a internal control & internal audit - teija korpiaho
TRANSCRIPT
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
1/18
21 February 2013 Page 1
Internal Control and Internal AuditTeija KorpiahoMalta, 8/4/2010
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
2/18
CEIOPS
21 February 2013 Page 2
Index
Internal Control
Concept and elements1. Control environment
2. Control activities
3. Communication
4. Monitoring
Documentation
Compliance function
Internal Audit
Duties and responsibilities Proportionality
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
3/18
CEIOPS
CEIOPS
21 February 2013 Page 3
BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE
INTERNAL CONTROL
INTERNAL AUDIT
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
4/18
CEIOPS
21 February 2013 Page 4
Article 41 - General governance requirements
an effective system of governance . sound and prudent managementof the business.
The system of governance shall be subject to regular internal review.
The system of governance shall be proportionate to the nature, scale and
complexity of the operations of the insurance or reinsurance undertaking.
written policies in relation to internal control, internal audit
Insurance and reinsurance undertakings shall take reasonable steps to
ensure continuity and regularity in the performance of their activities, including
the development of contingency plans.
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
5/18
CEIOPS
Underwritingrisk
Market
Risk Credit Risk
Operational
risk
Strategic risk
SCR-std
Risk ManagementORSA
SRP
Internal Control
24.4.2009 Page 5
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
6/18
CEIOPS
Article 46 - Internal control
1. undertaking shall have in place an effective internalcontrol system.
The system shall at leastinclude
administrative and accounting procedures,
an internal control framework, appropriate reporting arrangements at all levels of the
undertaking
a compliance function.
24.4.2009 Page 6
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
7/18
CEIOPS
Internal Control the concept
A set of continually operating processes involving theadministrative, management or supervisory body and alllevels of personnel.
Designed to secure at least the following:
a) Effectiveness and efficiency of the undertakings operations inview of its risks and objectives;
b) Availability and reliability of financial and non-financialinformation; and
c) Compliance with applicable laws, regulations and administrativeprovisions.
The more principles (and risk) based regulation the more isrequired from the internal control and risk management of
the undertakings
24.4.2009 Page 7
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
8/18
CEIOPS
Elements of Internal Control
Control environment Integrity and Ethical values Competence
Control activities To ensure that management directives are carried out:
approvals, verifications, authorizations etc. Communication
Reporting and communication lines All levels of the organization
Monitoring Management and supervisory activities, activities by the
personnel Recommendations by Internal and external auditors
Compliance
24.4.2009 Page 8
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
9/18
CEIOPS
Documentation
A key element of Internal Control Well documented = written
Approved by administrative or management body
Updated at least annually
Strategies on
Business, risk management (incl. liquidity, concentration risk,credit risk, operational risk), underwriting and reserving,investment and ALM, reinsurance, internal audit
Policies on
risk management, underwriting, remuneration, investment and
ALM, internal control, outsourcing, disclosure, information
Plans on
contingency and compliance
24.4.2009 Page 9
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
10/18
CEIOPS
Article 46 - Internal control
1. ..
2. The compliance function shall include advising theadministrative or management body on compliancewith the laws, regulations and administrative
provisions adopted pursuant to this Directive. It shallalso include an assessment of the possible impact ofany significant changes in the legal environment onthe operations of the undertaking concerned and theidentification and assessment of compliance risk.
24.4.2009 Page 10
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
11/18
CEIOPS
Compliance Function
Compliance risk = the risk of legal or regulatorysanctions, material financial loss or loss to reputation anundertaking may suffer as a result of not complying withlaws, regulations and administrative provisions asapplicable to its activities.
Compliance function - to ensure the undertakingcomply with applicable laws and regulatoryrequirements.
Compliance plan
Reporting: to report any major compliance problems itidentifies to the administrative or management body.
24.4.2009 Page 11
CEIOPSCEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
12/18
CEIOPS
21 February 2013 Page 12
Make the internal control system right for your undertaking!
CEIOPS
The internal control system should take into consideration
The risks of the undertaking
The way undertaking is organized
The information system in use
The decision making system
Etc. etc.
One size does not fit all
CEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
13/18
CEIOPS
Article 47 - Internal audit
1. Insurance and reinsurance undertakings shall providefor an effective internal audit function.
The internal audit function shall include an evaluationof the adequacy and effectiveness of the internal
control system and other elements of the system ofgovernance.
24.4.2009 Page 13
CEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
14/18
CEIOPS
Article 47 - Internal audit
2. The internal audit function shall be objective andindependent from the operational functions.
3. Any findings and recommendations of the internalaudit shall be reported to the administrative,
management or supervisory body which shalldetermine what actions shall be taken with respect toeach of the internal audit findings andrecommendations and shall ensure that these actionsare carried out.
21 February 2013 Page 14
CEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
15/18
CEIOPS
Internal Audit 1(2)
Systematic approach to evaluate and improve
Independent From audited activities Own initiative Free access to all information
Under direct control of administrative, management orsupervisory body
Direct communication with staff Free to express opinion
Effective
Resource, remuneration
Objective
24.4.2009 Page 15
CEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
16/18
CEIOPS
Internal Audit 2(2)
Audit charter
The purpose, authority and responsibility
Audit plan
Audit work for next year(s)
Based on risk analysis
Annually reporting to the administrative, managementor supervisory body
Follow up of the recommendations
24.4.2009 Page 16
CEIOPS
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
17/18
CEIOPS
Proportionality
1. All undertakings shall have internal audit function
2. The requirements of the directive should beproportionate to the nature, scale and complexity ofthe risks inherent in the business of an insurance orreinsurance undertaking.
Not the size of the undertaking!
The function must be in place but outsourcing is possible
21 February 2013 Page 17
-
7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho
18/18
21 February 2013 Page 18
Thank you