Internal audit value optimization for insurance organizations

Size: px
Start display at page:

Download "Internal audit value optimization for insurance organizations"

Transcription

1 Internal audit value optimization for insurance organizations Webinar May 13, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

2 Agenda and learning objectives Review the learning objectives Understand what we will cover today and takeaways 1 Understand the definition of internal audit and explore what add value means. Revisit some of the common challenges of adding value. 2 3 Discuss the characteristics of an optimizing internal audit department and review the internal audit capability maturity model Understand the trends in the insurance industry that will transform internal audit's value proposition 4 Identify how to incorporate leading practices in the short term and over time with a summary of clear action steps.

3 Understanding internal audit and adding value

4 Importance for insurance organizations Growing necessity for business insight and value from internal audit departments Regulation Emerging risks and market opportunities Advancing technology 4

5 Internal audit definition The Institute of Internal Auditors (IIA) defines internal auditing as an independent, objective assurance and consulting activity that adds value to and improves an organization s operations. Insight Assurance Objectivity 5

6 What does it mean to add value The internal audit activity adds value to the organization (and its stakeholders),[and there is perceived value of contribution] when it provides objective and relative assurance, and contributes to the effectiveness of governance, risk management, and control processes. 6

7 Challenges to adding value SOX, MAR, compliance efforts encompassing majority of plan Lack of resources in number and/or in talent Too much focus on routine audits Reduction in internal audit value Politics, tail wags the dog Organizational perception as company police 7

8 Characteristics of an optimizing internal audit activity Learning organization CAE and managers are key thought leaders Continuous learning and process improvement culture Defined process to evaluate skill set and training needs Aligns risk assessment and audit plan with current skill sets Top level professional and specialized skills Use of information inside and outside of organization Leverage insights and feedback from business unit managers Obtains knowledge of trends and emerging risks Considers organizations strategic objectives and culture Advisory on adapting to and maximizing technology trends World class recommendations Critical part of governance and risk management Appropriate visibility with management and board Provide appropriate recommendations to improve governance Integration of performance data and feedback Continuous and ongoing quality assurance program Integrated performance measures 8

9 Internal audit activity maturity model Initial Infrastructure Integrated Managed Optimizing > Isolated audits > Lack of established practices > Compliance auditing > Individual professional development > Audit plan based on management priorities > Advisory services > Workforce coordination > Risk based audit plans > Performance measures > Assurance on governance, risk and controls > Contribution to mgmt development > Audit strategy leverages ERM > Advanced performance measures > IA is recognized as key agent of change > Leadership in professional organizations > Strategic IA planning > Transparency to organization on IA effectiveness 9

10 Insurance industry trends and internal audit implications

11 Insurance industry trends Life and annuity 1) Predictive analytics and consumer facing platforms 2) Retiring baby boomers 3) Alternative and simplified customer distribution 4) Legacy system issues Health 1) Premiums rising 2) Individual mandate 3) Risk based premiums 4) Participation in Exchanges L&A and health risks > Reputational risks > System transformation and impact > Competition and market share protection / enhancement > Three R estimation 11

12 Insurance industry trends Property and casualty > Lower CATS and softening market > Alternative capital influx > Customer experience > Pursuit of higher yield Cross industry > Cybersecurity > Regulation adding cost and complexity ORSA Captive oversight Corporate governance > Capital management and integration of internal and external models P&C risks > Increased use of alternative investments > Marketing and underwriting changes > Data integrity, modeling, and underwriting strategy transformation Cross industry risks > Cyber security readiness > Regulatory compliance and costs > Data integrity and model risk 12

13 Industry trends affecting IT IT and business have fused together to empower each other. Emerging industry trends and regulatory changes have effected IT. 1) Cybersecurity Risk and Regulation 2) Predictive Modeling and Data Analytics 3) Accessibility of information/consumer facing platforms 4) Increased competitive landscape (soft P&C market, health exchange, etc) requiring better customer experience and faster speed to market 13

14 Information technology (IT) trends Ever changing end points Increased cyber security risk Lack of legacy Core system integration Less in tune with customer demands Incompatibility Potential Increased Autonomous Technology Less control over device management Advances in algorithms Automated Decision Engines/Tools Predictive modeling and rating Constant tracking of Data and people Connected Home/Auto Wearables Continual monitoring of trends Context-aware security 14

15 Effects on information technology audit plan Sample 2010 IT IA Plan Focused on core IT general controls > Change management / system development life cycle (SDLC) > Access administration and authentication > Disaster recovery and business continuity planning > Computer operations and back-up Sample 2015 IT IA Plan Focused on emerging risks and integration into ERM > Vendor management > IT governance > Data breach and vulnerability management > Data privacy > Mobile device management and security > End user computing Trends in IT have lead internal audit departments to focus more on emerging technologies as risk assessment frameworks dictate. 15

16 Actuarial implications Key actuarial risks are emerging as a result of industry trends and regulatory changes. Traditional internal audit Actuaries are a supplement Engaged to perform routine reviews Reviews are minimally performed Optimizing internal audit specialized skill-set readily available in the internal audit workforce Integrated on multiple audits Regulatory changes ORSA Solvency II Product design and transformation Data analytics Key risks Model Economic Pricing Regulatory Financial statement Process Data 16

17 Key risks to actuarial function Enterprise risks Model risk and control > Models must be in compliance with all Actuarial Standards of Practice (ASOPs) > Appropriateness of the assumptions made in the calculations > Defined and documented process for each periodic review > Back-test the results (actual verses expected analyses) > Transparency of assumptions and limitations to key stakeholders (communications) 17

18 Key risks to actuarial function Enterprise risks (cont.) Economic and pricing risk > Price monitoring system data reconciliation and frequency of review > Development of pricing assumptions > Treatment of differing characteristics of insured risks > Feedback loop on actual performance compared to pricing objectives Regulatory compliance > Preparation and analysis for new and emerging regulatory changes > Compliance 18

19 Key risks to actuarial function Financial statement risks Key process risk > Controls on actuarial judgment and selections > Treatment of data anomalies in the analysis Key person risk/succession planning > Over-reliance on a few key individuals > Identify, develop and retain talent for key positions and areas > Planning relating to reorganization, turnovers, or actuarial student rotations Reliance on third-party providers Data risk > Accuracy > Completeness > Controls (reconciliation) Other miscellaneous risk > Assumptions > Process around management best estimates vs. actuarial best estimate 19

20 Value optimization action steps

21 Value optimization action: Strategy alignment Align internal audit strategy with organizational strategy. Formalize an internal audit strategic plan that addresses the following: 1) Stakeholder expectations 2) Consideration of changes in the audit plan mix one, three and five years ahead 3) Insurer organization strategies and risk appetite and internal audit implications 4) Resource and talent needs 21

22 Value optimization action: Resource enhancement Conduct analyses: > Training analysis > Skills analysis > Mapping and gap analysis Begin the process to fill the gaps > Internal training > Certification programs > Co-sourcing / outsourcing 22

23 Value optimization action: Internal audit branding Create a stronger internal audit brand > Providing training to departments and business units on the purpose and value of internal audit > Provide thought leadership to business units on internal control efficiencies, emerging risks, and industry hot topics 23

24 Value optimization action: Risk management focus Ensure the internal audit plan reflects the current state and expected future state. Assess the strategic risks to the organization and discuss where internal audit can add value. 24

25 Value optimization action: Risk management focus Considerations for audits and advisory reviews 1) Cyber security threat and vulnerability management 2) Cloud strategy and governance 3) Customer interaction and experience review 4) Budget and forecasting assessment 5) Vendor governance and risk management review 6) Data analytics effectiveness review 7) Actuarial risk management assessment 8) Product development efficiency and process review 9) Enterprise regulatory and compliance efficiency assessment 25

26 Value optimization action: Embrace data analytics Incorporate data analytics to assist in driving the risk assessment process as part of the overall audit plan, as well as part of individual engagements. Model validation and data validation assurance is a key element to include in the overall audit plan. 26

27 Value optimization action: Be an ERM champion ERM champion approach allows > Linking from risk to strategy > Building risk awareness throughout the organization Be the thought leader > Conduct training to business units > Facilitate ERM workshops > Provide education to the board of directors > Provide updates on emerging risks 27

28 Value optimization action: Define internal audit success and monitor Develop key performance indicators (KPI s) > Best practices implemented > Business unit cost savings/revenue enhancements identified and realized > Issues monitored and closed > Audit survey results > Subject matter expert utilization and effectiveness > Training, certification and CPE s hours obtained > Emerging risks monitored and reported 28

29 Value optimization action step summary Develop/Update the Internal audit strategy Define success and monitor Training and Skills Analysis Be an ERM champion Create a stronger IA brand Embrace Data analytics Risk management focus 29

30 Disclosure The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International Baker Tilly Virchow Krause, LLP 30

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015 Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015 Topics Introduction Cyber Security Auditing Program Discuss an effective and compliant Cyber Security Auditing Program from

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Understanding changes to the Trust Services Principles for SOC 2 reporting

Understanding changes to the Trust Services Principles for SOC 2 reporting Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or

More information

WELCOME TO SECURE360 2013

WELCOME TO SECURE360 2013 WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?

More information

Cyber Security and the Board of Directors

Cyber Security and the Board of Directors Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a

More information

Cybersecurity. Considerations for the audit committee

Cybersecurity. Considerations for the audit committee Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Cyber and Data Risk What Keeps You Up at Night?

Cyber and Data Risk What Keeps You Up at Night? Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks

More information

Improving Financial Performance, Governance and Compliance

Improving Financial Performance, Governance and Compliance Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com

More information

Project Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012

Project Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012 Project Management/Controls and their impact on Auditing and Accounting Issues October 31, 2012 Today s presenters Patrick Hagan National Managing Partner State and Local Government patrick.hagan@mcgladrey.com

More information

Healthcare Internal Audit: In a Time of Transition

Healthcare Internal Audit: In a Time of Transition The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation

More information

Past vs. Present: Third Party Risk

Past vs. Present: Third Party Risk Past vs. Present: Third Party Risk Kevin O Sullivan and Hicham Chahine 3 rd Party Risk, Crowe Horwath LLP April 30th, 2015 Agenda Drivers pushing Third Party Risk Past vs. Present Events and Trends Vendor

More information

Conducting a System Implementation Risk Review at Higher Education Institutions

Conducting a System Implementation Risk Review at Higher Education Institutions Conducting a System Implementation Risk Review at Higher Education Institutions October 23, 2013 1 Webinar moderator Justin T. Noble ACUA Distance Learning Chairman 2 Your presenters Mike Cullen, Senior

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

Positioning Pima County Community College District s Human Capital Management for the Future

Positioning Pima County Community College District s Human Capital Management for the Future Positioning Pima County Community College District s Human Capital Management for the Future February 4, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

www.pwc.com Navigating the next generation of cloud ERP Insurance

www.pwc.com Navigating the next generation of cloud ERP Insurance www.pwc.com Navigating the next generation of cloud ERP Insurance Agenda 1. Cloud computing 2. Cloud and the future of financial management 3. Insurance trends 4. Cloud readiness Summary 2 If you are currently

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

Exams, Audit, SOX/MAR, ERM, ORSA,...what s next???

Exams, Audit, SOX/MAR, ERM, ORSA,...what s next??? Exams, Audit, SOX/MAR, ERM, ORSA,...what s next??? James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud) Jmenck@eidebailly.com 214.680.6889 Progression of Oversight How did we get here??? Increased overlap

More information

Empowering business agility Strengthening Internal Audit s impact and value

Empowering business agility Strengthening Internal Audit s impact and value www.pwc.com Empowering business agility Strengthening Internal Audit s impact and value Findings from the eighth annual survey of chief audit executives in power and utilities January 2014 How utility

More information

Practical and ethical considerations on the use of cloud computing in accounting

Practical and ethical considerations on the use of cloud computing in accounting Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

IAIS Insurance Core Principle 16

IAIS Insurance Core Principle 16 www.pwc.com Chicago Actuarial Association ORSA Readiness June 19, 2014 IAIS Insurance Core Principle 16 The supervisory regime establishes enterprise risk management requirements for solvency purposes

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

Organization transformation in times of change

Organization transformation in times of change Organization transformation in times of change Insurance is sold, not bought is a phrase of unknown attribution, but common wisdom for decades. Thus, insurers and most financial services organizations

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

WebEx guide. > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host.

WebEx guide. > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host. WebEx guide > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host. > Asking questions: In the chat screen, ask questions by choosing All Panelists

More information

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com ADVISORY SERVICES Risk management in an evolving world Making the case for social media governance kpmg.com Risk management in an evolving world 3 Why good governance should be the foundation of your social

More information

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational

More information

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011 www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011 Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best

More information

Identifying and Managing Third Party Data Security Risk

Identifying and Managing Third Party Data Security Risk Identifying and Managing Third Party Data Security Risk Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar April 29, 2015 1 Introduction & Overview Today s discussion:

More information

Cybersecurity Readiness & Incident Response. January 8, 2016

Cybersecurity Readiness & Incident Response. January 8, 2016 Cybersecurity Readiness & Incident Response January 8, 2016 Agenda Topic Minutes Introduction 3 Incident Statistics 7 Security Controls & Investigation Process 15 Mitigating Costs & Risks 15 Cyber Liability

More information

Tailoring enterprise risk management strategies to the Main-Street insurer

Tailoring enterprise risk management strategies to the Main-Street insurer Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management

More information

Effective Model Risk Management for Financial Institutions: The Six Critical Components

Effective Model Risk Management for Financial Institutions: The Six Critical Components January 2013 Effective Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by Brookton N. Behm, John A. Epperson, and Arjun Kalra Audit Tax Advisory Risk Performance

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

Getting More From Your Actuarial Loss Reserve Analysis. For Property/Casualty Insurance and Reinsurance Companies

Getting More From Your Actuarial Loss Reserve Analysis. For Property/Casualty Insurance and Reinsurance Companies Getting More From Your Actuarial Loss Reserve Analysis For Property/Casualty Insurance and Reinsurance Companies Introduction Many property/casualty insurance and reinsurance companies retain the services

More information

Commercial insurance: cyclicality and opportunity on the road to 2020 January 2016

Commercial insurance: cyclicality and opportunity on the road to 2020 January 2016 www.pwc.com/us/insurance Commercial insurance: cyclicality and opportunity on the road to 2020 January 2016 2 top issues Commercial insurance: cyclicality and opportunity on the road to 2020 Beyond the

More information

Cybersecurity@RTD Program Overview and 2015 Outlook

Cybersecurity@RTD Program Overview and 2015 Outlook Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration

More information

Specifically Engineered for High-Tech Companies

Specifically Engineered for High-Tech Companies Crowe Risk Consulting Services Specifically Engineered for High-Tech Companies Audit Tax Advisory Risk Performance Technology companies face an array of risks, many of which are unique to the high-tech

More information

www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012

www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 Agenda Introduction Mark Gibbons 12:00 12:05 Governance, Risk and Compliance Overview Mark Gibbons

More information

Enterprise risk management and business continuity management Together at last

Enterprise risk management and business continuity management Together at last www.pwc.com Enterprise risk management and business continuity management Together at last March 2016 Overview The necessity to define, create and maintain an organization s business continuity management

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

ENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014

ENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014 ENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014 DISCLAIMER TABLE OF CONTENTS Introduction...1 Five Strategies for Internal Audit Success in the Year Ahead...5 Improve Upon

More information

Internal Audit Landscape 2014

Internal Audit Landscape 2014 Internal Audit Landscape 2014 Agenda Examining the evolution of risk in today s digital world and the impact on traditional audit, security, risk, and compliance functions Emerging internal audit methodologies

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Managing the Supply Chain Using the Malcolm Baldrige Model

Managing the Supply Chain Using the Malcolm Baldrige Model Managing the Supply Chain Using the Lockheed Martin Missiles and Fire Control Approved for Public Release ORL201403003 2014 Lockheed Martin Corporation. www.lockheedmartin.com/mfc 1 Supply Chain Environment

More information

www.pwc.com ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

www.pwc.com ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016 www.pwc.com ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016 Your presenters Phil Samson Principal PricewaterhouseCoopers, Dallas Leads s Risk Management

More information

Actuarial 20/20 Canada: in focus

Actuarial 20/20 Canada: in focus Actuarial 20/20 Canada: in focus This page has been intentionally left blank Table of contents 2 1 Canada: in focus 4 2 Actuarial teams: a vision for the future 6 3 Technological and data advancements

More information

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in the Development and Implementation of Effective Model Risk

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT

LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT PRESENTED BY: BRYAN BURNHART, CISA NORTH AMERICAN PRE-SALES MANAGER THOMSON REUTERS GRC COLLEGES AND UNIVERSITIES 2010 Thomson Reuters. All Rights Reserved.

More information

Best Practices: Cloud Computing for Associations

Best Practices: Cloud Computing for Associations Best Practices: Cloud Computing for Associations What You Should Expect from this Session A solid understanding of cloud computing and Software as a Service Best practices for how cloud computing is being

More information

Developing a Corporate Governance Framework

Developing a Corporate Governance Framework Developing a Corporate Governance Framework About ERM About The Speaker Karen Livingstone Practice Director at ERM Risk Management, Governance, Regulatory Compliance CPA, CISA, CIA, CRMA designations 20+

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan ORANGE COUNTY EMPLOYEES RETIREMENT SYSTEM MEMORANDUM DATE: January 21, 2015 TO: FROM: SUBJECT: s of the Audit Committee David James, Director of Internal Audit 2015 Risk Assessment, 2015 Audit Plan, and

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

4th Annual ISACA Kettle Moraine Spring Symposium

4th Annual ISACA Kettle Moraine Spring Symposium www.pwc.com 4th Annual ISACA Kettle Moraine Spring Symposium Session 2 Big Data May 14th, 2014 Session Objective Learn about governance, risks, and compliance considerations that become particularly important

More information

www.pwc.com/modelrisk New supervisory guidance on model Overview, analysis, and next steps

www.pwc.com/modelrisk New supervisory guidance on model Overview, analysis, and next steps www.pwc.com/modelrisk New supervisory guidance on model risk management: Overview, analysis, and next steps Features of new guidance Issued as supervisory guidance (21 pages) not as a risk bulletin. This

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of

More information

State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013

State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 Mitch Herckis Director of Government Affairs National Association of State Chief Information Officers Today s State IT

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y

Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Financial Services Presents: Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Andrew Liakopoulos March, 2007 Agenda What is generational talent management? The scenario

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

BOARD OF DIRECTORS MANDATE

BOARD OF DIRECTORS MANDATE BOARD OF DIRECTORS MANDATE Board approved: May 7, 2014 This mandate provides the terms of reference for the Boards of Directors (each a Board ) of each of Economical Mutual Insurance Company ( Economical

More information

Establishing a Quality Assurance and Improvement Program

Establishing a Quality Assurance and Improvement Program Chapter 2 Establishing a Quality Assurance and Improvement Program O v e rv i e w IIA Practice Guide, Quality Assurance and Improvement Program, states that Quality should be built in to, and not on to,

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013. PwC

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013. PwC SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013 1 Introductions and Projects Overview Presenters Charlie Miller and Andrew Gerndt The Coca-Cola Company Principal IT Auditors Atlanta,

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

University of Hawaii Information Technology Services Strategic Plan May 22, 2015. Looking Forward to 2020 and Beyond [V15-1]

University of Hawaii Information Technology Services Strategic Plan May 22, 2015. Looking Forward to 2020 and Beyond [V15-1] University of Hawaii Information Technology Services Strategic Plan May 22, 2015 [V15-1] I. Introduction This Information Technology Services (ITS) Strategic Plan, Looking Forward to 2020 and Beyond, updates

More information

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level August 2013 Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level A Study Conducted by Oracle and the National Association of State Auditors, Comptrollers and Treasurers

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

KPMG s Financial Management Practice. kpmg.com

KPMG s Financial Management Practice. kpmg.com KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

Security and Privacy Trends 2014

Security and Privacy Trends 2014 2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,

More information

Leveraging Information to Drive Insurer Growth

Leveraging Information to Drive Insurer Growth KNOWLEDGENT INSIGHTS volume 2 no. 5 March 27, 2012 Leveraging Information to Drive Insurer Growth In the highly competitive insurance industry, leveraging information has become a key focal point for driving

More information