SlideShare a Scribd company logo

Atila Kas

Alma Total Solutions
Alma Total Solutions

Solvency II & the Internal Audit Role Internal Audit Forum 2017 - Sponsored by Alma Total Solutions

Education
1 of 17
INTERNAL AUDIT FORUM 2017 (CYPRUS) Solvency II & the Internal Audit Role May 25, 2017 Atila KAS 1
SOLVENCY 2 (S2) The EU Solvency II Directive lays down explicit governance requirements, including for the risk management system of insurers and reinsurers. Solvency II is the new risk-based regulatory framework for insurers taking effect on 1 January 2016. This framework consists of the Solvency II Directive (2009/138/EC), the Delegated Acts containing implementing rules for Solvency II, and the associated technical standards.  The Solvency II Directive is a world-leading standard that requires insurers to focus on managing all of the risks facing their organization.  Real opportunity to improve their risk-adjusted performance and operational efficiency,  S2 is not only on the radar of insurance companies in the EU, but also on those across the globe.  All stakeholders of the financial industry are watching EU.  Impact to insurance companies, governments, and rating agencies within the EU and beyond.  S2 = Living process of 15 years : consultation, feedback, and cooperation between the insurance industry and regulatory bodies.  S2 : based of Basel 2 on the framework, including the 2008 Crisis parameters. 2
ROLE OF IA IN S2 3
ROLE OF IA IN S2 1. In respect of “including relevant Solvency II compliance items in each audit assignment”, Internal Audit should consider in the audit approach specific steps to evaluate the application of risk related policies, set limits, the review of use tests as well as the reliability of data that will feed risk reporting and the Own Risk and Solvency Assessment (‘ORSA’) process. 2. Internal Audit should “assess the components of the system of governance” (see art. 41 & art. 47) and make appropriate recommendations for improving it. In particular, Internal Audit should pay specific attention to:  Respect of the remuneration policy (Advice on System of Governance);  Compliance with regulatory provisions regarding outsourcing (art. 47-49). 3. The assessment of the “Risk Management function” and of the “Risk Management system” should consider the Solvency II requirements as defined by art. 44.  Preliminary Risk Analysis  yearly IA plan (Risk based approach)  Update expected on periodic evaluation  Overall risk management process, as well as the appropriateness of internal controls. In general, Internal Audit evaluates the independence and the global effectiveness of the insurance company’s risk management function (art. 47). 4
ROLE OF IA IN S2 4. Compliance function (Advice on Systems of Governance paragraph 3.232 to 3.250, 3.256-3.258) relating to the S2 (specifically in respect of the Compliance function): the requirement for compliance with all legislation and particularly in the areas of Anti Money Laundering and Privacy. 5. In the assessment of the “Process for designing and implementing risk models” / special attention should be paid :  Model documentation and of the internal validation procedure;  compliance (Event of change model & Reporting requirements)  the degree of inclusion of the different risks in the model;  the embedding of the model in the risk management;  Integrity of the management processing and IS ;  Data Quality (consistency, reliability, continuity, timeliness, synchronism);  the quality and the accuracy of the model and of the “ex post” control;  the quality of the stress testing;  the accuracy of MCR & SCR calculation;  the use test In line with what is set out in Recital 68 and art. 112, but also within the Pre-application process for internal models (formerly CP80). 5
ROLE OF IA IN S2 6. The assessment of the actuarial function should consider the European supervisory authorities’ requirements as stated in art. 48. 7. Reinsurance management process :  Company’s solvency and profitability must be integrated  Safeguarding of assets through optimization of the reinsurance coverage - In line with company’s risk appetite/profile.  Monitoring reinsurers’ solvency, ceded reinsurance premiums and claims interventions. 8. Own Risk and Solvency Assessment (ORSA) document process and outcome  the key strategic decision-making  Important element in the risk management of the company.  Facilitate the BOD & BOM  IA is not allowed to take part of the preparation of this document. IA Profession believes that the application of all standards implicit in the “Core internal audit tasks” should be included in the audit plan based on a risk based approach. 6
ROLE OF IA IN S2 Possible consulting roles in the Solvency II context ▸ Internal Audit may undertake in relation to Solvency II  Independence and objectivity are maintained. ▸ “Providing Solvency II related advice upon Executive Management or other entitled governance bodies request”. ▸ Internal Audit’s plan must be prioritized over the performance of any consulting activity.  Consulting services <> operational or management responsibility 7
ROLE OF IA IN S2 IA must be always integrated on the key strategic projects ▸ Governance of the project.  keep itself informed and updated on the organization and status of the project  Decide to evaluate the adequacy of the governance of the project (including any committees) ▸ Written Policies and Procedures.  Review of policies and procedures.  Check on design for any procedure updated by S2 and internal governance committees ▸ Data quality.  Adequacy of data quality, irrespective of whether this is Solvency II related or not.  Data used for the internal model shall be accurate, complete and appropriate.” (Art. 121(3)).  IT auditors or IT auditing expertise must be involved  Assess the Validation process regarding data ▸ Internal model. Data quality is also an integral part of model validation, “the model validation process shall (…) include an assessment of the accuracy, completeness and appropriateness of the data used by the internal model.” (art. 124). 8
The ORSA enables management to responsibly weigh up risks, capital and returns against each other and look forward to the medium to long term based on the current situation. The ORSA is a regular process that must be performed at least once a year. An ORSA must also be performed in the event of any significant change in the risk profile. The outcomes and findings of each ORSA must be submitted to the insurer’s executive management for approval and then communicated to all relevant departments and to the regulatory authority. Provided that certain conditions are met, insurance groups have the option to do this in a group report. Example of the conceptualization of an ORSA audit 9 AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA)
AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA) 10  3.4 Scenario tests and stress tests Regular engagement : In an audit of the internal management of the ORSA process, including compliance with laws and regulations. As part of its review of the risk profile, the Internal Audit function performs at least the following procedures: o Up-to-date process description is available  scenarios and stress tests. o Establishing whether tasks, authorisations and responsibilities for the development and approval of scenarios and stress tests have been clearly described. o Explicit attention should be paid to the involvement of senior management, the actuarial and the risk management function. o Reviewing how the scenarios and stress tests have been drawn up. This includes aspects such as the process that has been followed, the independent input from key functions and the objective substantiation of the severity of stress scenarios. Back- testing may be used for the substantiation. o Establishing whether the scenarios and stress tests have been clearly documented, both in terms of the qualitative description and the quantitative factors. o When simplifications (such as upscaling) have been used in scenarios and stress tests, establishing whether these have been sufficiently substantiated. o When the scenarios and stress tests that have been determined differ from those in the previous ORSA, establishing whether there is a sound reason for this and whether this has been sufficiently documented. o When the reverse stress tests that have been determined differ from those in the previous ORSA, establishing whether there is a sound reason for this and whether this has been sufficiently documented. o Reviewing whether the scenario and stress tests that have been determined sufficiently affect all the insurer’s material risks, including both the individual risks and combined risks. o Reviewing whether the scenarios and stress tests that have been determined sufficiently take into account the risk profile of each individual regulated entity. o Establishing whether implicit and explicit management actions have been included in elaborating the stress scenarios and whether these management actions: - are sufficiently concrete and feasible - seem realistic if the scenario were to actually occur; - are consistent with existing policy (in terms of investments, reinsurance, etc.); - are based the commitment of executive management to actually perform the expected management action.
11  3.4 Scenario tests and stress tests Context of the ORSA report : o Establishing whether an up-to-date process description is available for determining scenarios and stress tests. o Establishing whether the basic scenario is aligned to the approved business plan or the multi-annual budget and whether it has been sufficiently documented in the ORSA reporting. o Establishing whether the chosen stress scenarios are in line with the insurer’s (strategic) risk analyses. The scenarios that have been developed should be appropriate to the insurer’s risk profile. o Establishing whether sufficient objective substantiation has been provided, using internal source data and/or external sources (such as the Macroeconomic Forecast published by national bank - Statistics) for scenarios and stress tests and, where possible, for the chosen severity of the stress scenario. o Establishing whether sufficient care has been taken to ensure that scenarios and stress tests and, where possible, the chosen severity of the stress scenario, have not been influenced by or back-calculated from the insurer’s available capital. o Autonomously consulting internal and external sources to independently review the chosen severity. o Back-testing previously formulated scenarios against the actual outcome. o Establishing whether sufficient stress tests have been performed, including reverse stress tests, sensitivity analyses, and individual and combined scenarios. o Establishing whether the consecutive ORSAs have been consistent, where necessary, in the choice of scenarios and the chosen severity of scenarios. o Establishing whether information from previous ORSAs (own evaluation, regulator feedback, internal or external audit) has been adequately included. AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA)
CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Important increase on the deliveries (Pilar 3-QRT) produced to the national supervisor where some review are expected by the IA function (could lead to 10-15% of the yearly capacity) o ORSA audit and/or its outcomes are key and relevant on the yearly audit plan o Increase of the “onsite Inspections” performed by the national regulators : Head of the IA function is requested to participate at each kick-off & closing meeting (critical workload for Group structures) o Yearly “face to face” meeting between the national supervisor & the Head of the IA function (Significant market leaders are impacted on quarterly meeting) o Availability - IA team : « auditors never sleeps » from Angela is « The reality » of our today’s context. 12
CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Capacity issues within the organization : coordination is a MUST o Remedial actions (late or not) : Impact on capital ADD ON (if delay)  Other functions and/or governance bodies impacted o Impact also to the 3 other controlling function  huge cost for each (re)insurance companies : Risk Management function, Compliance Function & Actuarial function. 13
CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Issuing of the National rules defining clearly the role & responsibilities of the IA function by year-end of 2015 : Mission, Scope, Governance of the IA function, including the relation between the IA function with the External audit but also with the national supervisor o Number of engagement increased drastically from 2016 <> from a “regular” Risk-based audit plan” due to o Changes within the audit environment o Audit techniques & approaches  As a consequence, there is an important increasing of the “capacity” and an audit approach which has been completely revisited by the national institute, coordinated with ECIIA o National regulators is no longer expecting some consulting activities from the IA function : the only focus should be made on its “assurance” role 14
CHANGES & IMPACTS FOR IA FUNCTION  Competences o “Fit & Proper” o CIA / CRMA / CISA … expected by national regulators where National IIA / Chapter should bring clear guidance and advocacy with stakeholders and IIA members o Audit Typologies : Governance, Internal control & Risk Management systems, ORSA (including Internal Model / standard formula) are the main changes where the IA function is getting more and more training and experienced. o From a “nice” to have to a “strongly recommended” internal audit functions o IT auditor o Actuarial (Life &/or Non Life) auditor o Ops is a must within the audit teams  Market : important GAPs exist in EU countries and important volatilities between groups exists : HR policy and/or remuneration to maintain internal resources (for all controlling functions) must be addressed. o Audit seniority with LT experience (and rotation) … 15
Questions ? 16
Thanks for your attention ! 17

Recommended

Angela Witzany
Angela WitzanyAngela Witzany
Angela WitzanyAlma Total Solutions
 
Melvyn Neate
Melvyn NeateMelvyn Neate
Melvyn NeateAlma Total Solutions
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris MouzakitisAlma Total Solutions
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationInternational Federation of Accountants
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditingTunde Elijah Kelani
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceBrowne & Mohan
 
“Risk Based Internal Audit in Bangladesh Bank”
“Risk Based Internal Audit in Bangladesh Bank”“Risk Based Internal Audit in Bangladesh Bank”
“Risk Based Internal Audit in Bangladesh Bank”M Anwarul Hoque Tareque
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEneni Oduwole
 

Recommended

Angela Witzany
Angela WitzanyAngela Witzany
Angela WitzanyAlma Total Solutions
 
Melvyn Neate
Melvyn NeateMelvyn Neate
Melvyn NeateAlma Total Solutions
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris MouzakitisAlma Total Solutions
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationInternational Federation of Accountants
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditingTunde Elijah Kelani
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceBrowne & Mohan
 
“Risk Based Internal Audit in Bangladesh Bank”
“Risk Based Internal Audit in Bangladesh Bank”“Risk Based Internal Audit in Bangladesh Bank”
“Risk Based Internal Audit in Bangladesh Bank”M Anwarul Hoque Tareque
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEneni Oduwole
 
Reshaping the nigerian financial services sector
Reshaping the nigerian financial services sectorReshaping the nigerian financial services sector
Reshaping the nigerian financial services sectorEneni Oduwole
 
The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...Eneni Oduwole
 
How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?PECB
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceSalih Islam
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMSPECB
 
ERM Presentation.final
ERM Presentation.finalERM Presentation.final
ERM Presentation.finalAnna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Risk Management – The Building Blocks
Risk Management – The Building BlocksRisk Management – The Building Blocks
Risk Management – The Building BlocksContinuity and Resilience
 
Internal audits role in compliance
Internal audits role in complianceInternal audits role in compliance
Internal audits role in complianceSalih Islam
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptxBingkyAresiaLandaric2
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliancesalamali
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316Eric Morehead
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity auditsOfqual Slideshare
 
HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)SABPP
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 
Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-managementMajd Ghanem,MBA
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkRS NAVARRO
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
Chapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and ConflictsChapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and ConflictsMOHD GHADAFI SHARI
 

More Related Content

What's hot

Reshaping the nigerian financial services sector
Reshaping the nigerian financial services sectorReshaping the nigerian financial services sector
Reshaping the nigerian financial services sectorEneni Oduwole
 
The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...Eneni Oduwole
 
How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?PECB
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceSalih Islam
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMSPECB
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Internal audits role in compliance
Internal audits role in complianceInternal audits role in compliance
Internal audits role in complianceSalih Islam
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliancesalamali
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316Eric Morehead
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity auditsOfqual Slideshare
 
HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)SABPP
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 

What's hot (18)

Reshaping the nigerian financial services sector
Reshaping the nigerian financial services sectorReshaping the nigerian financial services sector
Reshaping the nigerian financial services sector
 
The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...The new global wide risk regulation & its impact on banks risk management pra...
The new global wide risk regulation & its impact on banks risk management pra...
 
How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?How to align a Robust Materiality Assessment with Corporate Strategy and Target?
How to align a Robust Materiality Assessment with Corporate Strategy and Target?
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate Governance
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMS
 
ERM Presentation.final
ERM Presentation.finalERM Presentation.final
ERM Presentation.final
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices framework
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Risk Management – The Building Blocks
Risk Management – The Building BlocksRisk Management – The Building Blocks
Risk Management – The Building Blocks
 
Internal audits role in compliance
Internal audits role in complianceInternal audits role in compliance
Internal audits role in compliance
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliance
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity audits
 
HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)HR Auditing Process (Audit Panel members)
HR Auditing Process (Audit Panel members)
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A Journey
 

Similar to Atila Kas

Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-managementMajd Ghanem,MBA
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkRS NAVARRO
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
Chapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and ConflictsChapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and ConflictsMOHD GHADAFI SHARI
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)MUHAMMAD HUZAIFA CHAUDHARY
 
dt_mt_SREP_Pub_ICAAP_ILAAP_220216
dt_mt_SREP_Pub_ICAAP_ILAAP_220216dt_mt_SREP_Pub_ICAAP_ILAAP_220216
dt_mt_SREP_Pub_ICAAP_ILAAP_220216Mark Micallef
 
non-life-insurance-applications check list OR.pdf
non-life-insurance-applications check list OR.pdfnon-life-insurance-applications check list OR.pdf
non-life-insurance-applications check list OR.pdflukman3032
 
Nia 220 Quality Control For An Audit Of Financial En Ingles
Nia 220 Quality Control For An Audit Of Financial En InglesNia 220 Quality Control For An Audit Of Financial En Ingles
Nia 220 Quality Control For An Audit Of Financial En Inglesguest4a971d
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007Slava Gorbunov
 
An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...christophefeltus
 
Building out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan CheungBuilding out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan CheungLászló Árvai
 
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En InglesNicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Inglesguest4a971d
 
A010 2010-iaasb-handbook-isa-220
A010 2010-iaasb-handbook-isa-220A010 2010-iaasb-handbook-isa-220
A010 2010-iaasb-handbook-isa-220RS NAVARRO
 
A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1RS NAVARRO
 
Health & Safety Management For Quarries
Health & Safety Management For QuarriesHealth & Safety Management For Quarries
Health & Safety Management For Quarriesahmad bassiouny
 
Isa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En InglesIsa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En Inglesguest4a971d
 

Similar to Atila Kas (20)

Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-management
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-framework
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.ppt
 
Chapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and ConflictsChapt 3 - Internal Controls and Conflicts
Chapt 3 - Internal Controls and Conflicts
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)
 
dt_mt_SREP_Pub_ICAAP_ILAAP_220216
dt_mt_SREP_Pub_ICAAP_ILAAP_220216dt_mt_SREP_Pub_ICAAP_ILAAP_220216
dt_mt_SREP_Pub_ICAAP_ILAAP_220216
 
Learn with SAZZAD - ISA 315 (Revised)
Learn with SAZZAD - ISA 315 (Revised)Learn with SAZZAD - ISA 315 (Revised)
Learn with SAZZAD - ISA 315 (Revised)
 
non-life-insurance-applications check list OR.pdf
non-life-insurance-applications check list OR.pdfnon-life-insurance-applications check list OR.pdf
non-life-insurance-applications check list OR.pdf
 
Nia 220 Quality Control For An Audit Of Financial En Ingles
Nia 220 Quality Control For An Audit Of Financial En InglesNia 220 Quality Control For An Audit Of Financial En Ingles
Nia 220 Quality Control For An Audit Of Financial En Ingles
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...
 
An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...An ontology for requirements analysis of managers’ policies in financial inst...
An ontology for requirements analysis of managers’ policies in financial inst...
 
Building out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan CheungBuilding out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan Cheung
 
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En InglesNicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
 
A010 2010-iaasb-handbook-isa-220
A010 2010-iaasb-handbook-isa-220A010 2010-iaasb-handbook-isa-220
A010 2010-iaasb-handbook-isa-220
 
A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1
 
Gl03stresstesting
Gl03stresstestingGl03stresstesting
Gl03stresstesting
 
Health & Safety Management For Quarries
Health & Safety Management For QuarriesHealth & Safety Management For Quarries
Health & Safety Management For Quarries
 
Isa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En InglesIsa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En Ingles
 

Recently uploaded

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 

Recently uploaded (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 

Atila Kas

  • 1. INTERNAL AUDIT FORUM 2017 (CYPRUS) Solvency II & the Internal Audit Role May 25, 2017 Atila KAS 1
  • 2. SOLVENCY 2 (S2) The EU Solvency II Directive lays down explicit governance requirements, including for the risk management system of insurers and reinsurers. Solvency II is the new risk-based regulatory framework for insurers taking effect on 1 January 2016. This framework consists of the Solvency II Directive (2009/138/EC), the Delegated Acts containing implementing rules for Solvency II, and the associated technical standards.  The Solvency II Directive is a world-leading standard that requires insurers to focus on managing all of the risks facing their organization.  Real opportunity to improve their risk-adjusted performance and operational efficiency,  S2 is not only on the radar of insurance companies in the EU, but also on those across the globe.  All stakeholders of the financial industry are watching EU.  Impact to insurance companies, governments, and rating agencies within the EU and beyond.  S2 = Living process of 15 years : consultation, feedback, and cooperation between the insurance industry and regulatory bodies.  S2 : based of Basel 2 on the framework, including the 2008 Crisis parameters. 2
  • 3. ROLE OF IA IN S2 3
  • 4. ROLE OF IA IN S2 1. In respect of “including relevant Solvency II compliance items in each audit assignment”, Internal Audit should consider in the audit approach specific steps to evaluate the application of risk related policies, set limits, the review of use tests as well as the reliability of data that will feed risk reporting and the Own Risk and Solvency Assessment (‘ORSA’) process. 2. Internal Audit should “assess the components of the system of governance” (see art. 41 & art. 47) and make appropriate recommendations for improving it. In particular, Internal Audit should pay specific attention to:  Respect of the remuneration policy (Advice on System of Governance);  Compliance with regulatory provisions regarding outsourcing (art. 47-49). 3. The assessment of the “Risk Management function” and of the “Risk Management system” should consider the Solvency II requirements as defined by art. 44.  Preliminary Risk Analysis  yearly IA plan (Risk based approach)  Update expected on periodic evaluation  Overall risk management process, as well as the appropriateness of internal controls. In general, Internal Audit evaluates the independence and the global effectiveness of the insurance company’s risk management function (art. 47). 4
  • 5. ROLE OF IA IN S2 4. Compliance function (Advice on Systems of Governance paragraph 3.232 to 3.250, 3.256-3.258) relating to the S2 (specifically in respect of the Compliance function): the requirement for compliance with all legislation and particularly in the areas of Anti Money Laundering and Privacy. 5. In the assessment of the “Process for designing and implementing risk models” / special attention should be paid :  Model documentation and of the internal validation procedure;  compliance (Event of change model & Reporting requirements)  the degree of inclusion of the different risks in the model;  the embedding of the model in the risk management;  Integrity of the management processing and IS ;  Data Quality (consistency, reliability, continuity, timeliness, synchronism);  the quality and the accuracy of the model and of the “ex post” control;  the quality of the stress testing;  the accuracy of MCR & SCR calculation;  the use test In line with what is set out in Recital 68 and art. 112, but also within the Pre-application process for internal models (formerly CP80). 5
  • 6. ROLE OF IA IN S2 6. The assessment of the actuarial function should consider the European supervisory authorities’ requirements as stated in art. 48. 7. Reinsurance management process :  Company’s solvency and profitability must be integrated  Safeguarding of assets through optimization of the reinsurance coverage - In line with company’s risk appetite/profile.  Monitoring reinsurers’ solvency, ceded reinsurance premiums and claims interventions. 8. Own Risk and Solvency Assessment (ORSA) document process and outcome  the key strategic decision-making  Important element in the risk management of the company.  Facilitate the BOD & BOM  IA is not allowed to take part of the preparation of this document. IA Profession believes that the application of all standards implicit in the “Core internal audit tasks” should be included in the audit plan based on a risk based approach. 6
  • 7. ROLE OF IA IN S2 Possible consulting roles in the Solvency II context ▸ Internal Audit may undertake in relation to Solvency II  Independence and objectivity are maintained. ▸ “Providing Solvency II related advice upon Executive Management or other entitled governance bodies request”. ▸ Internal Audit’s plan must be prioritized over the performance of any consulting activity.  Consulting services <> operational or management responsibility 7
  • 8. ROLE OF IA IN S2 IA must be always integrated on the key strategic projects ▸ Governance of the project.  keep itself informed and updated on the organization and status of the project  Decide to evaluate the adequacy of the governance of the project (including any committees) ▸ Written Policies and Procedures.  Review of policies and procedures.  Check on design for any procedure updated by S2 and internal governance committees ▸ Data quality.  Adequacy of data quality, irrespective of whether this is Solvency II related or not.  Data used for the internal model shall be accurate, complete and appropriate.” (Art. 121(3)).  IT auditors or IT auditing expertise must be involved  Assess the Validation process regarding data ▸ Internal model. Data quality is also an integral part of model validation, “the model validation process shall (…) include an assessment of the accuracy, completeness and appropriateness of the data used by the internal model.” (art. 124). 8
  • 9. The ORSA enables management to responsibly weigh up risks, capital and returns against each other and look forward to the medium to long term based on the current situation. The ORSA is a regular process that must be performed at least once a year. An ORSA must also be performed in the event of any significant change in the risk profile. The outcomes and findings of each ORSA must be submitted to the insurer’s executive management for approval and then communicated to all relevant departments and to the regulatory authority. Provided that certain conditions are met, insurance groups have the option to do this in a group report. Example of the conceptualization of an ORSA audit 9 AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA)
  • 10. AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA) 10  3.4 Scenario tests and stress tests Regular engagement : In an audit of the internal management of the ORSA process, including compliance with laws and regulations. As part of its review of the risk profile, the Internal Audit function performs at least the following procedures: o Up-to-date process description is available  scenarios and stress tests. o Establishing whether tasks, authorisations and responsibilities for the development and approval of scenarios and stress tests have been clearly described. o Explicit attention should be paid to the involvement of senior management, the actuarial and the risk management function. o Reviewing how the scenarios and stress tests have been drawn up. This includes aspects such as the process that has been followed, the independent input from key functions and the objective substantiation of the severity of stress scenarios. Back- testing may be used for the substantiation. o Establishing whether the scenarios and stress tests have been clearly documented, both in terms of the qualitative description and the quantitative factors. o When simplifications (such as upscaling) have been used in scenarios and stress tests, establishing whether these have been sufficiently substantiated. o When the scenarios and stress tests that have been determined differ from those in the previous ORSA, establishing whether there is a sound reason for this and whether this has been sufficiently documented. o When the reverse stress tests that have been determined differ from those in the previous ORSA, establishing whether there is a sound reason for this and whether this has been sufficiently documented. o Reviewing whether the scenario and stress tests that have been determined sufficiently affect all the insurer’s material risks, including both the individual risks and combined risks. o Reviewing whether the scenarios and stress tests that have been determined sufficiently take into account the risk profile of each individual regulated entity. o Establishing whether implicit and explicit management actions have been included in elaborating the stress scenarios and whether these management actions: - are sufficiently concrete and feasible - seem realistic if the scenario were to actually occur; - are consistent with existing policy (in terms of investments, reinsurance, etc.); - are based the commitment of executive management to actually perform the expected management action.
  • 11. 11  3.4 Scenario tests and stress tests Context of the ORSA report : o Establishing whether an up-to-date process description is available for determining scenarios and stress tests. o Establishing whether the basic scenario is aligned to the approved business plan or the multi-annual budget and whether it has been sufficiently documented in the ORSA reporting. o Establishing whether the chosen stress scenarios are in line with the insurer’s (strategic) risk analyses. The scenarios that have been developed should be appropriate to the insurer’s risk profile. o Establishing whether sufficient objective substantiation has been provided, using internal source data and/or external sources (such as the Macroeconomic Forecast published by national bank - Statistics) for scenarios and stress tests and, where possible, for the chosen severity of the stress scenario. o Establishing whether sufficient care has been taken to ensure that scenarios and stress tests and, where possible, the chosen severity of the stress scenario, have not been influenced by or back-calculated from the insurer’s available capital. o Autonomously consulting internal and external sources to independently review the chosen severity. o Back-testing previously formulated scenarios against the actual outcome. o Establishing whether sufficient stress tests have been performed, including reverse stress tests, sensitivity analyses, and individual and combined scenarios. o Establishing whether the consecutive ORSAs have been consistent, where necessary, in the choice of scenarios and the chosen severity of scenarios. o Establishing whether information from previous ORSAs (own evaluation, regulator feedback, internal or external audit) has been adequately included. AUDIT THE OWN RISK SOLVENCY ASSESSMENT (ORSA)
  • 12. CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Important increase on the deliveries (Pilar 3-QRT) produced to the national supervisor where some review are expected by the IA function (could lead to 10-15% of the yearly capacity) o ORSA audit and/or its outcomes are key and relevant on the yearly audit plan o Increase of the “onsite Inspections” performed by the national regulators : Head of the IA function is requested to participate at each kick-off & closing meeting (critical workload for Group structures) o Yearly “face to face” meeting between the national supervisor & the Head of the IA function (Significant market leaders are impacted on quarterly meeting) o Availability - IA team : « auditors never sleeps » from Angela is « The reality » of our today’s context. 12
  • 13. CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Capacity issues within the organization : coordination is a MUST o Remedial actions (late or not) : Impact on capital ADD ON (if delay)  Other functions and/or governance bodies impacted o Impact also to the 3 other controlling function  huge cost for each (re)insurance companies : Risk Management function, Compliance Function & Actuarial function. 13
  • 14. CHANGES & IMPACTS FOR IA FUNCTION  New impact for IA function o Issuing of the National rules defining clearly the role & responsibilities of the IA function by year-end of 2015 : Mission, Scope, Governance of the IA function, including the relation between the IA function with the External audit but also with the national supervisor o Number of engagement increased drastically from 2016 <> from a “regular” Risk-based audit plan” due to o Changes within the audit environment o Audit techniques & approaches  As a consequence, there is an important increasing of the “capacity” and an audit approach which has been completely revisited by the national institute, coordinated with ECIIA o National regulators is no longer expecting some consulting activities from the IA function : the only focus should be made on its “assurance” role 14
  • 15. CHANGES & IMPACTS FOR IA FUNCTION  Competences o “Fit & Proper” o CIA / CRMA / CISA … expected by national regulators where National IIA / Chapter should bring clear guidance and advocacy with stakeholders and IIA members o Audit Typologies : Governance, Internal control & Risk Management systems, ORSA (including Internal Model / standard formula) are the main changes where the IA function is getting more and more training and experienced. o From a “nice” to have to a “strongly recommended” internal audit functions o IT auditor o Actuarial (Life &/or Non Life) auditor o Ops is a must within the audit teams  Market : important GAPs exist in EU countries and important volatilities between groups exists : HR policy and/or remuneration to maintain internal resources (for all controlling functions) must be addressed. o Audit seniority with LT experience (and rotation) … 15
  • 17. Thanks for your attention ! 17