Upload
dophuc
View
221
Download
0
Embed Size (px)
Citation preview
w w w . e i d e b a i l l y . c o m
James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud)[email protected]
214.680.6889
Exams, Audit, SOX/MAR, ERM, ORSA,...what’s next???
w w w . e i d e b a i l l y . c o m
Progression of Oversight
• How did we get here???• Increased overlap – nothing goes away!• Corporate failures due to fraud• Stakeholder concerns
• Where do we go from here???• Pressure for efficiencies• Increase in self-policing• Increased reliance on the work of others
2
SIU
MAR
ERM
w w w . e i d e b a i l l y . c o m
Progression of Financial Examinations
• Prospective Solvency Risks
• Internal Controls / Risk Assessment
• Reliance on the work of others
• Increased coordination
• Limited substantive procedures
• Accreditation
3
w w w . e i d e b a i l l y . c o m
Model Audit Rule
• Annual Financial Reporting Model Regulation (Model Audit Rule)
• Modeled after SOX• annual independent statutory audit• Insurers with $500 million in annual direct and assumed
premium or $1 billion for groups• Additional board independence• Internal Audit• Management’s report on internal controls
4
We trust you
w w w . e i d e b a i l l y . c o m
NAIC ORSA Regulation
• Risk Management and Own Risk and Solvency Assessment Model Act
• Based on the EU Solvency II Directive• Assess risk specific to the insurer• Assess solvency in a continuous and prospective way• Focus on stress scenario testing• Transparency • Annual• Confidential
5
w w w . e i d e b a i l l y . c o m
NAIC Activities
• Risk-focused Surveillance (E) Working Group• Eliminate redundant collection of insurer information• Increase communication• Annual peer review of exams of different state DOIs• Ongoing search for efficiencies
• Group Solvency Issues (E) Work Group• Group-solvency-related issues• Supervisory colleges• ORSA Pilot Project
6
w w w . e i d e b a i l l y . c o m
U.S. Insurance Financial Solvency Framework
Image courtesy of 2010 National Association of Insurance Commissioners
7
w w w . e i d e b a i l l y . c o m
Financial Solvency Framework - 7 Core Principles
1. Regulatory reporting, disclosure and transparency2. Off-site monitoring and analysis3. On-site regulatory examinations4. Reserves, Capital Adequacy and Solvency5. Regulatory Control of Significant, Broad-based Risk-
related Transactions/Activities6. Preventive and Corrective Measurers, Including
Enforcement7. Exiting the Market and Receivership
8
w w w . e i d e b a i l l y . c o m
NAIC 10 Critical Risks
1. Asset Valuation / Impairment2. Liquidity3. Investment Portfolio4. Reinsurance Program5. Reinsurance Reporting and Collectability6. Underwriting / Pricing7. Reserve Data8. Reserve Adequacy9. Related Party / Holding Company10. Capital Management
9
w w w . e i d e b a i l l y . c o m
Branded Risks
• Credit• Market• Pricing/Underwriting• Reserving• Liquidity• Operational• Legal• Strategic• Reputation
10
w w w . e i d e b a i l l y . c o m
Branded Risks
• Assess each risk classification based on quantitative and qualitative information
• Consider prospective risk
• Risk trending
• Aggregate risk components for overall assessment
11
w w w . e i d e b a i l l y . c o m
Regulatory Trends
• Cybersecurity Bill of Rights
• Dual Regulation
• International Standards
• Enhanced Monitoring
• Prioritization
• Quality of Capital
• Governance
12
w w w . e i d e b a i l l y . c o m
State Regulator Considerations
• Availability of resources
• Industry
• Political pressures
• Laws and regulations
• Accreditation status
• Quarterly financial analysis
13
w w w . e i d e b a i l l y . c o m
Reporting Objectives
SolvencyRisk
AssessmentProspective
RisksFraud Financial Operational IT
State Examinations X X X X X X X
State Financial Analysis X X X
External Audit X X X X X X
Internal Audit X X X X X X X
MAR/SOX X X X X X X
ORSA X X X X X X X
ERM X X X X X X X
SIU X
14
w w w . e i d e b a i l l y . c o m
Testing Focus
Internal Controls
Safeguarding of Assets
Review Corporate
Governance
Review Fraud Plan
Process Walk-
Throughs
Data Analysis
Strategic Plan
Analysis
Prospective Risks
State ExaminationsFinancial
Operational IT
X X X X
Primary focus on review of Co. Internal
Analysis
Solvency Solvency
State Financial Analysis
X If requiredNAIC
Available Data
X X
External Audit Financial IT
X X X XReview internal
analysisGoing concern Going concern
Internal AuditFinancial
Operational IT
X X X X CAAT X X
MAR/SOX Financial IT
X X X X FinancialEntity-Level
ControlsEntity-Level
Controls
ORSAFinancial
Operational IT
X X X Rely on IA Stress testing X X
ERMFinancial
Operational IT
X X X Rely on IA X X X
SIU Fraud Fraud Creates plan Fraud Fraud Fraud
15
w w w . e i d e b a i l l y . c o m
Audit Procedures
Test Internal Controls
Substantive Testing
Reserving Practices
Claims Handling
Underwriting Practices /
Policy Issuance
Bank and Investment
Confirmations
Test Bank / Custodian
Reconciliations
Compliance with New Laws &
Regulations
Customer Service
State Examinations
Financial Operational
IT
Varies depending
on IC relianceX
Financial / Compliance
X Year-End X XComplaints handling
External AuditFinancial
IT
Varies depending
on IC relianceX Financial Pricing / FR
Interim/Year-End
X X
Internal AuditFinancial
Operational IT
X X X X X X X
MAR/SOXFinancial
ITX Financial Pricing / FR IC
Financial reporting
16
w w w . e i d e b a i l l y . c o m
Techniques to Consider – Managing Examinations
• Central point of contact
• Formal data requests
• Electronic format for responses
• Maintenance of request log
• Ongoing communication / responsive
• Early access to information / management / external auditor
• Access to adequate internet connection for electronic work papers on remote server
17
w w w . e i d e b a i l l y . c o m
Techniques to Consider – Managing Examinations
• Access to management reporting
• Entity-Level Controls• Integrity• Vertical communication
• Identification and testing of key controls
• Updated process flows / mapping / narratives
• Access to ERM reporting / supporting documentation
18
w w w . e i d e b a i l l y . c o m
Techniques to Consider – Managing Examinations
• Use Internal Audit to manage other audit activity• Reduce duplication of efforts and disruption to the business• Review auditor requests prior to delivery to the business• Review documentation prior to delivery to the
auditor/examiner/analyst
• Mock exams
19
w w w . e i d e b a i l l y . c o m
Techniques to Consider – External Audit
• Utilize Internal Audit’s resources
• Incorporate regulatory concepts into audit plan / procedures
• Communicate and share strategy and prospective risk concerns - ERM, ORSA, Compliance
• Coordinate with State insurance department
20
w w w . e i d e b a i l l y . c o m
Techniques for Internal Audit
• Coordinate with state insurance department
• Illustrate risk assessment process, results, and reporting
• Incorporate regulatory concepts into audit program and procedures
• Manage external and internal audit activity to minimize disruption to the business
21
w w w . e i d e b a i l l y . c o m
Techniques for Internal Audit
• Exam and external audit assessment
• Focus on prospective risks
• Align resources with the business and prospective risks
• Ongoing risk assessment
• Incorporate business concerns into planned audits as much as possible
22
w w w . e i d e b a i l l y . c o m
Techniques for Internal Audit
• Timing and scope of audits aligned with financial examination
• Premiums• Underwriting/rating / pricing• Commissions• Claims (adjudication; timely; completeness/accuracy)• Reinsurance program and accounting• Customer service (Complaints)• Approved advertising• Corporate governance / ERM / ORSA assessment
• Focus on internal controls
23
w w w . e i d e b a i l l y . c o m
Techniques for Internal Audit
• Assess compliance with laws and regulations
• Conduct SOX/MAR compliance testing
• Maximize Data analysis• Fraud• Financial analysis• CAAT
24
w w w . e i d e b a i l l y . c o m
Techniques to Consider – Risk Management
• Focus on objectives and effective communication - avoid duplication of efforts
• Combine ERM and ORSA• Incorporate Internal Audit Activities• NAIC Branded Risks and analysis of Critical Risks• Share results with regulator – financial analyst• Assess Capital
25
w w w . e i d e b a i l l y . c o m
This presentation is presented with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns, as the contents of this presentation are intended for general informational purposes only. Viewers are urged not to act upon the information contained in this presentation without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and additional information can be submitted to your Eide Bailly representative, or to the presenter of this session.
Questions?
26
w w w . e i d e b a i l l y . c o m
James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud)[email protected]
214.680.6889
Thank You!