SlideShare a Scribd company logo

IACON Internal Audit Obligations under Solvency II June 2013

S
Susan Young

- Internal audit has clear obligations under Solvency II to evaluate the adequacy and effectiveness of the internal control system and report findings to administrative management. - Solvency II has increased the focus on risk mitigation and alignment of risk and capital management. It also affects resourcing needs of the internal audit function. - While the implementation date is uncertain, preparations for Solvency II compliance should continue, including establishing independence, audit plans, and annual reporting. Internal audit can add value by properly addressing its role in the new regulatory environment.

1 of 17
Download to read offline
Solvency II Obligations for the Internal Audit Function Susan Young Head of Risk Management R&Q Managing Agency Limited 26th June 2013 IACON 2013
Disclaimer The opinions expressed in this presentation are my own and do not represent those of my organisation Feel free to share yours
Session Outline • Obligations of Internal Audit - what do the SII Framework Directive and Level 2 Guidance say –a recap • The effect of – Solvency II upon Risk Mitigation – Resourcing • Going Forwards – Present and Expected future Developments • Broker Market - SII Implications • Dealing with the expected regulatory focus on the first and second lines of defence • How can Internal Audit add value in the context of its new and evolving obligations? • Summary and Conclusion
Obligations of Internal Audit - what does the SII Framework Directive say –a recap • Insurance and Reinsurance Undertakings shall provide for an effective Internal Audit Function • The Internal Audit Function shall include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the System of Governance • The Internal Audit Function shall be objective and independent from the operational functions • Any findings and recommendations of the Internal Audit Function shall be reported to the administrative management or supervisory body which shall determine what actions are to be taken with respect to each of the internal audit findings and recommendations, and shall ensure those actions are carried out (Section 2 Article 47 – Internal Audit – The “what”) So nothing really new in substance
Obligations of Internal Audit - what does the Level 2 Guidance say - a recap • To ensure its independence from the organisational activities audited, the Internal Audit Function shall carry out its assignments with impartiality. The Internal Audit Function shall be able to exercise its assignments on its own initiative in all areas of the undertaking, It shall be free to express its opinions and to disclose its findings and its appraisals to the whole administrative management or supervisory body • The Internal Audit Function shall have the complete and unrestricted right to obtain information which includes the prompt provision of all necessary information, the availability of all documentation and the ability to look into all activities and processes of the undertaking, relevant for the discharge of its responsibilities, as required, in the performance of its tasks, as well as having direct communication with any member of the undertaking’s staff • To ensure the effectiveness of the Internal Audit Function, every activity and every unit of the undertaking shall fall within its scope. The function shall draw up an audit plan to determine its future auditing actions, taking a risk based approach in deciding its priorities • The Internal Audit Function shall at least annually produce a written report on its findings to be submitted to the administrative, management and supervisory body. The report should cover at least any deficiencies of the internal control system, as well as any major shortcomings with regard to the compliance with internal policies, procedures and processes. It shall include recommendations on how to remedy inadequacies and also specifically address how past points of criticism and past recommendations have been implemented (CEIOPS Doc 29/09 Level 2 Implementing Measures – the “how”) A compelling mandate – we will look at some of the practicalities later
The Effect of Solvency II on:- • Risk Mitigation – Risk Management and mitigation are firmly under the spotlight – Risk and Capital Management are much more closely aligned – The better the risk mitigation, the lower the residual risk assessment – Risk Management as a function is subject to Internal Audit (previous slide) – Greater emphasis and visibility Risk Mitigation is key – and it has to be seen to be working
The Effect of Solvency II on:- • Resourcing – Internal Audit considerations revolve around;- • Is existing resource sufficient? • Do we have the appropriate skills in the existing in house team, particularly for SII specific activity • Should we outsource some or all of our effort (allowed under SII, provided);- • If we do, who in the organisation is sufficiently independent to provide the appropriate oversight? • How best do we deliver value for money? SII adds a further dimension in this regard
Going forwards – Recent and Expected Future Developments • Julian Adams of the FSA stated in October 2012, that the implementation date of 1/1/14 was “no longer achievable” • Solvency II implementation is delayed, but the revised timetable remains uncertain • The current working assumption is that Solvency II is coming – possibly from 1/1/2016 - although exactly when is uncertain • The new Prudential Regulatory Authority advocates “ICAS Plus” transitional measures • EIOPA is currently applying “interim measures” published in 27th March 2013 for consultation • The Lloyd’s Market in 2013 is adopting a “soft landing” (i.e. not putting things completely on hold) – meaning full compliance is not expected in the Lloyd’s Market • The uncertainty has evidently led in some quarters to a loss of focus Continued….
• EIOPA “interim measures” published in March provide a draft mandate for local regulators to develop their own national solutions in the context of uncertainties around the timetable • For Internal Audit specifically, issues to be addressed include those highlighted in the Level 2 guidance, namely ; - – Independence – Internal Audit Policy – Internal Audit Plan – Dealing with findings and recommendations – Annual Report to the Board • Time spent getting these fundamental elements in place is be time well spent The mandate SII has provided second and third line of defence functions with cannot be disregarded and impetus should remain Going forwards – Recent and Expected Future Developments
Broker Market – Solvency II implications • “Solvency II only applies to risk carriers right?” Wrong! • Brokers and intermediaries are key providers of risk data, advice to underwriters, and in some cases, underwrite directly for customers • Furthermore, the FSA Retail Conduct Risk outlook for 2012 highlighted the need for brokers to assess their own business model, TCF procedures and reduce the risk of misselling • Data quality/completeness/integrity is a key component of Solvency II requirements • There is an impetus on brokers to improve their data capture/analysis and their own risk management capabilities • Data is a key input into risk carriers’ internal models for assessing regulatory capital • Internal Audit can (and in the case of Lloyd’s Managing Agents has) conduct an audit of data feeding the internal model and assessing its fitness for purpose Remember this element in your planning
Dealing with the expected regulatory focus on the first and second lines of defence Risk Management Board of Directors SECOND LINE Direct Assurance Compliance, Actuarial, Legal etc THIRD LINE Independent Assurance (Internal /External Audit, Independent Review etc) FIRST LINE The Business (Risk and Control Owners) The “virtual team” in a SII world
• Regulatory focus on second line of defence in the following areas in particular – Risk Management – Actuarial – Compliance • Internal Audit is the 4th of the key functions in Systems of Governance under Solvency II – but of course is the third line of defence • The previous slide shows Risk Management at the hub of the “virtual team” and is more holistic in the new SII world than just the Risk Management team, encompassing elements of both the first and third lines • Responsibilities of Risk Management and Actuarial in particular are considerable • Internal Audit should recognise this and is well placed (more of that later) to provide assurance that the first and second lines are on track • 2012 and beyond, up to implementation – Internal Audit A was/is/will be expected to provide assurance that SII preparedness, ongoing migration to Business as Usual, and readiness in that regard are geared up to deliver Solvency II Compliance Internal Audit is very much part of the virtual team notwithstanding its need to be independent Dealing with the expected regulatory focus on the first/second lines of defence – the “stick”
How can Internal Audit add value in the context of its new obligations – the “carrot” • Solvency II is a significant, but by no means the only mandate – the new PRA/FCA regulatory regime/volatility in the financial markets generally and the resulting spotlight on Risk Management • Risk Management is on the radar need for an independent assessment of it. How? • Improve focus – Does you Audit Plan address what it should – or what it can? – Are you adopting a true risk based approach? – Are you working with the second line in the spirit of the “virtual team”? • Redefine Stakeholders – Are they all defined, particularly the external ones? – Does your reporting line support your required independence?. If not, what are you going to do about it? • Structure capabilities – Strategic mind-set – Risk Management Function itself needs scrutiny Continued…..
How can Internal Audit add value in the context of its new obligations? • Internal Audit has a clear mandate under SII –harness it • Mandate for good practice – supports, and is supported by, IIA Guidelines • Lloyd’s recognises this and in the interests of maintaining impetus, are asking all Lloyd’s Managing Agents to ask their Internal Audit functions to perform a review of overall SII readiness in 2013/14 • Non Lloyd’s – lead the charge You have an opportunity - grasp the nettle
Summary and Conclusion • Internal audit obligations under SII are clear • Implementation date less so but preparations should continue • Resourcing implications are considerable – don’t underestimate them • Risk data from intermediaries and other sources is a key element to consider • Internal Audit is a key function in the System of Governance under SII • Internal Audit if properly positioned can add great value Take control of your destiny!
And finally…. If you want the best sports car – one that will get you round the track fastest…. You don’t economise on the brakes! Food for thought
And finally…….really:- Thank you for listening Any questions? DDI +44 (0) 20 7780 5882 Susan.young@rqih.com www.rqih.com

Recommended

Solvency 2
Solvency 2Solvency 2
Solvency 2
John Brady
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Kirtane Pandit
 
Internal and external auditing in private school
Internal and external auditing in private schoolInternal and external auditing in private school
Internal and external auditing in private school
Jonna May Berci
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
The Business Council of Mongolia
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ssKashif Rana ACCA
 
Internal control
Internal controlInternal control
Internal control
Sri Ramakrishna College of Arts and Science
 
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Advance Business Consulting
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 

Recommended

Solvency 2
Solvency 2Solvency 2
Solvency 2
John Brady
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Kirtane Pandit
 
Internal and external auditing in private school
Internal and external auditing in private schoolInternal and external auditing in private school
Internal and external auditing in private school
Jonna May Berci
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
The Business Council of Mongolia
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ssKashif Rana ACCA
 
Internal control
Internal controlInternal control
Internal control
Sri Ramakrishna College of Arts and Science
 
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Audit Process, Planning,Field work,Audit report,Audit follow up,Audit program...
Advance Business Consulting
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
Ali Zeeshan
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Internal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionInternal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - Introduction
Anthony Rainey
 
Auditing and assurance standards
Auditing and assurance standardsAuditing and assurance standards
Auditing and assurance standards
Sri Ramakrishna College of Arts and Science
 
Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
International auditing overview(modified 1)
International auditing overview(modified 1) International auditing overview(modified 1)
International auditing overview(modified 1)
Dr.Mohamed ElDeeb
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Stephen G. Lynch
 
Financial controls for Businesses
Financial controls for BusinessesFinancial controls for Businesses
Financial controls for Businesses
George Varghese
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
Mohammad Robiul
 
IFC - Internal Financial Control
IFC - Internal Financial Control IFC - Internal Financial Control
IFC - Internal Financial Control
Dr. Dhirendra Gautam
 
internal control pptx
internal control pptx internal control pptx
internal control pptx
BoomathiR
 
Operational audit
Operational auditOperational audit
Operational auditAbdoulaye M Yansane
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
Mohammad Halim Stanikzai
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
Internal financial control
Internal financial controlInternal financial control
Internal financial control
Mitesh Katira
 
Audit practice manual
Audit practice manualAudit practice manual
Audit practice manual
Muhammad asif fareedi
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
Sazzad Hossain, ITP, MBA, CSCA™
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
AavyaSidhu
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit Project
Soumeet Sarkar
 
caiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.pptcaiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.ppt
Pranith roy
 

More Related Content

What's hot

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
Ali Zeeshan
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Internal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionInternal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - Introduction
Anthony Rainey
 
Auditing and assurance standards
Auditing and assurance standardsAuditing and assurance standards
Auditing and assurance standards
Sri Ramakrishna College of Arts and Science
 
Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
International auditing overview(modified 1)
International auditing overview(modified 1) International auditing overview(modified 1)
International auditing overview(modified 1)
Dr.Mohamed ElDeeb
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Stephen G. Lynch
 
Financial controls for Businesses
Financial controls for BusinessesFinancial controls for Businesses
Financial controls for Businesses
George Varghese
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
Mohammad Robiul
 
IFC - Internal Financial Control
IFC - Internal Financial Control IFC - Internal Financial Control
IFC - Internal Financial Control
Dr. Dhirendra Gautam
 
internal control pptx
internal control pptx internal control pptx
internal control pptx
BoomathiR
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
Mohammad Halim Stanikzai
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
Internal financial control
Internal financial controlInternal financial control
Internal financial control
Mitesh Katira
 
Audit practice manual
Audit practice manualAudit practice manual
Audit practice manual
Muhammad asif fareedi
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
Sazzad Hossain, ITP, MBA, CSCA™
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 

What's hot (19)

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Internal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionInternal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - Introduction
 
Auditing and assurance standards
Auditing and assurance standardsAuditing and assurance standards
Auditing and assurance standards
 
Internal control system
Internal control systemInternal control system
Internal control system
 
International auditing overview(modified 1)
International auditing overview(modified 1) International auditing overview(modified 1)
International auditing overview(modified 1)
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
 
Financial controls for Businesses
Financial controls for BusinessesFinancial controls for Businesses
Financial controls for Businesses
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
 
IFC - Internal Financial Control
IFC - Internal Financial Control IFC - Internal Financial Control
IFC - Internal Financial Control
 
internal control pptx
internal control pptx internal control pptx
internal control pptx
 
Operational audit
Operational auditOperational audit
Operational audit
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Internal financial control
Internal financial controlInternal financial control
Internal financial control
 
Audit practice manual
Audit practice manualAudit practice manual
Audit practice manual
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 

Similar to IACON Internal Audit Obligations under Solvency II June 2013

International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
AavyaSidhu
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit Project
Soumeet Sarkar
 
caiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.pptcaiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.ppt
Pranith roy
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
financial statements and audit
financial statements and auditfinancial statements and audit
financial statements and audit
سماج سيوك
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
Mohammad Wahid Abdullah Khan
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentRajeswaran Muthu Venkatachalam
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
audit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.pptaudit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.ppt
AdeelAhmad724104
 
Auditing activities of microfinance institutions
Auditing activities of microfinance institutionsAuditing activities of microfinance institutions
Auditing activities of microfinance institutions
Frank Kabuye, CPA
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
SALIH AHMED ISLAM
 
Mf0013 internal audit & control
Mf0013 internal audit & controlMf0013 internal audit & control
Mf0013 internal audit & control
consult4solutions
 
Mf0013 internal audit & control
Mf0013 internal audit & controlMf0013 internal audit & control
Mf0013 internal audit & control
consult4solutions
 
Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...
Aftab Hasan
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
Jenard Wachira
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013Susan Young
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Fin 304 internal audit and control
Fin 304 internal audit and controlFin 304 internal audit and control
Fin 304 internal audit and control
smumbahelp
 

Similar to IACON Internal Audit Obligations under Solvency II June 2013 (20)

International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit Project
 
caiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.pptcaiib_rmmodd_nov08.ppt
caiib_rmmodd_nov08.ppt
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
financial statements and audit
financial statements and auditfinancial statements and audit
financial statements and audit
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
audit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.pptaudit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.ppt
 
Auditing activities of microfinance institutions
Auditing activities of microfinance institutionsAuditing activities of microfinance institutions
Auditing activities of microfinance institutions
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
Mf0013 internal audit & control
Mf0013 internal audit & controlMf0013 internal audit & control
Mf0013 internal audit & control
 
Mf0013 internal audit & control
Mf0013 internal audit & controlMf0013 internal audit & control
Mf0013 internal audit & control
 
Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Fin 304 internal audit and control
Fin 304 internal audit and controlFin 304 internal audit and control
Fin 304 internal audit and control
 

More from Susan Young

IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]Susan Young
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
IRM SIG Quantifying Operational Risk November 2015
IRM SIG Quantifying Operational Risk November 2015IRM SIG Quantifying Operational Risk November 2015
IRM SIG Quantifying Operational Risk November 2015Susan Young
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014Susan Young
 
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012Susan Young
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Susan Young
 
BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008Susan Young
 

More from Susan Young (7)

IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
IRM SIG Quantifying Operational Risk November 2015
IRM SIG Quantifying Operational Risk November 2015IRM SIG Quantifying Operational Risk November 2015
IRM SIG Quantifying Operational Risk November 2015
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014
 
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
 
BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008
 

IACON Internal Audit Obligations under Solvency II June 2013

  • 1. Solvency II Obligations for the Internal Audit Function Susan Young Head of Risk Management R&Q Managing Agency Limited 26th June 2013 IACON 2013
  • 2. Disclaimer The opinions expressed in this presentation are my own and do not represent those of my organisation Feel free to share yours
  • 3. Session Outline • Obligations of Internal Audit - what do the SII Framework Directive and Level 2 Guidance say –a recap • The effect of – Solvency II upon Risk Mitigation – Resourcing • Going Forwards – Present and Expected future Developments • Broker Market - SII Implications • Dealing with the expected regulatory focus on the first and second lines of defence • How can Internal Audit add value in the context of its new and evolving obligations? • Summary and Conclusion
  • 4. Obligations of Internal Audit - what does the SII Framework Directive say –a recap • Insurance and Reinsurance Undertakings shall provide for an effective Internal Audit Function • The Internal Audit Function shall include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the System of Governance • The Internal Audit Function shall be objective and independent from the operational functions • Any findings and recommendations of the Internal Audit Function shall be reported to the administrative management or supervisory body which shall determine what actions are to be taken with respect to each of the internal audit findings and recommendations, and shall ensure those actions are carried out (Section 2 Article 47 – Internal Audit – The “what”) So nothing really new in substance
  • 5. Obligations of Internal Audit - what does the Level 2 Guidance say - a recap • To ensure its independence from the organisational activities audited, the Internal Audit Function shall carry out its assignments with impartiality. The Internal Audit Function shall be able to exercise its assignments on its own initiative in all areas of the undertaking, It shall be free to express its opinions and to disclose its findings and its appraisals to the whole administrative management or supervisory body • The Internal Audit Function shall have the complete and unrestricted right to obtain information which includes the prompt provision of all necessary information, the availability of all documentation and the ability to look into all activities and processes of the undertaking, relevant for the discharge of its responsibilities, as required, in the performance of its tasks, as well as having direct communication with any member of the undertaking’s staff • To ensure the effectiveness of the Internal Audit Function, every activity and every unit of the undertaking shall fall within its scope. The function shall draw up an audit plan to determine its future auditing actions, taking a risk based approach in deciding its priorities • The Internal Audit Function shall at least annually produce a written report on its findings to be submitted to the administrative, management and supervisory body. The report should cover at least any deficiencies of the internal control system, as well as any major shortcomings with regard to the compliance with internal policies, procedures and processes. It shall include recommendations on how to remedy inadequacies and also specifically address how past points of criticism and past recommendations have been implemented (CEIOPS Doc 29/09 Level 2 Implementing Measures – the “how”) A compelling mandate – we will look at some of the practicalities later
  • 6. The Effect of Solvency II on:- • Risk Mitigation – Risk Management and mitigation are firmly under the spotlight – Risk and Capital Management are much more closely aligned – The better the risk mitigation, the lower the residual risk assessment – Risk Management as a function is subject to Internal Audit (previous slide) – Greater emphasis and visibility Risk Mitigation is key – and it has to be seen to be working
  • 7. The Effect of Solvency II on:- • Resourcing – Internal Audit considerations revolve around;- • Is existing resource sufficient? • Do we have the appropriate skills in the existing in house team, particularly for SII specific activity • Should we outsource some or all of our effort (allowed under SII, provided);- • If we do, who in the organisation is sufficiently independent to provide the appropriate oversight? • How best do we deliver value for money? SII adds a further dimension in this regard
  • 8. Going forwards – Recent and Expected Future Developments • Julian Adams of the FSA stated in October 2012, that the implementation date of 1/1/14 was “no longer achievable” • Solvency II implementation is delayed, but the revised timetable remains uncertain • The current working assumption is that Solvency II is coming – possibly from 1/1/2016 - although exactly when is uncertain • The new Prudential Regulatory Authority advocates “ICAS Plus” transitional measures • EIOPA is currently applying “interim measures” published in 27th March 2013 for consultation • The Lloyd’s Market in 2013 is adopting a “soft landing” (i.e. not putting things completely on hold) – meaning full compliance is not expected in the Lloyd’s Market • The uncertainty has evidently led in some quarters to a loss of focus Continued….
  • 9. • EIOPA “interim measures” published in March provide a draft mandate for local regulators to develop their own national solutions in the context of uncertainties around the timetable • For Internal Audit specifically, issues to be addressed include those highlighted in the Level 2 guidance, namely ; - – Independence – Internal Audit Policy – Internal Audit Plan – Dealing with findings and recommendations – Annual Report to the Board • Time spent getting these fundamental elements in place is be time well spent The mandate SII has provided second and third line of defence functions with cannot be disregarded and impetus should remain Going forwards – Recent and Expected Future Developments
  • 10. Broker Market – Solvency II implications • “Solvency II only applies to risk carriers right?” Wrong! • Brokers and intermediaries are key providers of risk data, advice to underwriters, and in some cases, underwrite directly for customers • Furthermore, the FSA Retail Conduct Risk outlook for 2012 highlighted the need for brokers to assess their own business model, TCF procedures and reduce the risk of misselling • Data quality/completeness/integrity is a key component of Solvency II requirements • There is an impetus on brokers to improve their data capture/analysis and their own risk management capabilities • Data is a key input into risk carriers’ internal models for assessing regulatory capital • Internal Audit can (and in the case of Lloyd’s Managing Agents has) conduct an audit of data feeding the internal model and assessing its fitness for purpose Remember this element in your planning
  • 11. Dealing with the expected regulatory focus on the first and second lines of defence Risk Management Board of Directors SECOND LINE Direct Assurance Compliance, Actuarial, Legal etc THIRD LINE Independent Assurance (Internal /External Audit, Independent Review etc) FIRST LINE The Business (Risk and Control Owners) The “virtual team” in a SII world
  • 12. • Regulatory focus on second line of defence in the following areas in particular – Risk Management – Actuarial – Compliance • Internal Audit is the 4th of the key functions in Systems of Governance under Solvency II – but of course is the third line of defence • The previous slide shows Risk Management at the hub of the “virtual team” and is more holistic in the new SII world than just the Risk Management team, encompassing elements of both the first and third lines • Responsibilities of Risk Management and Actuarial in particular are considerable • Internal Audit should recognise this and is well placed (more of that later) to provide assurance that the first and second lines are on track • 2012 and beyond, up to implementation – Internal Audit A was/is/will be expected to provide assurance that SII preparedness, ongoing migration to Business as Usual, and readiness in that regard are geared up to deliver Solvency II Compliance Internal Audit is very much part of the virtual team notwithstanding its need to be independent Dealing with the expected regulatory focus on the first/second lines of defence – the “stick”
  • 13. How can Internal Audit add value in the context of its new obligations – the “carrot” • Solvency II is a significant, but by no means the only mandate – the new PRA/FCA regulatory regime/volatility in the financial markets generally and the resulting spotlight on Risk Management • Risk Management is on the radar need for an independent assessment of it. How? • Improve focus – Does you Audit Plan address what it should – or what it can? – Are you adopting a true risk based approach? – Are you working with the second line in the spirit of the “virtual team”? • Redefine Stakeholders – Are they all defined, particularly the external ones? – Does your reporting line support your required independence?. If not, what are you going to do about it? • Structure capabilities – Strategic mind-set – Risk Management Function itself needs scrutiny Continued…..
  • 14. How can Internal Audit add value in the context of its new obligations? • Internal Audit has a clear mandate under SII –harness it • Mandate for good practice – supports, and is supported by, IIA Guidelines • Lloyd’s recognises this and in the interests of maintaining impetus, are asking all Lloyd’s Managing Agents to ask their Internal Audit functions to perform a review of overall SII readiness in 2013/14 • Non Lloyd’s – lead the charge You have an opportunity - grasp the nettle
  • 15. Summary and Conclusion • Internal audit obligations under SII are clear • Implementation date less so but preparations should continue • Resourcing implications are considerable – don’t underestimate them • Risk data from intermediaries and other sources is a key element to consider • Internal Audit is a key function in the System of Governance under SII • Internal Audit if properly positioned can add great value Take control of your destiny!
  • 16. And finally…. If you want the best sports car – one that will get you round the track fastest…. You don’t economise on the brakes! Food for thought
  • 17. And finally…….really:- Thank you for listening Any questions? DDI +44 (0) 20 7780 5882 Susan.young@rqih.com www.rqih.com