Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 Today’s Panel James C. Votta, Partner, Ernst & Young LLP Lise A.

Published byLuke Chambers Modified over 9 years ago

Similar presentations

Presentation on theme: "Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 Today’s Panel James C. Votta, Partner, Ernst & Young LLP Lise A."— Presentation transcript:

1 Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 Today’s Panel James C. Votta, Partner, Ernst & Young LLP Lise A. Hasegawa, AVP and Reserving Actuary, MetLife Auto & Home Kenneth T. Sipiora, Senior Manager, Deloitte & Touche LLP David T. Perine, Senior Manager, Ernst & Young LLP

2 2 Sarbanes-Oxley 404 – Where Do We Stand? Remediation Documentation Testing Sign Off Company Completed Auditor Reviewed Company Completed Auditor Completed Company Completed Auditor Reviewed Auditor Management

3 3 Sarbanes-Oxley 404 – Where Do We Stand?  Survey of 950 SEC Registrants as of October 2004 Green = No concern with timely completion = 32% Yellow = Greater than low level concern = 60% Red = Significant concern = 8%

4 4 Sarbanes-Oxley 404 – Where Do We Stand?  In Scope or Out of Scope? Pricing IBNR Generating Systems Pockets of Reserves CAT Models

5 5 Sarbanes-Oxley 404 – Where Do We Stand?  What is Ahead? Internal Audit Focus Spitzer Investigations NAIC Model Law

6 Sarbanes-Oxley 404 Where Do We Stand? Insurance Company Perspective Lise A. Hasegawa, AVP and Reserving Actuary MetLife Auto & Home

7 7 The MetLife Enterprise  Over $300 Billion in Assets Under Management  Locations United States International – 11 Locations  Business segments include ■ Individual ■ International ■ Institutional ■ Reinsurance ■ Auto & Home

8 8 SOX ─ The Players  Steering Committee  Project Management Office  Line of Business Teams  Internal Auditing  Outside Advisor  External Auditor

9 9 SOX ─ The Process  Identify Processes  Scope & Coverage  Process Map Activities  Identify Risks  Identify Key Controls  Testing  Action Plans  Review and Signoff

10 10 In Scope Actuarial Processes  Reserves  Reinsurance

11 11 Reserving Process Map Data Analysis Documentation Communication

12 12 Data ─ The Risks  All loss data accounted for?  Loss data accurate?  Loss data transferred and separated accurately?

13 13 Data ─ The Controls  All loss data accounted for? Balancing reports, consistency, judgment  Loss data accurate? Claims edits, audits, detective reports  Loss data transferred and separated accurately? More balancing reports, consistency, judgment

14 14 Next Steps  Testing  Action Plans  Review  Sign Off  Repeat

15 15 Lessons Learned  Support from the top  Takes more effort, energy and people than you think ─ but it is worth it  Define the scope precisely ─ expect it to change  Expect guests … often … add a chair  Auditable proof

16 16 Lessons Learned  Software versus Spreadsheets  Controls are closer than you think  Education for all employees  Take advantage of the situation Learn how other processes work Learn how the data is created and used Improve processes Eliminate risk

17 Sarbanes-Oxley 404 Where Do We Stand? Corporate Risk Management Perspective Kenneth T. Sipiora, Senior Manager Deloitte & Touche LLP

18 18 Corporate Risk Management ─ Environment  Risk Management (broadly defined) increasingly critical to corporations, their officers and directors COSO, ERM, etc. Investors, Regulators, Lenders and other stakeholders demanding disclosure and independent verification of financial controls  Risk Management and related insurance transactions increasingly complex  Many large corporations have significant self-insured/retained risk General/Product Liabilities, Auto Liability, Workers’ Compensation, D&O, etc. Third-party service providers common

19 19 Corporate Risk Management ─ Environment  Paid losses and reserves are material to financial reporting Significant cost drivers, financial statement disclosures common Independent actuarial analysis  Variety of alternative risk financing strategies in use Qualified self insurance, Captives, Finite Risk, Capital Markets, etc.  Risk Management Information Systems (RMIS) prevalent Data warehouses, Management Reporting, Actuarial Data  Entity level controls (“C” level and B.O.D.) requiring greater scrutiny Retain or Transfer risk? Counterparty security

20 20 Corporate Risk Management ─ SOX 404 Examples  Control Objectives  Process Documentation  Testing

21 21 Corporate Risk Management ─ Environment  Reserve estimates are adequately developed, reported and monitored Appropriate data is accurately documented and retained to support management estimates of liabilities. Reserves are determined according to appropriate actuarial standards of practice, consistent with regulatory, GAAP and other required standards.  Financial reporting is timely and accurate Claims activity is recorded timely and accurately in the appropriate accounting period. Disbursements for premium expenses, claims payments, captive fees and other risk management expenses are validated, calculated accurately, processed completely and recorded to general ledger.

22 22 Corporate Risk Management ─ Environment  Risks are identified, quantified or transferred Expected losses to be retained are quantified. Commercial insurance for risk not self-insured is secured. Insurance company counterparty security (financial strength) evaluated regularly.  Claims reporting is timely and accurate Claims processing policy and procedures established by Senior Management exists and duties or claims staff and third-party administrators (TPAs) are performed accordingly. TPAs or other external providers have adequate controls in place.

23 23 Corporate Risk Management ─ Environment  Self-insured risks are identified and funded by captive as appropriate Captive transactions are accurately recorded in a timely manner. Captive management and other service providers have adequate controls Captive financial statements are timely and accurately consolidated with parent company statements.

24 24 Corporate Risk Management ─ SOX 404 Sample Process Documentation  Claims (workers’ compensation)  Loss reserving  Financial reporting  Captive transaction

25 25 LEGEND Primary Control ActivitySecondary Control Activity Primary Company LevelControls Control Gap

26 26 LEGEND Primary Control ActivitySecondary Control Activity Primary Company LevelControls Control Gap

27 27 LEGEND Primary Control ActivitySecondary Control Activity Primary Company LevelControls Control Gap

28 28 LEGEND Primary Control ActivitySecondary Control Activity Primary Company LevelControls Control Gap

29 29 Corporate Risk Management SOX 404 Sample Control Tests – Loss Reserving Control ObjectiveType of Test (Corroborative inquiry, observation, re- performance or examination) Sample Type (Biased, Unbiased or None) Sample Size (If sampling is used) Test Scenario(s)Design Gap (If Any) Design Gap Remediation Client has established written policies and procedures in governing establishment and modification of loss reserves ExaminationNoneN/AReview Actuarial Reports to verify if loss reserves approved by the CFO is within the Actuary's range. Examine documentation of loss reserves determined by the CFO that was sent to Corporate Accounting. There is no formal documentation of the reserving policy. This is a "to be" recommendation. The reserving policy should be documented in a policy manual, a sign-off process should be implemented, and the documentation of the policy and approvals should be maintained by CRM, the CFO and Corporate Accounting. Client has established written policies and procedures in governing establishment and modification of loss reserves 1) Examination 2) Observation Unbiased31) Review the last 3 reports submitted to the Actuary. Verify that loss information data (loss runs) and exposure information (estimated payroll, sales/revenues, FTE's) matches data on the report being submitted to the Actuary. 2) Run a query on HR/ERP for those periods to determine if exposure information matches the information on the reports. CRM has a consistent practice for collecting loss and exposure information; however, the process should be formally documented. Include process of gathering data in a procedure/policy/process manual. This is a "to be" recommendation.

30 30 Corporate Risk Management SOX 404 Sample Control Tests – Loss Reserving Control ObjectiveType of Test (Corroborative inquiry, observation, re- performance or examination) Sample Type (Biased, Unbiased or None) Sample Size (If sampling is used) Test Scenario's)Design Gap (If Any) Design Gap Remediation Determination of reserves is consistent with applicable actuarial standards, regulatory and company standards. Examination Review the last Actuarial Reports to determine completeness and reasonableness of Actuarial assumptions. Currently, no interim actuarial analysis exists. An actuarial analysis should be completed on a interim basis to identify any necessary reserve adjustments. This is a "to be" process.

31 Sarbanes-Oxley 404 Where Do We Stand? A Consultant’s Perspective David T. Perine, Senior Manager Ernst & Young LLP

32 32 What Have We Done To Date?  Planning Timing Structure Roles  Documentation Business and financial processes Risks Controls

33 33 What Have We Done To Date?  Testing and Remediation Remediation of controls deemed necessary as a result of the documentation phase Testing of controls Remediation as a result of testing

34 34 What Is Happening Now Through Q1 2005?  Documentation of new processes or significant changes to existing processes  Continued remediation  4 th quarter and annual testing As a result of remediation of controls Of 3 rd and 4 th quarter controls Of annual controls  Evaluating exceptions and deficiencies

35 35 What Is Happening Now Through Q1 2005?  Management’s assertion on the effectiveness of internal controls  Auditor’s attestation to the effectiveness of internal controls

36 36 Future Steps/Commitments to SOX 404  Reinforce a compliance culture From the top (Audit Committee, CEO, CFO, CCO) SOX 404 compliance must be embedded in the company’s culture Ownership of SOX 404 must reside with the company, not outside parties Consider maintaining/establishing a Project Management Office

37 37 Future Steps/Commitments to SOX 404  The changing role of internal audit More internal control focused?  The role of outside consultants Coaching?Support?  Updating documentation When and by whom? Peer review

38 38 Future Steps/Commitments to SOX 404  Testing When and by whom?  Remediation  Management’s assertion  Auditors attestation  Responding to a negative attestation?

Download ppt "Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 Today’s Panel James C. Votta, Partner, Ernst & Young LLP Lise A."

Similar presentations

Assignment Nine Actuarial Operations.

Assignment Nine Actuarial Operations.
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.

1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
The Development of Enterprise Risk Management and Supervision for Insurance Companies in Taiwan Dr. Huang, Tien-Mu Director General, Insurance Bureau Financial.

The Development of Enterprise Risk Management and Supervision for Insurance Companies in Taiwan Dr. Huang, Tien-Mu Director General, Insurance Bureau Financial.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.

BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Sarbanes-Oxley Section 404 Internal Controls and Actuarial Processes Chris Nyce KPMG LLP September 2006.

Sarbanes-Oxley Section 404 Internal Controls and Actuarial Processes Chris Nyce KPMG LLP September 2006.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,

Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,
Planning the Audit Linking Audit procedures to Risk By

Planning the Audit Linking Audit procedures to Risk By
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Loss Reserve Governance Presented by: Robert Giambo Managing Director Swiss Reinsurance America Corp. CAS Spring 2008 Meeting.

Loss Reserve Governance Presented by: Robert Giambo Managing Director Swiss Reinsurance America Corp. CAS Spring 2008 Meeting.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Nature of an Integrated Audit

Nature of an Integrated Audit
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013

Similar presentations

Ads by Google