Download presentation
1
Internal Control and Internal Audit
Teija Korpiaho Malta, 8/4/2010 19 April 2017
2
Index Internal Control Internal Audit Concept and elements
Control environment Control activities Communication Monitoring Documentation Compliance function Internal Audit Duties and responsibilities Proportionality 19 April 2017
3
BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE
INTERNAL CONTROL ≠ INTERNAL AUDIT BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE 19 April 2017
4
Article 41 - General governance requirements
… an effective system of governance …. sound and prudent management of the business. The system of governance shall be subject to regular internal review. The system of governance shall be proportionate to the nature, scale and complexity of the operations of the insurance or reinsurance undertaking. written policies …in relation to … internal control, internal audit Insurance and reinsurance undertakings shall take reasonable steps to ensure continuity and regularity in the performance of their activities, including the development of contingency plans. 19 April 2017
5
SRP ORSA Risk Management Internal Control SCR-std Strategic risk
Market Risk Credit Risk SCR-std Underwriting risk Operational risk Internal Control
6
Article 46 - Internal control
…undertaking shall have in place an effective internal control system. The system shall at least include administrative and accounting procedures, an internal control framework, appropriate reporting arrangements at all levels of the undertaking a compliance function.
7
Internal Control – the concept
A set of continually operating processes involving the administrative, management or supervisory body and all levels of personnel. Designed to secure at least the following: a) Effectiveness and efficiency of the undertaking’s operations in view of its risks and objectives; b) Availability and reliability of financial and non-financial information; and c) Compliance with applicable laws, regulations and administrative provisions. The more principles (and risk) based regulation the more is required from the internal control and risk management of the undertakings
8
Elements of Internal Control
Control environment Integrity and Ethical values Competence Control activities To ensure that management directives are carried out: approvals, verifications, authorizations etc. Communication Reporting and communication lines All levels of the organization Monitoring Management and supervisory activities, activities by the personnel Recommendations by Internal and external auditors Compliance
9
Documentation A key element of Internal Control
Well documented = written Approved by administrative or management body Updated at least annually Strategies on Business, risk management (incl. liquidity, concentration risk, credit risk, operational risk), underwriting and reserving, investment and ALM, reinsurance, internal audit Policies on risk management, underwriting, remuneration, investment and ALM, internal control, outsourcing, disclosure, information Plans on contingency and compliance
10
Article 46 - Internal control
….. The compliance function shall include advising the administrative or management body on compliance with the laws, regulations and administrative provisions adopted pursuant to this Directive. It shall also include an assessment of the possible impact of any significant changes in the legal environment on the operations of the undertaking concerned and the identification and assessment of compliance risk.
11
Compliance Function Compliance risk = the risk of legal or regulatory sanctions, material financial loss or loss to reputation an undertaking may suffer as a result of not complying with laws, regulations and administrative provisions as applicable to its activities. Compliance function - to ensure the undertaking comply with applicable laws and regulatory requirements. Compliance plan Reporting: to report any major compliance problems it identifies to the administrative or management body.
12
One size does not fit all
CEIOPS One size does not fit all The internal control system should take into consideration The risks of the undertaking The way undertaking is organized The information system in use The decision making system Etc. etc. Make the internal control system right for your undertaking! 19 April 2017
13
Article 47 - Internal audit
Insurance and reinsurance undertakings shall provide for an effective internal audit function. The internal audit function shall include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the system of governance.
14
Article 47 - Internal audit
The internal audit function shall be objective and independent from the operational functions. Any findings and recommendations of the internal audit shall be reported to the administrative, management or supervisory body which shall determine what actions shall be taken with respect to each of the internal audit findings and recommendations and shall ensure that these actions are carried out. 19 April 2017
15
Internal Audit 1(2) Systematic approach to evaluate and improve
Independent From audited activities Own initiative Free access to all information Under direct control of administrative, management or supervisory body Direct communication with staff Free to express opinion Effective Resource, remuneration Objective
16
Internal Audit 2(2) Audit charter Audit plan
The purpose, authority and responsibility Audit plan Audit work for next year(s) Based on risk analysis Annually reporting to the administrative, management or supervisory body Follow up of the recommendations
17
The function must be in place but outsourcing is possible
Proportionality All undertakings shall have internal audit function The requirements of the directive should be proportionate to the nature, scale and complexity of the risks inherent in the business of an insurance or reinsurance undertaking. Not the size of the undertaking! The function must be in place but outsourcing is possible 19 April 2017
18
Thank you 19 April 2017
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.