaining strong financial
institutions, it is clear that supervisors must redouble
their efforts to help organizations improve their risk-
management practices…We are also considering the
need for additional or revised supervisory guidance
regarding various aspects of risk management,
including further emphasis on the need for an
enterprise-wide perspective when assessing risk”
-Ben Bernanke, US Federal Reserve Bank Chairman, 2008
“A fundamental shortcoming is the wide disparity
between the rapid pace of financial innovation and
the risk management infrastructure on which this
innovation was built…. historic or statistical
measures of risk and exposure, such as value-at-risk,
past loss experiences and name concentration in the
traditional banking book have proved inadequate.”
- Nout Wellink , BIS Chairman, 2008
2 Copyright © 2012 Deloitte Development LLC. All rights reserved.
“Strong risk management and robust financial
regulation are the bedrock of a stable financial system”
-Hugo Banziger, Deutsche Bank’s Chief Risk Officer and a
Member of the Management Board, 2010
“I am fully convinced that going forward, continued
improvement of risk management by banks, despite
their size, will not only impact on their behavior but
also their performance.”
-Liu Mingkang, Chairman, China Banking Regulatory
Commission, 2004
“A bank in which every employee understands his or
her responsibility for managing risk is likely to be
more sound than a bank in which risk management is
always seen as someone else's responsibility. While
risk management starts at the business-line level, a
well-run bank also has in place an effective program
for enterprise-wide risk management that is
supported by strong internal controls.”
- Sara Raskin, Federal Reserve Bank Governor, 2011
Defining Risk and Risk
Management
Defining risk
Risk is the potential for loss or harm — or the diminished opportunity for gain — that can
adversely affect the achievement of an organization’s objectives, as defined by our Risk
Intelligence approach

Risk

Focus of Deloitte‘s approach

Rewarded Risk:
Unrewarded Risk:
Provides a premium if
Nothing is gained from
managed well
taking the risk
Relates to strategy and
Relates to risk areas such
business decisions,
as regulatory compliance
where value is created
 Risk Intelligence addresses
the risks and rewards of
value creation
 Risk does not just relate to
events that cause damage to
the business - consider risk
that applies to value creation
 If risk associated with value
creation is not properly
managed, a company may
not reap potential rewards

 A company’s leadership team

must understand the
Neglecting compliance could result If companies avoid too many risks, company’s risk and reward
in business termination they will forgo associated rewards profile

Focusing on rewarded risk enables continued creation and preservation of value, even in turbulent times.

4 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Defining risk management
A leading definition for Enterprise Risk Management is:

“A process, effected by an entity’s board of directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to identify potential events that may affect the
entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the
achievement of entity objectives.”*

ERM IS ERM IS NOT

 A process for providing a risk adjusted view of  A substitute for management’s judgment
the achievability of enterprise objectives  A bureaucratic exercise that is isolated from the
 A means to enhance informed decision making business units
and risk taking  A guarantee of a zero risk environment
 An aggregated portfolio view of risks and
vulnerabilities and their potential interactions
 A methodology that supports accountability for
risk across the organization

*Source: Committee of Sponsoring Organization of the Treadway Commission – COSO

5 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Role of risk management evolves

Traditional View

 View on managing single risk factors / single impact

events within various organizational silos
 Measure risk and ensure that exposure
concentrations are contained within pre-specified
(arbitrary) limits

Credit Risk
 Performance measured on ex-post basis in Return

Business Risk
on Assets (ROA) or contribution terms. Business

Operational Risk
Country Risk
Compliance
Unit Return on Equity (ROE), if measured, based on

Market Risk
Liquidity Risk
simply equity allocations

Reputation
 Institution’s overall capital ratio
 Regulatory capital

Evolving View
 View on managing risk enterprise-wide
 Measure risk, allocate capital based on risk, and measure performance relative to the cost of risk
(economic capital)
 Clarify risk/return economics for line management, and incorporate into pricing and customer
profitability
 Risk adjusted performance for business units, customers and portfolios utilize the same approach
 Greater link between CFO and Chief Risk Officer
 Evolving risk management capabilities is to build upon an institution’s strengths and existing
capabilities
6 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Benefits and challenges of risk management
Risk management provides many benefits throughout the organization and beyond. However,
implementing an ERM program may pose challenges across the organization, especially with
risk language, risk infrastructure and risk data

Benefits Challenges

 More integrated and comprehensive  Defining ERM: lack of organizational

assessment of risks, and an objective,
consistent approach to managing them
 Enhanced clarity around risk management
roles and responsibilities
 Help create a more common language and
improved view of risk across the institution
 Improved understanding and monitoring on
the nature of risk in the business
 Promote a risk-aware operating culture and
accountability
 Receive favorable treatment from credit
agencies, insurers, analysis and other
stakeholders
objectives and confusing, contradictory
terminology
 Assessing risk profile in line with strategic
decisions
 Siloed view of risk
 Identifying and aggregating various risk types
 Risk measurement: no one tool exists
 Enabling technology: no one system
addressing ERM

7 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Current trends in risk management
1. Clear governance practices embedded
into the organizational structure:
 Increase oversight, interaction and
communication with board and senior
management risk operating committees
 Communicate a statement of the risk
philosophy and appetite of the firm that is
actionable and can be assessed
 Document and clarify roles and responsibilities
 Develop integrated market and credit risk
framework processes
3. Investment in infrastructure and risk
capabilities:
 Enhance valuation and exposure measurement
capabilities (i.e. Ability to value and measure
the risks associated with all transactions)
 Re-prioritize infrastructure investment areas,
focus on risk exposure aggregation, netting and
product coverage
8 Copyright © 2012 Deloitte Development LLC. All rights reserved.
2. Risk and return balance and risk
management priorities:
 Decision making is risk/return oriented and in
partnership — risk is “right sized” to organization
 Compensation structure is aligned with risk and
reward
 Risk management function has risk “veto”
authority with clear escalation/resolution
processes
4. Transparency, disclosure and
communication:
 Need to provide informative, customized and
actionable information to senior management,
board and business lines
 Risk management should seek guidance and
have access to the board in order to understand
their objectives and perspective
 Increased external disclosures to shareholders,
regulators, rating agencies
State of ERM
Benchmarking ERM Capabilities
Deloitte’s ERM capability maturity model
Stakeholder Value

Optimized

Integrated
Comprehensive
Initial Siloed

Stages of Risk Management Capability Maturity

Representative Attributes Describing Each Maturity Level

Initial Siloed Comprehensive Integrated Optimized

• Ad hoc/chaotic • Independent risk • All risk types and • Risk interactions and • Risk discussion is
management activities business units dependencies embedded in strategic
• Reactive
• Limited focus on the encompassed rigorously evaluated planning, capital
• Processes undefined allocation, product
linkage between risks • End to end business • Risks to develop
and undocumented development, etc.
• Limited alignment of risk management overarching risk profile
• Depends primarily on process implemented aggregated • Use of dynamic early
risk to strategies
individual heroics, warning indicators
• Disparate monitoring & • Common framework, • Enterprise-wide “at
capabilities, and verbal
reporting functions program statement, risk” measure adopted • Linkage to
wisdom
policy, and risk • Risk performance measures
assessment criteria modeling/scenarios and incentives
• Dedicated team or
function

10 Copyright © 2012 Deloitte Development LLC. All rights reserved.

 ERM Capability of Various Industries
Some industries have been focused longer on ERM and made greater strides
Stakeholder Value

Optimized

Integrated

Initial Siloed Comprehensive

ERM Maturity
Reasons for higher ERM capabilities in
certain industries: Financial Services
• Highly regulated industry with intense
scrutiny from government entities
• Sophisticated risk analysis inherent to Insurance
the business
• Nature of operations is high risk
Energy

Mining
Note: Gradients indicate that a
Industrials small number of outliers define the
upper end of the range.

Technology

Life Sciences

Retail
Note: Placement of industries in this chart is judgmental, but based on Deloitte’s
depth of ERM knowledge and experience with a wide variety of industries.

11 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk Management
Framework
Defining a risk management framework
A risk management framework provides a structure that helps organizations decide which
opportunities to pursue and which hazards to avoid

The ERM framework recognizes the

dual nature of risk and devotes
sufficient resources both to risk
Risk taking for reward and protection of
Governance existing assets.

The elements of the ERM framework

include:
Tone at the top
Leaders adopt a broad outlook
and governance of risk and
Stakeholder Risk Strategy & integrate risk considerations into
expectations appetite performance strategic decision-making

Capable processes, systems and

Risk Management trained people act on both risks
Infrastructure and opportunities in a timely and
coordinated manner
Policies & Information & Tools and
Capability
procedures reporting technology A consistent risk assessment
approach is used across the
organization to manage all
Risk Management Processes classes of risk in an effective
and efficient manner
Risk Risk Escalation &
Risk identification Risk response
measurement assessment monitoring

Integration with the business

Risk Intelligence (RI) is Deloitte’s risk management philosophy that is focused on maintaining the right balance between risk and reward. Simply put, organizations create value by
taking risks and lose value by failing to manage them. An effective risk management program focuses simultaneously on value protection and value creation. Deloitte calls
organizations that have attained this advanced state of risk management capability a “Risk Intelligent Enterprise™.”
13 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Making ERM practical
Companies achieving higher maturity levels observe the 9 principles
Risk Governance
A common definition of risk, which addresses both value preservation and value
Common Definition of Risk
creation, is used consistently throughout the organization

A common risk framework supported by appropriate standards is used throughout the

Common Risk Framework
organization to manage risks

Key roles, responsibilities, and authority relating to risk management are clearly
Roles & Responsibilities
defined and delineated within the organization

Governing bodies (e.g., Boards, Audit Committees, etc.) have appropriate transparency and
Transparency for Governing Bodies
visibility into the organizations risk management practices to discharge their responsibilities

Risk Infrastructure & Management

A common risk management infrastructure that is used to support the business units
Common Risk Infrastructure
and functions in the performance of their risk responsibilities

Executive management is charged with designing, implementing and maintaining an

Executive Management Responsibility effective risk program

Other functions (e.g., internal audit, risk management, compliance, etc.) provide
Objective Assurance and Monitoring objective assurance as well as monitor and report on the effectiveness of an
organization's risk program to governing bodies and executive management

Risk Ownership & Processes

Business units are responsible for the performance of their business and the management of
Business Unit Responsibility
risks they take within the risk framework established by executive management

Certain functions have a pervasive impact on the business and not only provide support to the
Support of Pervasive Functions business units as it relates to the organization's risk program, but also enhance and enable
success when strategically aligned and considered as essential elements of the program
14 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Operating models
Control/Compliance Center for Excellence Reporter / Central Analysis

Operating
Philosophy

• Risk organization may be • Risk organization may be • Risk organization may be

perceived to be enforcer of risk
policies and rules
• Centralized risk function often
assumes ownership and
management of particular risks
Risk
• Drive risk management/
Culture process/ function integration
and alignment
• Integrate and coordinate cross-
functional risk inter-
dependencies
• Extensive reliance on policies
and procedures
• Many activities focused on
monitoring compliance
Typical
Attributes
perceived to be business partner perceived to be a burden on the
• Support/conduct risk business
assessments using various • Line management ownership of
techniques risks
• Identify likely/potential critical • Avoids unnecessary disruption to
risks and proactively engage risk the business
owners, build tools, processes,
etc.
• Focus on enhancing risk
informed decision making and
managing risks during execution
of decisions
• Requires tool/process • Identify high level risk trends
development investments • Gather information and report to
• Utilization of tools/process is center for data analysis
optional
• Tools/process may not be fully
utilized or adopted by
business/risk owners
• Risk organization should provide
quality services to business units

15 Copyright © 2012 Deloitte Development LLC. All rights reserved.

 Risk roles & responsibilities - Illustrative
An example of risk management roles and responsibilities throughout an organization

Executive Internal
Business Units ERM Function Risk Committees Audit Committee
Committee Audit
Take and Manage Monitor &
Oversee Approve Ratify Validate
Risks Aggregate

 Ownership of  Establishment of  Oversight over  Approval of  Ratification of  Independent

business unit consistent risk risks within scope key documents, key documents, Verification and
activities which policies, of authority such as: such as: Testing of:
give rise to risk governance  Oversight and ˗ ERM Policy ˗ ERM Policy ˗ Internal Controls
and responsibility framework, approval of ˗ Risk Appetite ˗ Risk Appetite ˗ Quality of the
for risk standards, and measurement and ˗ Risk Governance ˗ Risk Governance Enterprise Risk
management and information management Model Model Management
mitigation reporting methodologies for ˗ Authorities ˗ Authorities Program
 Risk identification mechanisms to risks within scope ˗ Quality and
facilitate effective ˗ Committee ˗ Committee
and self-  Oversight of Charters Charters integrity of risk
assessments risk management changes in risk models
 Monitoring and  Monitoring risk
 Developing profile exposure status
strategy & taking participation in  Oversight of
actions to manage specific risk  Approving Board
Business Unit reporting package
and mitigate risks committees for the management of
within policy and purpose of designated risk  Monitoring
risk appetite providing the categories Business Unit
 Providing enterprise view mitigation plans
assertions on risk  Providing summary and their status for
exposure and information and top risks
controls for their analysis to the  Approve limit
business area / Executive exceptions
function Committee to
 Business Unit Risk assess, evaluate,
Managers and act on risk
coordinate the
Business Unit risk
assessment,
monitoring, and
mitigation activities

16 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Three lines of defense
Risk management responsibility can be viewed as three lines of defense: management, Chief
Risk Officer (CRO)/ Risk function, and Internal Audit
1st Line of Defense
Top Management and
New Business Dev.
• Promote a strong risk
culture and sustainable risk-
return decision making
• Portfolio optimization on the
macro and micro level
• Promote a strong culture of
adhering to limits and
managing risk exposure
• Ongoing monitoring of risks
17
Board of Directors
2nd Line of Defense
Risk Management
Function
• Combination of watchdog,
trusted advisor, enforcer
• Understand how the
business makes money—
and actively challenge
initiatives if appropriate
• Top talent with business
experience engaging with
management and NBD as
equals
• Independent from
management and staff that
originate risk exposures
• Overarching risk oversight
unit across all risk types and
business units
3rd Line of Defense
Internal Audit
• Good understanding of the
business and risk
management
External Auditor
Regulator
• Top talent within audit—to
challenge the front office
and risk management
function
• Independent oversight
function with ability to
enforce fulfillment of
findings
• Ability to link business and
risk with process and IT
know-how
Copyright © 2012 Deloitte Development LLC. All rights reserved.
Risk appetite
At the highest level, risk appetite defines the amount of overall risk that a firm is willing to
accept in pursuit of its business objectives
Strategic
Risk appetite principles: goals &
value
 Defined by senior management and approved by the drivers
Board of Directors
 Aligned with business objectives and should be linked to
Risk
KPIs Action and
appetite
correction
 Responsibility distributed across the organization to all statement
levels of management
 Embedded in policy development, business and strategic
planning, resource allocation, and various business and Risk
Risk
monitoring
risk processes / reporting
metrics
and limits
framework

Risk Appetite Scale

Risk Seeking Risk Tolerant Risk Neutral Risk Averse

Description Taking risk is Company takes an Company takes a Company accepts as little
considered part of aggressive approach balanced approach to risk risk as possible
company’s strategy towards taking risk taking
Example risk New market expansion Portfolio management, Operations, asset / liability Heath, safety, environment,
appetite by and acquisition innovation management security, fraud, financial
business activity activities reporting, regulatory
compliance and reputation

18 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk processes
Key risk processes to establish a robust risk management framework:

1 2 3 4 Risk 5 Risk
Risk Risk Risk
Response & Monitoring &
Identification Assessment Measurement
Mitigation Reporting

• Structured • Provide a • Range of risk • Appropriate • Risks usually

around enterprise qualitative and measurement response is monitored
wide framework quantitative view methodologies dependent on individually and
of risk categories of risk exist company’s then aggregated
and definitions • Assessed on the • Data availability strategic and reported
Gross / Inherent and quality is key objectives, risk • RM Function
• Both top down basis and on the • Most start with appetite, level of usually
and bottom up Net / Residual qualitative form of action required aggregates and
process basis taking into risk assessment and return/ reports
consideration • Examples reward / cost of • Effective risk
existence of risk include: risk the mitigation reporting should
mitigation assessment & plan include info on
• Level of scoring, KRIs, • Can range from key risks
complexity of the loss event and fully mitigate to enterprise wide,
risk assessment scenario partial mitigation, provide clear
should correlate modeling, to accept and no picture of risk
to level of economic capital mitigation profile and
significance of the modeling and • Establish a risk emerging risks,
risk allocation mitigation and focus on
• Need BU framework KRIs, limits and
involvement thresholds
• Risk dashboard

19 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Role of Internal Audit – A
Discussion
Internal Audit’s role in ERM
Two key factors to consider when determining Internal Audit's role with respect to ERM include:
1. Whether the activity raises any threats to the internal auditors' independence
and objectivity
2. Whether it is likely to improve the organization's risk management, control, and governance
processes.

Core internal audit roles in regards Legitimate internal audit roles Roles internal audit should
to ERM with safeguards not undertake

21*Source: The Institute of Internal Auditors (IIA) Position Statement Copyright © 2012 Deloitte Development LLC. All rights reserved.
Leading Practices and
Insights from Deloitte’s
Global Risk Management
Survey – Seventh Edition
Global Risk Management Survey 2011

The seventh edition of the bi-annual Global Risk Management Survey represents Deloitte’s most recent
look at the state of risk management across the global financial services industry

 The survey was conducted during Q3 2010

 We solicited responses from CROs or their
equivalents at financial services firms around the
world
 131 financial institutions with a total of over $17
trillion in assets participated
 Topics included:
‒ Risk governance
‒ Enterprise risk management
‒ Basel II, Solvency II, and economic capital
‒ Managing risk types
‒ Risk management systems & technology
infrastructure

Source: Navigating in a Changed World, Deloitte Global Risk Management Survey, 7th edition
http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/us_fsi_grms_031711.pdf
23 Copyright © 2012 Deloitte Development LLC. All rights reserved.
About the survey Primary Business

 Participating institutions were

primarily diversified financial
services companies, commercial
and retail banks, and insurance
companies
 Headquartered in a variety of Geography
geographies, many responding
institutions are global companies
 The range of asset sizes includes
some of the world’s largest
institutions as well as smaller,
regional institutions Asset Size

Note: Some graphs do not add to 100% due to rounding.

24 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk governance findings and insights
The scope and responsibilities of the Board, Chief Risk Officer and risk
management function continue to grow, with more and more responsibilities being
added.

Which of the following steps has your organization taken in response

to recent concerns regarding risk governance?

25 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk governance findings and insights
Increasingly, risk management responsibilities are being incorporated into goals
and compensation decisions across organizations. This trend will likely continue to
grow.

To what extent are responsibilities for risk management incorporated into performance
goals and compensation across the organization?
60%
56%

49%
50%

40%

43% 31% 31%

28% 28%
30% 37%

22%
20%
20%
25%
22% 29%
26% 13%
19% 17% 10%
10%
10%
12% 13% 7%
6% 6%
2% 2% 3% 3% 3% 3%
0%
2008 2010 2008 2010 2008 2010 2008 2010 2008 2010
Senior management Middle management Finance personnel Operations personnel Staff personnel

Completely Substantially

26 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Enterprise risk management findings and insights
• The adoption of ERM programs continues to grow – 79% of all respondents said
they have or are currently implementing an integrated ERM program, versus 59%
two years ago.
• The perceived value of ERM is also on the rise.

How much value do you believe your organization has received from its
ERM program, or equivalent, in each of the following areas?

27 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Enterprise risk management findings and insights
Boards of Directors have been substantially increasing the scope and frequency of
risk management related reporting.

Which of the following types of risk information does your organization

currently report to the Board of Directors?

28 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Managing risk types – overview across risk types
A number of new risk types were added to the survey in 2010; for those risks
also in the 2008 survey, the assessment of risk management effectiveness has
not increased significantly for most risk types.

How effective do you think your organization is in managing each of the following
types of risks?

90%
77% 76%
80% 74% 71% 71%
71% 71%
70% 64% 64% 62%
60%
60% 56% 54% 54%
53%
49% 48% 47%
50% 45% 44% 44% 43%
41%
37% 37% 36%
40%
30%
20%
10%
0%

Extremely / Very effective

29 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Risk infrastructure and data findings and insights
• The integration of risk systems and data continues to present challenges across
all financial services sectors.
• Data management and data integrity are increasingly important areas of focus for
many major financial institutions.

How effective do you think your organization is in the following aspects

of risk data strategy and infrastructure?

38%

37%

33%

31%

29%

28%

27%

30 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Leading practices
 Role of the board of directors: Increased focus on governance and oversight for risk
management and on approving a clearly stated-risk framework, policies and risk appetite
statement
 Role of the chief risk officer: Increased responsibility and visibility: direct reporting
lines to the board and/or CEO and leading ERM program, including risk governance,
reporting and analytics, where appropriate
 “Three lines of defense”: Define risk framework that clearly identifies roles,
responsibilities and monitoring across the organization
 Risk appetite statement: Approving an enterprise-level statement of risk appetite and
integrating into business activities, e.g. limits
 Risk metrics: Focus on key risk metrics in decision-making across the organization,
including strategy planning, budgeting, and performance measurement
 Chief Compliance Officer and Compliance Program: Emphasis on building
enterprise-wide, independent compliance risk management program consistent with
regulatory guidance and elevating visibility of CCO and direct reporting line to the board
 Risk reporting: Continued challenges with integration of systems and data; yet focus
remains on aggregation and analysis across asset classes and business. Enhanced
reporting to management and the board

31 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Take-aways for consideration

As an internal auditor evaluating an ERM Program, the following are considerations:

 Risk management likely continues to be an area of substantial focus, given

market conditions and regulatory change
 No two institutions are alike: Business strategy and the mix of component
businesses and jurisdictions will help drive decision-making
 Risk governance – boards have been increasingly proactive in risk
management and this will likely continue
 The CRO is increasingly a more senior executive position
 Even “traditional” risks such as operational risks can benefit from more
attention; additional risks may need focus
 Continued and increased use of risk measurement models and approaches,
including stress testing, require assessment of models and assumptions
 Data integrity and data analysis become increasingly important as systems are
integrated and reporting needs increase

32 Copyright © 2012 Deloitte Development LLC. All rights reserved.

Questions and Answers
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting,
business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such
professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. In
addition, this presentation contains summarized survey results, which are included for informational and discussion purposes only.
Participant survey responses were taken “as is” and were not confirmed or validated by Deloitte. Before making any decision or
taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this
presentation.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which
is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu
Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain
services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2012 Deloitte Development LLC. All rights reserved.

Member of Deloitte Touche Tohmatsu Limited