- Internal audit has clear obligations under Solvency II to evaluate the adequacy and effectiveness of the internal control system and report findings to administrative management.
- Solvency II has increased the focus on risk mitigation and alignment of risk and capital management. It also affects resourcing needs of the internal audit function.
- While the implementation date is uncertain, preparations for Solvency II compliance should continue, including establishing independence, audit plans, and annual reporting. Internal audit can add value by properly addressing its role in the new regulatory environment.
Internal Control Review for a Federal Agency - IntroductionAnthony Rainey
Provides an approach that federal management may consider for assessing, documenting, and reporting on reviewing their internal controls (in the U.S. Office of Personnel Management) in conformance with the requirements of the revised OMB Circular A-123, Management’s Responsibility for Internal Control, Appendix A. The framework for the assessment is Standards for Internal Control in the Federal Government, issued by the U.S. Government Accountability Office (GAO) and outlined in the Circular. These standards, frequently referred to as the “Green Book,” are based on the Integrated Framework of Internal Control issued
by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.
Financial control is control of financial resources as they flow into the organization, are held by the organization, and flow out from the organization.
Internal audit means a continuous critical review of financial and operating matters of a business. In other words, we can say that the audit of a business conducted by the business for a continuous basis. Internal audit is done by the internal staff appointed particularly for the audit purposes. These are called internal auditors.
Internal Control Review for a Federal Agency - IntroductionAnthony Rainey
Provides an approach that federal management may consider for assessing, documenting, and reporting on reviewing their internal controls (in the U.S. Office of Personnel Management) in conformance with the requirements of the revised OMB Circular A-123, Management’s Responsibility for Internal Control, Appendix A. The framework for the assessment is Standards for Internal Control in the Federal Government, issued by the U.S. Government Accountability Office (GAO) and outlined in the Circular. These standards, frequently referred to as the “Green Book,” are based on the Integrated Framework of Internal Control issued
by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.
Financial control is control of financial resources as they flow into the organization, are held by the organization, and flow out from the organization.
Internal audit means a continuous critical review of financial and operating matters of a business. In other words, we can say that the audit of a business conducted by the business for a continuous basis. Internal audit is done by the internal staff appointed particularly for the audit purposes. These are called internal auditors.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
The depth and scope of examination, time of audit, processing methods, etc. In deciding on a specific technique, also need to take account of the objective of the audit action and the capacities limited by time or other factors.
Internal auditing departments are led by a chief audit executive ("CAE") who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
Dear students get fully solved assignments
Send your semester & Specialization name to our mail id
help.mbaassignments@gmail.com
or
call us at : 08263069601
Similar to IACON Internal Audit Obligations under Solvency II June 2013 (20)
BCI Symposium Establishing a BCM Awareness Programmel 031008
IACON Internal Audit Obligations under Solvency II June 2013
1. Solvency II Obligations for the Internal Audit Function
Susan Young
Head of Risk Management
R&Q Managing Agency Limited 26th June 2013
IACON 2013
2. Disclaimer
The opinions expressed in this presentation are my own and do not represent
those of my organisation
Feel free to share yours
3. Session Outline
• Obligations of Internal Audit - what do the SII Framework Directive and Level 2 Guidance say –a recap
• The effect of
– Solvency II upon Risk Mitigation
– Resourcing
• Going Forwards – Present and Expected future Developments
• Broker Market - SII Implications
• Dealing with the expected regulatory focus on the first and second lines of defence
• How can Internal Audit add value in the context of its new and evolving obligations?
• Summary and Conclusion
4. Obligations of Internal Audit - what does the SII
Framework Directive say –a recap
• Insurance and Reinsurance Undertakings shall provide for an effective Internal Audit Function
• The Internal Audit Function shall include an evaluation of the adequacy and effectiveness of the internal
control system and other elements of the System of Governance
• The Internal Audit Function shall be objective and independent from the operational functions
• Any findings and recommendations of the Internal Audit Function shall be reported to the administrative
management or supervisory body which shall determine what actions are to be taken with respect to
each of the internal audit findings and recommendations, and shall ensure those actions are carried out
(Section 2 Article 47 – Internal Audit – The “what”)
So nothing really new in substance
5. Obligations of Internal Audit - what does the
Level 2 Guidance say - a recap
• To ensure its independence from the organisational activities audited, the Internal Audit Function shall carry out its
assignments with impartiality. The Internal Audit Function shall be able to exercise its assignments on its own initiative in
all areas of the undertaking, It shall be free to express its opinions and to disclose its findings and its appraisals to the
whole administrative management or supervisory body
• The Internal Audit Function shall have the complete and unrestricted right to obtain information which includes the prompt
provision of all necessary information, the availability of all documentation and the ability to look into all activities and
processes of the undertaking, relevant for the discharge of its responsibilities, as required, in the performance of its tasks, as
well as having direct communication with any member of the undertaking’s staff
• To ensure the effectiveness of the Internal Audit Function, every activity and every unit of the undertaking shall fall within
its scope. The function shall draw up an audit plan to determine its future auditing actions, taking a risk based approach in
deciding its priorities
• The Internal Audit Function shall at least annually produce a written report on its findings to be submitted to the
administrative, management and supervisory body. The report should cover at least any deficiencies of the internal control
system, as well as any major shortcomings with regard to the compliance with internal policies, procedures and processes. It
shall include recommendations on how to remedy inadequacies and also specifically address how past points of criticism
and past recommendations have been implemented
(CEIOPS Doc 29/09 Level 2 Implementing Measures – the “how”)
A compelling mandate – we will look at some of the practicalities later
6. The Effect of Solvency II on:-
• Risk Mitigation
– Risk Management and mitigation are firmly under the spotlight
– Risk and Capital Management are much more closely aligned
– The better the risk mitigation, the lower the residual risk assessment
– Risk Management as a function is subject to Internal Audit (previous slide)
– Greater emphasis and visibility
Risk Mitigation is key – and it has to be seen to be working
7. The Effect of Solvency II on:-
• Resourcing
– Internal Audit considerations revolve around;-
• Is existing resource sufficient?
• Do we have the appropriate skills in the existing in house team, particularly for SII
specific activity
• Should we outsource some or all of our effort (allowed under SII, provided);-
• If we do, who in the organisation is sufficiently independent to provide the
appropriate oversight?
• How best do we deliver value for money?
SII adds a further dimension in this regard
8. Going forwards – Recent and Expected Future
Developments
• Julian Adams of the FSA stated in October 2012, that the implementation date of 1/1/14 was “no longer
achievable”
• Solvency II implementation is delayed, but the revised timetable remains uncertain
• The current working assumption is that Solvency II is coming – possibly from 1/1/2016 - although exactly
when is uncertain
• The new Prudential Regulatory Authority advocates “ICAS Plus” transitional measures
• EIOPA is currently applying “interim measures” published in 27th March 2013 for consultation
• The Lloyd’s Market in 2013 is adopting a “soft landing” (i.e. not putting things completely on hold) –
meaning full compliance is not expected in the Lloyd’s Market
• The uncertainty has evidently led in some quarters to a loss of focus
Continued….
9. • EIOPA “interim measures” published in March provide a draft mandate for local regulators to develop
their own national solutions in the context of uncertainties around the timetable
• For Internal Audit specifically, issues to be addressed include those highlighted in the Level 2 guidance,
namely ; -
– Independence
– Internal Audit Policy
– Internal Audit Plan
– Dealing with findings and recommendations
– Annual Report to the Board
• Time spent getting these fundamental elements in place is be time well spent
The mandate SII has provided second and third line of defence functions with cannot be disregarded and
impetus should remain
Going forwards – Recent and Expected Future
Developments
10. Broker Market – Solvency II implications
• “Solvency II only applies to risk carriers right?” Wrong!
• Brokers and intermediaries are key providers of risk data, advice to underwriters, and in some cases,
underwrite directly for customers
• Furthermore, the FSA Retail Conduct Risk outlook for 2012 highlighted the need for brokers to assess their
own business model, TCF procedures and reduce the risk of misselling
• Data quality/completeness/integrity is a key component of Solvency II requirements
• There is an impetus on brokers to improve their data capture/analysis and their own risk management
capabilities
• Data is a key input into risk carriers’ internal models for assessing regulatory capital
• Internal Audit can (and in the case of Lloyd’s Managing Agents has) conduct an audit of data feeding the
internal model and assessing its fitness for purpose
Remember this element in your planning
11. Dealing with the expected regulatory focus on
the first and second lines of defence
Risk
Management
Board of
Directors
SECOND LINE
Direct
Assurance
Compliance,
Actuarial, Legal
etc
THIRD LINE
Independent
Assurance
(Internal
/External Audit,
Independent
Review etc)
FIRST LINE
The Business
(Risk and
Control Owners)
The “virtual team” in a SII world
12. • Regulatory focus on second line of defence in the following areas in particular
– Risk Management
– Actuarial
– Compliance
• Internal Audit is the 4th of the key functions in Systems of Governance under Solvency II – but of course is the third line of
defence
• The previous slide shows Risk Management at the hub of the “virtual team” and is more holistic in the new SII world than
just the Risk Management team, encompassing elements of both the first and third lines
• Responsibilities of Risk Management and Actuarial in particular are considerable
• Internal Audit should recognise this and is well placed (more of that later) to provide assurance that the first and second
lines are on track
• 2012 and beyond, up to implementation – Internal Audit A was/is/will be expected to provide assurance that SII
preparedness, ongoing migration to Business as Usual, and readiness in that regard are geared up to deliver Solvency II
Compliance
Internal Audit is very much part of the virtual team notwithstanding its need to be independent
Dealing with the expected regulatory focus on
the first/second lines of defence – the “stick”
13. How can Internal Audit add value in the
context of its new obligations – the “carrot”
• Solvency II is a significant, but by no means the only mandate – the new PRA/FCA regulatory
regime/volatility in the financial markets generally and the resulting spotlight on Risk Management
• Risk Management is on the radar need for an independent assessment of it. How?
• Improve focus
– Does you Audit Plan address what it should – or what it can?
– Are you adopting a true risk based approach?
– Are you working with the second line in the spirit of the “virtual team”?
• Redefine Stakeholders
– Are they all defined, particularly the external ones?
– Does your reporting line support your required independence?. If not, what are you going to do
about it?
• Structure capabilities
– Strategic mind-set
– Risk Management Function itself needs scrutiny
Continued…..
14. How can Internal Audit add value in the
context of its new obligations?
• Internal Audit has a clear mandate under SII –harness it
• Mandate for good practice – supports, and is supported by, IIA Guidelines
• Lloyd’s recognises this and in the interests of maintaining impetus, are asking all Lloyd’s Managing Agents
to ask their Internal Audit functions to perform a review of overall SII readiness in 2013/14
• Non Lloyd’s – lead the charge
You have an opportunity - grasp the nettle
15. Summary and Conclusion
• Internal audit obligations under SII are clear
• Implementation date less so but preparations should continue
• Resourcing implications are considerable – don’t underestimate them
• Risk data from intermediaries and other sources is a key element to consider
• Internal Audit is a key function in the System of Governance under SII
• Internal Audit if properly positioned can add great value
Take control of your destiny!
16. And finally….
If you want the best sports car – one that will get you round the track fastest….
You don’t economise on the brakes!
Food for thought