State Examinations Have No Fear, Help is Here

Risk-Focused Financial Condition Exams NAIC mandated for state insurance departments beginning 1/1/2010 Goal is to identify solvency issues earlier Compliance with laws and regulations

Risk-Focused Financial Condition Exams Difference between former approach and risk- focused approach Former approach: Find material misstatements through detailed testing of account balances New approach: Evaluate effectiveness of risk management function; conduct testing in areas with high residual risk

Risk-Focused Financial Condition Exams Phases of a Risk-Focused Examination Phase 1Understand the company and identify key functional activities to be reviewed Phase 2Identify and assess inherent risk in activities Phase 3Identify and evaluate risk mitigation strategies/controls Phase 4Determine residual risk Phase 5Establish/conclude examination procedures Phase 6Update prioritization and supervisory plan Phase 7Draft examination report and management letter based up on findings

Pre-Examination Phase Review recent financial examination reports released by your state’s department of insurance Available on states’ websites Findings may be similar from company to company Evaluate your company’s compliance relative to these findings

Pre-Examination Phase Familiarize yourself with the NAIC’s Financial Condition Examiner’s Handbook Examination repositories (control listings) Sample interview questions Exam planning questionnaires

Pre-Examination Phase Update/create process documentation including IT and corporate governance functions Consider whether controls are evidenced

Risk-Focused Financial Condition Exams Phase 1: Understand company and identify key functional activities Corporate governance Audit function Risk management program Key business processes/units Prospective risks

Risk-Focused Financial Condition Exams Corporate governance – “Tone at the Top” Competency Independence Code of conduct Involvement in risk management

Risk-Focused Financial Condition Exams Audit function Independent Maintain or improve effectiveness of risk management function Assure accuracy and completeness of financial reporting Operational effectiveness

Risk-Focused Financial Condition Exams Risk management program Active board oversight Adequate processes, monitoring and management Clear policies, authorization limits and procedures Comprehensive internal controls Compliance with laws and regulations

Risk-Focused Financial Condition Exams Key business process/units Activities and sub-activities Information technology Third party relationships o SSAE 16 reports

Risk-Focused Financial Condition Exams Prospective risks Asset liability matching Loss reserve development Pricing and underwriting Reinsurance Growth, earnings Capital adequacy Other business risks

Risk-Focused Financial Condition Exams Phase 2: Identify and assess inherent risks C-level interviews Financial and environmental review IT risk assessment Likelihood of occurrence and significance of impact

Risk-Focused Financial Condition Exams C-level interviews Tone at the top Risk areas Corporate strategy

Risk-Focused Financial Condition Exams Prepare for C-level interviews Circulate sample questions in advance Consistent message

Risk-Focused Financial Condition Exams Financial and environmental review Environmental pressures Key solvency risks

Risk-Focused Financial Condition Exams Assess IT risk Quality and integrity of information Access controls Application controls Availability of information Security Recoverability and business continuity

Risk-Focused Financial Condition Exams Likelihood of occurrence and magnitude of impact Percent of surplus Material rating agency downgrade Impact on reputation Board and/or senior management attention

Risk-Focused Financial Condition Exams Phase 3: Identify and evaluate risk mitigation strategies/controls Management oversight Risk management program Policies and procedures Control monitoring Compliance evaluation

Risk-Focused Financial Condition Exams Management oversight and risk management program Evaluated during Phase I Impacts activity-level controls

Risk-Focused Financial Condition Exams Policies and procedures Comprehensive and documented? Followed?

Risk-Focused Financial Condition Exams Control monitoring Compare to commonly accepted standard Perform control testing Reliance on external auditor’s work Evaluate control design and effectiveness

Risk-Focused Financial Condition Exams Compliance evaluation Test control procedures

Risk-Focused Financial Condition Exams Phase 4: Determine residual risk Phase 5: Conduct exam procedures Phase 6: Update prioritization Phase 7: Draft examination report and management letter

Overview of Phases 4-7 Examiners consider the results of the control testing and then apply professional judgment to determine whether the residual risk in each business cycle is high, moderate or low High residual risk = Substantive, more detailed tests Moderate risk = Some substantive tests and analytical procedures Low residual risk = Few, if any, substantive tests. Mostly high level analytical procedures

Overview of Phases 4-7 Manage examination process using best practices Provide information in a complete and timely manner Participate in regular update meetings with examiners Carefully review exam report and management letter for accuracy

Risk-Focused Financial Condition Exams

Contact Information Marc Smith, CPA, CPCU Partner Johnson Lambert LLP Kellie S. Mixon Director of Finance New Mexico Mutual Janet Byrne, CPA Sr. Financial Controls Analyst Pinnacol Assurance