w w w . e i d e b a i l l y . c o m

James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud)Jmenck@eidebailly.com

214.680.6889

Exams, Audit, SOX/MAR, ERM, ORSA,...what’s next???

w w w . e i d e b a i l l y . c o m

Progression of Oversight

• How did we get here???• Increased overlap – nothing goes away!• Corporate failures due to fraud• Stakeholder concerns

• Where do we go from here???• Pressure for efficiencies• Increase in self-policing• Increased reliance on the work of others

2

SIU

MAR

ERM

w w w . e i d e b a i l l y . c o m

Progression of Financial Examinations

• Prospective Solvency Risks

• Internal Controls / Risk Assessment

• Reliance on the work of others

• Increased coordination

• Limited substantive procedures

• Accreditation

3

w w w . e i d e b a i l l y . c o m

Model Audit Rule

• Annual Financial Reporting Model Regulation (Model Audit Rule)

• Modeled after SOX• annual independent statutory audit• Insurers with $500 million in annual direct and assumed

premium or $1 billion for groups• Additional board independence• Internal Audit• Management’s report on internal controls

4

We trust you

w w w . e i d e b a i l l y . c o m

NAIC ORSA Regulation

• Risk Management and Own Risk and Solvency Assessment Model Act

• Based on the EU Solvency II Directive• Assess risk specific to the insurer• Assess solvency in a continuous and prospective way• Focus on stress scenario testing• Transparency • Annual• Confidential

5

w w w . e i d e b a i l l y . c o m

NAIC Activities

• Risk-focused Surveillance (E) Working Group• Eliminate redundant collection of insurer information• Increase communication• Annual peer review of exams of different state DOIs• Ongoing search for efficiencies

• Group Solvency Issues (E) Work Group• Group-solvency-related issues• Supervisory colleges• ORSA Pilot Project

6

w w w . e i d e b a i l l y . c o m

U.S. Insurance Financial Solvency Framework

Image courtesy of 2010 National Association of Insurance Commissioners

7

w w w . e i d e b a i l l y . c o m

Financial Solvency Framework - 7 Core Principles

1. Regulatory reporting, disclosure and transparency2. Off-site monitoring and analysis3. On-site regulatory examinations4. Reserves, Capital Adequacy and Solvency5. Regulatory Control of Significant, Broad-based Risk-

related Transactions/Activities6. Preventive and Corrective Measurers, Including

Enforcement7. Exiting the Market and Receivership

8

w w w . e i d e b a i l l y . c o m

NAIC 10 Critical Risks

1. Asset Valuation / Impairment2. Liquidity3. Investment Portfolio4. Reinsurance Program5. Reinsurance Reporting and Collectability6. Underwriting / Pricing7. Reserve Data8. Reserve Adequacy9. Related Party / Holding Company10. Capital Management

9

w w w . e i d e b a i l l y . c o m

Branded Risks

• Credit• Market• Pricing/Underwriting• Reserving• Liquidity• Operational• Legal• Strategic• Reputation

10

w w w . e i d e b a i l l y . c o m

Branded Risks

• Assess each risk classification based on quantitative and qualitative information

• Consider prospective risk

• Risk trending

• Aggregate risk components for overall assessment

11

w w w . e i d e b a i l l y . c o m

Regulatory Trends

• Cybersecurity Bill of Rights

• Dual Regulation

• International Standards

• Enhanced Monitoring

• Prioritization

• Quality of Capital

• Governance

12

w w w . e i d e b a i l l y . c o m

State Regulator Considerations

• Availability of resources

• Industry

• Political pressures

• Laws and regulations

• Accreditation status

• Quarterly financial analysis

13

w w w . e i d e b a i l l y . c o m

Reporting Objectives

SolvencyRisk

AssessmentProspective

RisksFraud Financial Operational IT

State Examinations X X X X X X X

State Financial Analysis X X X

External Audit X X X X X X

Internal Audit X X X X X X X

MAR/SOX X X X X X X

ORSA X X X X X X X

ERM X X X X X X X

SIU X

14

w w w . e i d e b a i l l y . c o m

Testing Focus

Internal Controls

Safeguarding of Assets

Review Corporate

Governance

Review Fraud Plan

Process Walk-

Throughs

Data Analysis

Strategic Plan

Analysis

Prospective Risks

State ExaminationsFinancial

Operational IT

X X X X

Primary focus on review of Co. Internal

Analysis

Solvency Solvency

State Financial Analysis

X If requiredNAIC

Available Data

X X

External Audit Financial IT

X X X XReview internal

analysisGoing concern Going concern

Internal AuditFinancial

Operational IT

X X X X CAAT X X

MAR/SOX Financial IT

X X X X FinancialEntity-Level

ControlsEntity-Level

Controls

ORSAFinancial

Operational IT

X X X Rely on IA Stress testing X X

ERMFinancial

Operational IT

X X X Rely on IA X X X

SIU Fraud Fraud Creates plan Fraud Fraud Fraud

15

w w w . e i d e b a i l l y . c o m

Audit Procedures

Test Internal Controls

Substantive Testing

Reserving Practices

Claims Handling

Underwriting Practices /

Policy Issuance

Bank and Investment

Confirmations

Test Bank / Custodian

Reconciliations

Compliance with New Laws &

Regulations

Customer Service

State Examinations

Financial Operational

IT

Varies depending

on IC relianceX

Financial / Compliance

X Year-End X XComplaints handling

External AuditFinancial

IT

Varies depending

on IC relianceX Financial Pricing / FR

Interim/Year-End

X X

Internal AuditFinancial

Operational IT

X X X X X X X

MAR/SOXFinancial

ITX Financial Pricing / FR IC

Financial reporting

16

w w w . e i d e b a i l l y . c o m

Techniques to Consider – Managing Examinations

• Central point of contact

• Formal data requests

• Electronic format for responses

• Maintenance of request log

• Ongoing communication / responsive

• Early access to information / management / external auditor

• Access to adequate internet connection for electronic work papers on remote server

17

w w w . e i d e b a i l l y . c o m

Techniques to Consider – Managing Examinations

• Access to management reporting

• Entity-Level Controls• Integrity• Vertical communication

• Identification and testing of key controls

• Updated process flows / mapping / narratives

• Access to ERM reporting / supporting documentation

18

w w w . e i d e b a i l l y . c o m

Techniques to Consider – Managing Examinations

• Use Internal Audit to manage other audit activity• Reduce duplication of efforts and disruption to the business• Review auditor requests prior to delivery to the business• Review documentation prior to delivery to the

auditor/examiner/analyst

• Mock exams

19

w w w . e i d e b a i l l y . c o m

Techniques to Consider – External Audit

• Utilize Internal Audit’s resources

• Incorporate regulatory concepts into audit plan / procedures

• Communicate and share strategy and prospective risk concerns - ERM, ORSA, Compliance

• Coordinate with State insurance department

20

w w w . e i d e b a i l l y . c o m

Techniques for Internal Audit

• Coordinate with state insurance department

• Illustrate risk assessment process, results, and reporting

• Incorporate regulatory concepts into audit program and procedures

• Manage external and internal audit activity to minimize disruption to the business

21

w w w . e i d e b a i l l y . c o m

Techniques for Internal Audit

• Exam and external audit assessment

• Focus on prospective risks

• Align resources with the business and prospective risks

• Ongoing risk assessment

• Incorporate business concerns into planned audits as much as possible

22

w w w . e i d e b a i l l y . c o m

Techniques for Internal Audit

• Timing and scope of audits aligned with financial examination

• Premiums• Underwriting/rating / pricing• Commissions• Claims (adjudication; timely; completeness/accuracy)• Reinsurance program and accounting• Customer service (Complaints)• Approved advertising• Corporate governance / ERM / ORSA assessment

• Focus on internal controls

23

w w w . e i d e b a i l l y . c o m

Techniques for Internal Audit

• Assess compliance with laws and regulations

• Conduct SOX/MAR compliance testing

• Maximize Data analysis• Fraud• Financial analysis• CAAT

24

w w w . e i d e b a i l l y . c o m

Techniques to Consider – Risk Management

• Focus on objectives and effective communication - avoid duplication of efforts

• Combine ERM and ORSA• Incorporate Internal Audit Activities• NAIC Branded Risks and analysis of Critical Risks• Share results with regulator – financial analyst• Assess Capital

25

w w w . e i d e b a i l l y . c o m

This presentation is presented with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns, as the contents of this presentation are intended for general informational purposes only. Viewers are urged not to act upon the information contained in this presentation without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and additional information can be submitted to your Eide Bailly representative, or to the presenter of this session.

Questions?

26

w w w . e i d e b a i l l y . c o m

James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud)Jmenck@eidebailly.com

214.680.6889

Thank You!