a internal control & internal audit - teija korpiaho

7/29/2019 A Internal Control & Internal Audit - Teija Korpiaho

1/18

21 February 2013 Page 1

Internal Control and Internal AuditTeija KorpiahoMalta, 8/4/2010


2/18

CEIOPS


Index

Internal Control

Concept and elements1. Control environment

2. Control activities

3. Communication

4. Monitoring

Documentation

Compliance function

Internal Audit

Duties and responsibilities Proportionality


3/18

CEIOPS

CEIOPS


BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE

INTERNAL CONTROL

INTERNAL AUDIT


4/18

CEIOPS


Article 41 - General governance requirements

an effective system of governance . sound and prudent managementof the business.

The system of governance shall be subject to regular internal review.

The system of governance shall be proportionate to the nature, scale and

complexity of the operations of the insurance or reinsurance undertaking.

written policies in relation to internal control, internal audit

Insurance and reinsurance undertakings shall take reasonable steps to

ensure continuity and regularity in the performance of their activities, including

the development of contingency plans.


5/18

CEIOPS

Underwritingrisk

Market

Risk Credit Risk

Operational

risk

Strategic risk

SCR-std

Risk ManagementORSA

SRP

Internal Control

24.4.2009 Page 5


6/18

CEIOPS

Article 46 - Internal control

1. undertaking shall have in place an effective internalcontrol system.

The system shall at leastinclude

administrative and accounting procedures,

an internal control framework, appropriate reporting arrangements at all levels of the

undertaking

a compliance function.

24.4.2009 Page 6


7/18

CEIOPS

Internal Control the concept

A set of continually operating processes involving theadministrative, management or supervisory body and alllevels of personnel.

Designed to secure at least the following:

a) Effectiveness and efficiency of the undertakings operations inview of its risks and objectives;

b) Availability and reliability of financial and non-financialinformation; and

c) Compliance with applicable laws, regulations and administrativeprovisions.

The more principles (and risk) based regulation the more isrequired from the internal control and risk management of

the undertakings

24.4.2009 Page 7


8/18

CEIOPS

Elements of Internal Control

Control environment Integrity and Ethical values Competence

Control activities To ensure that management directives are carried out:

approvals, verifications, authorizations etc. Communication

Reporting and communication lines All levels of the organization

Monitoring Management and supervisory activities, activities by the

personnel Recommendations by Internal and external auditors

Compliance

24.4.2009 Page 8


9/18

CEIOPS

Documentation

A key element of Internal Control Well documented = written

Approved by administrative or management body

Updated at least annually

Strategies on

Business, risk management (incl. liquidity, concentration risk,credit risk, operational risk), underwriting and reserving,investment and ALM, reinsurance, internal audit

Policies on

risk management, underwriting, remuneration, investment and

ALM, internal control, outsourcing, disclosure, information

Plans on

contingency and compliance

24.4.2009 Page 9


10/18

CEIOPS

Article 46 - Internal control

1. ..

2. The compliance function shall include advising theadministrative or management body on compliancewith the laws, regulations and administrative

provisions adopted pursuant to this Directive. It shallalso include an assessment of the possible impact ofany significant changes in the legal environment onthe operations of the undertaking concerned and theidentification and assessment of compliance risk.

24.4.2009 Page 10


11/18

CEIOPS

Compliance Function

Compliance risk = the risk of legal or regulatorysanctions, material financial loss or loss to reputation anundertaking may suffer as a result of not complying withlaws, regulations and administrative provisions asapplicable to its activities.

Compliance function - to ensure the undertakingcomply with applicable laws and regulatoryrequirements.

Compliance plan

Reporting: to report any major compliance problems itidentifies to the administrative or management body.

24.4.2009 Page 11

CEIOPSCEIOPS


12/18

CEIOPS


Make the internal control system right for your undertaking!

CEIOPS

The internal control system should take into consideration

The risks of the undertaking

The way undertaking is organized

The information system in use

The decision making system

Etc. etc.

One size does not fit all

CEIOPS


13/18

CEIOPS

Article 47 - Internal audit

1. Insurance and reinsurance undertakings shall providefor an effective internal audit function.

The internal audit function shall include an evaluationof the adequacy and effectiveness of the internal

control system and other elements of the system ofgovernance.

24.4.2009 Page 13

CEIOPS


14/18

CEIOPS

Article 47 - Internal audit

2. The internal audit function shall be objective andindependent from the operational functions.

3. Any findings and recommendations of the internalaudit shall be reported to the administrative,

management or supervisory body which shalldetermine what actions shall be taken with respect toeach of the internal audit findings andrecommendations and shall ensure that these actionsare carried out.


CEIOPS


15/18

CEIOPS

Internal Audit 1(2)

Systematic approach to evaluate and improve

Independent From audited activities Own initiative Free access to all information

Under direct control of administrative, management orsupervisory body

Direct communication with staff Free to express opinion

Effective

Resource, remuneration

Objective

24.4.2009 Page 15

CEIOPS


16/18

CEIOPS

Internal Audit 2(2)

Audit charter

The purpose, authority and responsibility

Audit plan

Audit work for next year(s)

Based on risk analysis

Annually reporting to the administrative, managementor supervisory body

Follow up of the recommendations

24.4.2009 Page 16

CEIOPS


17/18

CEIOPS

Proportionality

1. All undertakings shall have internal audit function

2. The requirements of the directive should beproportionate to the nature, scale and complexity ofthe risks inherent in the business of an insurance orreinsurance undertaking.

Not the size of the undertaking!

The function must be in place but outsourcing is possible



18/18


Thank you

[email protected]

a internal control & internal audit - teija korpiaho

Documents