DATA AUDIT: Scope and Content
|
|
- Gary McCoy
- 8 years ago
- Views:
Transcription
1 DATA AUDIT: Scope and Content The schedule below defines the scope of a review that will assist the FSA in its assessment of whether a firm s data management complies with the standards set out in the Solvency II Directive. It is part of the FSA s Internal Model Approval Process (IMAP) and will supplement both the evidence that the firm uses as part of its self assessment in preparation for the application and any additional work that the FSA may choose to undertake. The scope of this review is all data (internal and external 1 ) that could materially impact the Internal Model. This would include, e.g., policy (exposure) data held in administration systems, observational data such as claims data, mortality data, market data, credit data, static or referential data, equity exposure data, model parameters set by users such as correlation input data, number of simulations, etc. The review should be performed by a suitably qualified person who is independent of model design, build, and operation (e.g. Internal Audit). In conducting the review, the reviewer should apply professional judgement in deciding how the controls are assessed (e.g. sample size, depth of document review, interviewees, etc) and how effective they are in addressing the risk. The review is not intended to assess the appropriateness of actuarial Expert Judgements with regards to data used in the Internal Model. The reviewer may make use of previous independent reviews (e.g. SOX compliance assessments, Internal/External Audit work, etc), so long as the data, assumptions, calculation methodology and IT environment reviewed have not changed significantly. After conducting the review, the firm should report back to the FSA with the following: An executive summary that includes the scope (data, business units, etc) of the review, any exclusions with justification, the summary work plan with the approach (i.e. testing performed, documents reviewed, interviews conducted, sampling criteria used, etc), and period covered, times scales of the review, personnel involved in the review (and their background, if not obvious from their job titles), significant / material findings, and; 1 'External data' in the context of this review means data that is externally sourced by the firm for use either directly or indirectly in the Internal Model. This does not include data that is proprietary to vendor models external to the firm (i.e. not directly within the control of the firm).
2 limitations of the review. Conclusions on individual controls () using the schedule below. If the conclusion is a No, a list of findings, potential impact (residual risk) on the firm s internal model, together with a list of actions to address the findings, and the expected completion date. Please indicate whether the action was planned (i.e. was already part of the firm s solvency II program), or whether it is remedial (i.e. was not originally in plan). Please also indicate whether the impact is at a group level or at a specific legal entity level. If a previous independent review was used to arrive at a conclusion, the scope of the review, any exclusion with justification, and the date of review. In addition to the above, FSA may request for supporting evidence that formed the basis of the conclusions on individual controls and may also request meetings with those who conducted the review. Using the schedule The schedule has five sections, corresponding to the five sub-risks to the overall risk that the data used in the internal model do not meet the SII directive requirements on data quality (complete, accurate, appropriate, and timely). These are as follows. 1. The approach (i.e. matters of policy) to managing data for use in the internal model does not ensure consistency in quality and application 2. Inadequate oversight of the development and implementation of the data policy increases the risk of poorly informed decision-making (e.g. risk management, capital allocation) and non-compliance with the required quality and standards 3. Lack of a clear understanding of the data used in the internal model, and of its impact and vulnerabilities, can create gaps in ownership and control 4. Errors, omissions, lack of timeliness and inaccuracies in the data can undermine the integrity of the internal model and management decision making 5. Unreliable IT environment, technology or tools can compromise the quality of the data and its processing within the internal model It is the responsibility of the reviewer to construct a suitable approach to assess the controls over these sub-risks. The examples given under the Assessment Approach column (see table below) are not intended to be a prescriptive list. The conclusion for each control can either be a Yes or a No.
3 Yes = the controls are in place (i.e. written, communicated and understood by relevant stakeholders), operating effectively and the residual risk to the firm is not material. No = the controls are either not in place, or not operating effectively and/or the firm remains exposed to material risks. The reviewer s assessment of the materiality of residual risk should be in accordance with the definition of materiality in the firm s data policy. This definition should be shared with the FSA prior to conducting the review.
4 Risk Control Objective Expected Control Assessment Approach Conclusion 1. The approach to managing data for use in the internal model does not ensure consistency in quality and application of the internal model 1.1 To ensure that data quality is maintained throughout the process of the internal model as required by SII A data policy has been established and implemented. The policy, its associated procedures, and standards include: a definition of the different data sets that are to be covered by the policy; a definition of materiality (which is aligned to the firm s risk appetite where appropriate e.g. when an expert judgements is made to adjust for insufficient observational data); the respective ownership and responsibility for the data sets, including the system of governance and assurance over data quality; a definition of the standards for maintaining and assessing quality of data, including specific qualitative and quantitative standards for the data sets, based on the criteria of accuracy, completeness and appropriateness; the use of assumptions made in the collection, processing and application of data; the process for carrying out data updates to the internal model, including the frequency of regular updates and the circumstances that 1A: Confirm that the firm has: i) A written data policy approved by management with an appropriate degree of challenge and oversight in its development as evidenced through discussions and debates in minutes and/or equivalent documentation. ii) Written procedures, technical guides and standards for implementing the data policy; iii) Implemented the policy across the organisation as is evident from: communication of the policy, associated procedures and standards to the relevant stakeholders and individuals responsible for ownership and management of data used in the internal model, and; understanding of the relevant stakeholders and individuals responsible for ownership and management of data used in the internal model
5 trigger additional updates and recalculations of the probability distribution forecast; a high level description of the risk and impact assessment process including the frequency with which the assessment process is conducted, and; the frequency of the review of the data policy, associated procedures, and standards. 2. Inadequate oversight of the development and implementation of the data policy increases the risk of poorly informed decision-making and non-compliance with the required quality and standards 2.1 To set the tone and provide appropriate oversight of the implementation of the data policy necessary for sound decision making 2.2 To ensure appropriate and timely reporting to support required governance and management decision making process and timely detection of issues The data governance structures and processes are operating as defined in the data policy and associated procedures and effective in: providing appropriate oversight in the application of the data policy; ensuring that the data policy, associated procedures, and standards including the responsibilities and accountabilities of the various stakeholders across the firm, the quantity and quality of data metrics reported to management, the data directory, and the risk and impact assessment are kept under regular review; ensuring appropriate assurance is carried out and received for validating the quality of data used in the internal model Data quality metrics (qualitative and quantitative) defined in the data policy are reported (individually, aggregated or categorised) to 2A: Review the firm s data governance arrangements and their fit with the organisation structure to determine: completeness of oversight as shown, for example, by the terms of reference and agenda, and; key discussions, debates, decisions and approvals from a review of minutes. 2B: Review and assess: revision history, and changes made to the policy, associated procedures, standards, governance framework, data directory, risk and impact assessment.
6 appropriate levels of management on a regular basis to enable them to assess the quality of data and take remedial action when there are material issues. The system of reporting should include a deficiency management process whereby exceptions identified as a result of data quality checks and controls, which could have a material impact on the internal model, are escalated to appropriate levels of management and actions taken to address them on a timely basis. the nature and timeliness of MI reports received; the extent of exception reporting for appropriateness and effectiveness; remedial actions taken to resolve exceptions, and; through interviews with key personnel, the level of understanding of their governance responsibilities and MI reports. 3. Lack of a clear understanding of the data used in the internal model, and of its impact and vulnerabilities, can create gaps in ownership and control 3.1. To ensure that data used in the internal model, its impact and vulnerabilities has been clearly identified and maintained A directory of all data used in the internal model has been compiled specifying source, usage and characteristics including: storage (e.g. location, multiple copies) across the data flow to internal model; how data is used in internal model including any transformation (e.g. aggregation, enrichment, derivation) processes For each data set, a risk and impact (sensitivity) assessment has been performed to identify:- whether the impact of poor quality data 3A. Review the firm s data directory to determine its clarity, completeness and maintainability. 3B. Review the firm s risk and impact assessment for completeness, including an appropriate consideration of the outcome of the assessment against any issues reported in the data quality metrics. 3C. Confirm that the tolerance thresholds and materiality used are consistent with the reporting to the relevant management groups or governance oversight bodies.
7 (individually or in aggregation) on the internal model is material; the points in the data flow from source to internal model where likelihood of data errors is the greatest, and therefore, what specific data quality controls are required; tolerance threshold beyond which a data error could become material (individually or in aggregation). 4. Errors, omissions and inaccuracies in the data can undermine the integrity of the internal model and management decision making To ensure that data quality (complete, accurate, appropriate, and timely/current) is maintained in the internal model The management and data quality controls (preventative, detective, and corrective) proportional to the probability and materiality of potential data errors have been identified and implemented effectively. The controls should include (at a minimum): a having individuals with sufficient competence to conduct the manual data checks on accuracy, completeness and appropriateness b A well-defined and consistent process for refreshing or updating all data items in line with the data policy (timeliness and currency of data). The process must include appropriate change controls (automated or manual) that take into account any material impact (individually or in aggregation) on the internal model. 4A: Review and evaluate the firm s documented control procedures to assess their completeness and appropriateness in meeting the control objective. 4B: Assess the adequacy of training/experience of individuals responsible for critical stages of data checks. 4C: Assess the adequacy of change controls for a sample of key changes/updates made. 4D: Walk through the key validations and checks with key personnel to assess the degree of understanding and embedding c Data input validations (auto/manual) that 4E: Assess the operational
8 prevent data having incorrect or inconsistent format or invalid values d Completeness checks such as Reconciliation of data received against data expected. effectiveness of the key validations and checks. A process to assess if data is available for all relevant model variables and risk modules e Accuracy checks such as Comparison directly against the source (if available). Internal consistency and coherence checks of the received/output data against expected properties of the data such as age-range, standard deviation, number of outliers, and mean. Comparison with other data derived from the same source, or sources which are correlated f Appropriateness checks such as Consistency and reasonableness checks to identify outliers and gaps through comparison against known trends, historic data and external independent
9 sources. A definition and consistent application of the rules that govern the amount and nature of data used in the internal model. A process to assess the data used in internal model for any inconsistencies with the assumptions underlying the actuarial and statistical techniques or made during the collection, processing and application of data. 5. Unreliable IT environment, technology or tools can compromise the quality and integrity of the data and its processing within the internal model 5.1 To ensure that the quality of data and its processing for use in the internal model is maintained IT general computer (ITGC) controls over the data environment (for e.g. Mainframes, End User Computing applications such as spreadsheets, etc) that may have material impact on the internal model are established, such as: logical access management; development and change management (infrastructure, applications, and database); security (network and physical); 5A: Assessment of design and operational effectiveness of key ITGC controls that relate to the data sets as defined and required by the internal model. 5B: Review key IT MI reports such as network and access security breaches, system downtime, coding errors etc to determine whether any incidents that impact materially on the internal model have been followed through and resolved appropriately. business continuity; incident management and reporting, and;
10 other operational controls that support the collection (including data feeds), storage, analysis and processing.
Solvency II Data audit report guidance. March 2012
Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the
More informationWhite Paper: FSA Data Audit
Background In most insurers the internal model will consume information from a wide range of technology platforms. The prohibitive cost of formal integration of these platforms means that inevitably a
More informationLloyd s Managing Agents FSA Solvency II Data Audit
Lloyd s Managing Agents FSA Solvency II Data Audit Working in partnership with you to provide the independent assurance that your Data Audit Report fulfils Lloyd s and FSA Solvency II requirements Lloyd
More information19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe
www.pwc.com How do you monitor data quality? (...And why should you?) CAS Annual Meeting - November 2012 Henry Jupe Antitrust notice The Casualty Actuarial Society is committed to adhering strictly to
More informationSolvency II Detailed guidance notes
Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,
More informationInternal Model Approval Process (IMAP) Contents of Application (CoA) Template. August 2011 Version 1.0
Internal Model Approval Process (IMAP) Contents of Application (CoA) Template August 2011 Version 1.0 C O N T A C T D E T A I L S Physical Address: Riverwalk Office Park, Block B 41 Matroosberg Road (Corner
More informationLLOYD S MINIMUM STANDARDS
LLOYD S MINIMUM STANDARDS Ms1.7 UNDERWRITING DATA QUALITY October 2015 1 Ms1.7 UNDERWRITING DATA QUALITY UNDERWRITING MANAGEMENT PRINCIPLES, MINIMUM STANDARDS AND REQUIREMENTS These are statements of business
More informationPrudential Practice Guide
Prudential Practice Guide SPG 220 Risk Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users
More informationCentral Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models
2013 Central Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models 1 Contents 1 Context... 1 2 General... 2 3 Guidelines on Pre-application for Internal Models...
More informationSolvency II Own Risk and Solvency Assessment (ORSA)
Solvency II Own Risk and Solvency Assessment (ORSA) Guidance notes September 2011 Contents Introduction Purpose of this Document 3 Lloyd s ORSA framework 3 Guidance for Syndicate ORSAs Overview 7 December
More informationFollowing up recommendations/management actions
09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and
More informationOperational Risk Management Program Version 1.0 October 2013
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
More informationSolvency II Preparation and IMAP James Latto
and James Latto Contents 2 1 Balancing priorities Insurers need to balance priorities over the next year: Main focus is often on Pillar 3 and external reporting needs sufficient focus Ensure smooth transition
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationScenario Analysis Principles and Practices in the Insurance Industry
North American CRO Council Scenario Analysis Principles and Practices in the Insurance Industry 2013 North American CRO Council Incorporated chairperson@crocouncil.org December 2013 Acknowledgement The
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationEIOPACP 13/011. Guidelines on PreApplication of Internal Models
EIOPACP 13/011 Guidelines on PreApplication of Internal Models EIOPA Westhafen Tower, Westhafenplatz 1 60327 Frankfurt Germany Tel. + 49 6995111920; Fax. + 49 6995111919; site: www.eiopa.europa.eu Guidelines
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationOWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT
OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an
More informationBasel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk
Basel Committee on Banking Supervision Review of the Principles for the Sound Management of Operational Risk 6 October 2014 This publication is available on the BIS website (www.bis.org). Bank for International
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationGuidance Note: Stress Testing Class 2 Credit Unions. November, 2013. Ce document est également disponible en français
Guidance Note: Stress Testing Class 2 Credit Unions November, 2013 Ce document est également disponible en français This Guidance Note is for use by all Class 2 credit unions with assets in excess of $1
More informationFunctional and technical specifications. Background
Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationRisk Management Framework
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
More informationPART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)
Framework (Basel II) Internal Capital Adequacy Assessment PART A OVERVIEW...2 1. Introduction...2 2. Applicability...3 3. Legal Provision...3 4. Effective Date of Implementation...3 5. Level of Application...3
More informationORSA Implementation Challenges
1 ORSA Implementation Challenges Christopher Crombie, FSA, FCIA AVP ERM & Financial Risk Management Standard Life Assurance Company of Canada To CIA Annual Meeting June 21, 2013 2 Context Our Own Risk
More informationRisk Management Programme Guidelines
Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and
More informationCONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS
CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS 2 PROPOSAL 1.1 It is now widely recognised that one of the causes of the international financial
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationAdministrative Guidelines on the Internal Control Framework and Internal Audit Standards
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
More informationValidating Third Party Software Erica M. Torres, CRCM
Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationTHE INSURANCE BUSINESS (SOLVENCY) RULES 2015
THE INSURANCE BUSINESS (SOLVENCY) RULES 2015 Table of Contents Part 1 Introduction... 2 Part 2 Capital Adequacy... 4 Part 3 MCR... 7 Part 4 PCR... 10 Part 5 - Internal Model... 23 Part 6 Valuation... 34
More informationAll I want for Christmas is accurate, complete and appropriate data
Life conference and exhibition 2010 Jethro Green & Gordon Jennings All I want for Christmas is accurate, complete and appropriate data 7-9 November 2010 All I want for Christmas is accurate, complete and
More informationRisk Management. National Occupational Standards February 2014
Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills
More informationGUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS
GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute
More informationPractice Note. 23Revised. October 2009 AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE
October 2009 Practice Note 23Revised AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE The Auditing Practices Board (APB), which is part of the Financial Reporting Council (FRC), prepares for use
More informationM-MIS. Comptroller of the Currency Administrator of National Banks. Management Information Systems. Comptroller s Handbook. May 1995.
M-MIS Comptroller of the Currency Administrator of National Banks Management Information Systems Comptroller s Handbook May 1995 M Management Management Information Systems Table of Contents Introduction
More informationITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists
Incident ITSM Maturity Model 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident process exists Incident policies governing incident Incident urgency, impact and priority
More informationPART A: OVERVIEW...1 1. Introduction...1. 2. Applicability...2. 3. Legal Provisions...2. 4. Effective Date...2
PART A: OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provisions...2 4. Effective Date...2 PART B: INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS...3 5. Overview of ICAAP...3 6. Board and
More informationGuideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016
Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational
More informationThe validation of internal rating systems for capital adequacy purposes
The validation of internal rating systems for capital adequacy purposes by the Banking Policy Department Under the new Basel II capital adequacy framework 1, banks meeting certain supervisory standards
More informationAuditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationUniversity of New England Compliance Management Framework and Procedures
University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system
More informationService Integration &
This is a DRAFT document, being published for review & comment The content is therefore subject to change & revision This document is part of the XGOV Strategic SIAM reference set Service Integration &
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationon Asset Management Management
2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationBoard of Directors Meeting 12/04/2010. Operational Risk Management Charter
Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4
More informationHow to achieve excellent enterprise risk management Why risk assessments fail
How to achieve excellent enterprise risk management Why risk assessments fail Overview Risk assessments are a common tool for understanding business issues and potential consequences from uncertainties.
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationModel Risk, A company perspective Peter K. Reilly, FSA Valuation Actuary & Head of Actuarial Strategic Initiatives Aetna, Inc
Model Risk, A company perspective Peter K. Reilly, FSA Valuation Actuary & Head of Actuarial Strategic Initiatives Aetna, Inc 1 Agenda Thoughts/Observations on Model Risk Practical Considerations Aetna
More informationRoyal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information
Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY
More informationCapital Management Standard Banco Standard de Investimentos S/A
Capital Management Standard Banco Standard de Investimentos S/A Level: Entity Type: Capital Management Owner : Financial Director Approved by: Board of Directors and Brazilian Management Committee (Manco)
More informationSCHEDULE TO INSURANCE GROUP SUPERVISION AMENDMENT RULES 2015 SCHEDULE 3 (Paragraph 30) SCHEDULE OF FINANCIAL CONDITION REPORT OF INSURANCE GROUP [blank] name of Parent The schedule of Financial Condition
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationSolvency II Own risk and solvency assessment (ORSA)
Solvency II Own risk and solvency assessment (ORSA) Guidance notes MAY 2012 Contents Introduction Page Background 3 Purpose and Scope 3 Structure of guidance document 4 Key Principles and Lloyd s Minimum
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationThe Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act*
The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act* July 2004 *connectedthinking The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act Introduction
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More informationINTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS
Standard No. 13 INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS STANDARD ON ASSET-LIABILITY MANAGEMENT OCTOBER 2006 This document was prepared by the Solvency and Actuarial Issues Subcommittee in consultation
More informationCEIOPS Advice for Level 2 Implementing Measures on Solvency II: Articles 120 to 126. Tests and Standards for Internal Model Approval
CEIOPS-DOC-48/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: Articles 120 to 126 Tests and Standards for Internal Model Approval (former Consultation Paper 56) October 2009 CEIOPS e.v.
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationIntroduction. Table of Contents
Introduction To stay competitive, you know how important it is to find new ways to streamline and save on your company s operations. Learning how leading companies handle commercial payments can give you
More informationFrom ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca
From ICAAP/ORSA to ERM: Board and Senior Management Oversight Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca Agenda Basel II ICAAP Solvency II ORSA ERM From ICAAP/ORSA to ERM: Governance
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the
More informationSolvency II data requirements Raising the Bar
Solvency II data requirements Raising the Bar Rakesh Patel & Harj Cheema Agenda 1. 1 Recap of Solvency II data requirements 2. 2 Raising the bar challenges faced 3. 3 The role of tools and technology 4.
More informationBERMUDA MONETARY AUTHORITY
BERMUDA MONETARY AUTHORITY INSURANCE SUPERVISION DEPARTMENT GUIDANCE NOTES STANDARDS AND APPLICATION FRAMEWORK FOR THE USE OF INTERNAL CAPITAL MODELS FOR REGULATORY CAPITAL PURPOSES - REVISED - September
More informationCapital Adequacy: Advanced Measurement Approaches to Operational Risk
Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements
More informationInformation Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take
More informationMaking Business Intelligence Easy. Whitepaper Measuring data quality for successful Master Data Management
Making Business Intelligence Easy Whitepaper Measuring data quality for successful Master Data Management Contents Overview... 3 What is Master Data Management?... 3 Master Data Modeling Approaches...
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationBoard Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company )
Board Charter HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board approval date: 27 October 2015 Contents 1. Introduction and Purpose of this Charter...1 2. Role of the Board...1
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationRISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)
RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012) Integrated Risk Management Framework The Group s Integrated Risk Management Framework (IRMF) sets the fundamental elements to manage
More informationInsurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive
Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance
More information10-005 Enterprise Risk Management
10-005 Enterprise Risk Management Current update: 09/16/10 Original Issuance: 03/31/08 Purpose This policy provides guidance and direction to State Board of Administration business unit heads for identifying,
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationCapacity Management PinkVERIFY
CAP-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? CAP-11-G-002 Does the tool have security controls in place
More informationEffective AML Model Risk Management for Financial Institutions: The Six Critical Components
August 2012 Effective AML Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by John A. Epperson, Arjun Kalra, and Brookton N. Behm Audit Tax Advisory Risk Performance
More informationDraft Prudential Practice Guide
Draft Prudential Practice Guide SPG 532 Investment Risk Management May 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationLocation of the job: CFO Revenue Assurance
JOB PROFILE Title of position: Manager: Revenue Assurance Operations Number of subordinates: 5-10 Location of the job: CFO Revenue Assurance Level: 3 Position Code: Time span: 2-3 years Key Performance
More informationIntegrated Stress Testing
Risk & Compliance the way we see it Integrated Stress Testing A Practical Approach Contents 1 Introduction 3 2 Stress Testing Framework 4 3 Data Management 6 3.1 Data Quality 6 4 Governance 7 4.1 Scenarios,
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationACCEPTANCE CRITERIA FOR THIRD-PARTY RATING TOOLS WITHIN THE EUROSYSTEM CREDIT ASSESSMENT FRAMEWORK
ACCEPTANCE CRITERIA FOR THIRD-PARTY RATING TOOLS WITHIN THE EUROSYSTEM CREDIT ASSESSMENT FRAMEWORK 1 INTRODUCTION The Eurosystem credit assessment framework (ECAF) defines the procedures, rules and techniques
More informationSaldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology
Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4
More informationSound Practices for the Management of Operational Risk
1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required
More informationSubject ST9 Enterprise Risk Management Syllabus
Subject ST9 Enterprise Risk Management Syllabus for the 2015 exams 1 June 2014 Aim The aim of the Enterprise Risk Management (ERM) Specialist Technical subject is to instil in successful candidates the
More informationRisk Management Strategy EEA & Norway Grants 2009-2014. Adopted by the Financial Mechanism Committee on 27 February 2013.
Risk Management Strategy EEA & Norway Grants 2009-2014 Adopted by the Financial Mechanism Committee on 27 February 2013. Contents 1 Purpose of the strategy... 3 2 Risk management as part of managing for
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationStatement of Guidance
Statement of Guidance Asset Management & Investment Strategy For Insurance Companies 1. Statement of Objectives To ensure that assets are managed in a sound and prudent manner that is consistent with the
More information