Lloyd s Managing Agents FSA Solvency II Data Audit



Similar documents
Employers Liability Registers

Solvency II Data audit report guidance. March 2012

DATA AUDIT: Scope and Content

Capital Projects. Providing assurance over effective delivery of projects

Information Commissioner's Office

Contract risk and assurance

19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe

Introduction to Grant Thornton s General Insurance Actuarial Services

Transaction reporting. The challenges of MiFID and EMIR transaction reporting

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

White Paper: FSA Data Audit

Data analytics the changing use of data within Internal Audit

Information Commissioner's Office

DRAFT. Report to Governors on the Quality Report 2015/16. Royal United Hospitals Bath NHS Foundation Trust] Year ended 31 March May 2016

Domestic Actuarial Regime and Related Governance Requirements under Solvency II

Internal Audit - progress report and plan

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

Policy Statement: Licensing Policy in respect of those activities that require a permit under the Insurance Business (Jersey) Law 1996

Actuarial services that enhance performance. Insurance PRECISE. PROVEN. PERFORMANCE.

Corporate Data Quality Policy

IMAP Independent Review Guidelines

Information Commissioner's Office

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Policy: D9 Data Quality Policy

Effective Model Risk Management for Financial Institutions: The Six Critical Components

Cyber Security Evolved

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Manchester City Council

Alternative Investment Fund Managers Directive. What does this mean for your business?

OUTSOURCING AND SERVICE AUDITOR S REPORTS

JOB DESCRIPTION. Contract Management and Business Intelligence

Hertsmere Borough Council. Data Quality Strategy. December

Role of Actuaries in Solvency II Tamsin Abbey

Bodily Injury Thematic Review

Third party assurance services

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Report to Governors on the Quality Report 2013/14

The Annual Audit Letter for Torbay Council

Auditing data protection a guide to ICO data protection audits

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

Effective AML Model Risk Management for Financial Institutions: The Six Critical Components

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Corporate Governance Attestation Statement Health Support Services

Vendor Risk Management in the New Regulatory Environment. kpmg.com

UNIVERSITY BOARD SKILLS REVIEW MATRIX Page 1 of 5

Creating a compliant data management framework: the regulatory perspective

Internal Model Approval Process (IMAP) Contents of Application (CoA) Template. August 2011 Version 1.0

Solvency II Detailed guidance notes

CONSULTATION PAPER ON RISK MANAGEMENT AND INTERNAL CONTROL: REVIEW OF THE CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

Enterprise risk management: A pragmatic, four-phase implementation plan

INTRODUCTION. The Merlin Principles. The Elements of each Principle

Audit, Business Risk and Compliance Committee Charter

Sopra Steria - A Leader in the Insurance Industry

Hot Topic: Employers liability insurance registers meeting the FSA s requirements FS Regulatory Centre of Excellence 23 March 2012

Informing the audit risk assessment for Cannock Chase District Council

Complaints Standard. for Suppliers. Categorised as Basic (B or F)

BARNET AND SOUTHGATE COLLEGE JOB RESPONSIBILITY PROFILE. Head of Human Resources & Organisational Development

The Audit Plan for West Mercia Energy Joint Committee

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

MiFID II/MiFIR. Implications for Fund Managers. May Deloitte LLP. All rights reserved.

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

IAIS Insurance Core Principle 16

Informing the audit risk assessment for West Midlands Integrated Transport Authority Pension Fund

JOB DESCRIPTION. Human Resource Business Partner (Change Management) One Year Fixed-Term Contract

Data Quality Policy. Effective from April 2010

Information Governance Policy

CIIA South West Analytics in Internal Audit - Tackling Fraud

Wirral Council: Job Role Descriptor HR USE ONLY

PEACE MAP HOLDING LIMITED

New supervisory guidance on model Overview, analysis, and next steps

Audit, Business Risk and Compliance Committee Charter

Insurance Industry Expertise

FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market

Job Description. Working Hours Standard 35 hours per week Normally working Mon Fri 9am to 5pm with additional hours as required

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Audit, Business Risk and Compliance Committee charter

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Solvency II Own risk and solvency assessment (ORSA)

Past vs. Present: Third Party Risk

Update on Programme Management Controls & Risks

January Senior Insurance Managers Regime Strengthening accountability in insurance

Central Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models

Higher Education Review. A handbook for QAA subscribers and providers with access to funding from HEFCE undergoing review in

Programme Manager Relationship Management System

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

global solutions risk advisory services

Performance Standards and Test Procedures for Environmental Data Management Software. Martin Lloyd

Information Governance Strategy & Policy

Solvency II model assurance. 12 April 2012

Financial services regulatory compliance. Changing demands require the right perspective

ISO/IEC Information Security Management. Securing your information assets Product Guide

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

Administrative Data Quality Assurance Toolkit

Solvency II guidance notes. February 2012

Job purpose This role will play an integral part in the management and delivery of service to the business.

Transcription:

Lloyd s Managing Agents FSA Solvency II Data Audit Working in partnership with you to provide the independent assurance that your Data Audit Report fulfils Lloyd s and FSA Solvency II requirements

Lloyd s Managing Agents FSA Solvency II Data Audit FSA Solvency II Data Audit The FSA Solvency II Data Audit (Data Audit) is a component of the FSA s Solvency II Internal Model Approval Process (IMAP). It assesses all internal and non-proprietary external data which may materially impact the design and function of the proposed internal model. The Data Audit is focussed on the key sub-risks around aspects of data policy; oversight and governance; data; vulnerabilities and impact; data quality and data processing. Following completion of this assessment, the results should be presented in a Data Audit Report. Lloyd s requires all Managing Agents to submit a Data Audit Report by 15 June 2012 to Lloyd s. The primary purpose of the Data Audit Report is to demonstrate that an Agent s data management policies comply with the tests and standards set out in the Solvency II Directive to achieve internal model approval. Purpose of the Data Audit Report The primary purpose of the Data Audit Report is to demonstrate that an agent s data management policies comply with the tests and standards set out in the Solvency II directive. In addition, the Data Audit Report should demonstrate how the overall risk that the data used in the internal model does not meet the Solvency II requirements on data quality (complete, accurate, appropriate and timely) is considered. This overall risk is split into five sub-risks. As per Lloyd s Data Audit Report Guidelines (Draft) February 2012 Ownership and Independence The Data Audit Report should be produced as a result of a review conducted by a suitably qualified person, independent from the individuals responsible for the design, build, parameterisation and implementation of the internal model. The author of the Data Audit Report must therefore be independent of the normal operation of the model (e.g. Internal Audit). In conducting the review, the reviewer should apply professional judgement in deciding how the controls are assessed (e.g. sample size, depth of document review, interviewees, etc.) and how effective they are in addressing the risk. The review is not intended to assess the appropriateness of actuarial Expert Judgements with regards to data used in the Internal Model. However, any data, internal or external, (e.g. claims history, bond price movements, loss events, etc.) on the basis of which material expert judgments/assumptions and model calibrations are made, should be included in scope. The reviewer may make use of previous independent reviews (e.g. SOX compliance assessments, Internal/External Audit work, etc.), so long as the data, assumptions, calculation methodology and IT environment reviewed have not changed significantly. Where a managing agent makes use of previous reviews for this purpose, the agent should provide some explanation and justification as to why the previous review is still relevant and also for its use. As per Lloyd s Data Audit Report Guidelines (Draft) February 2012

Key requirements The scope of the Data Audit has now been defined through the draft Lloyd s guidance (with final versions due for issue on 30 March 2012) and has been developed in line with the FSA s published requirements. The challenges faced by Managing Agents in response to fulfilling the Data Audit requirements are extensive. Below we list the key areas, questions and objectives that the audit will need to address: Requirement Area Key Questions to Consider Key Control Objective(s) Data Policy How can we ensure our framework in respect of data is sustainable for the future? Are existing data policies, procedures and standards suitable? How can we develop or improve? Have we defined ownership and how data policies will be embedded into the organisation? Ensuring consistency in data policies and adherence to required Solvency II standards of data governance Oversight and Governance Data use, vulnerabilities and impact Data quality Data processing Do management really have a solid understanding of internal model data? Have we robust oversight and challenge of Management Information (MI) and data processes? Are exceptions and limitations in data understood, suitably investigated and corrected? How should we best set materiality, in the context of significant amounts of data? Do we understand where our data origination sources are? How do we maintain such data in an appropriate manner for model and other business use (e.g. MI generation)? Are agreed quality standards per our data policy being adhered to consistently? Are we able to critically evaluate all our IT General Controls within the IT control environment? Do we have effectively designed and operating IT controls (such as data security, change control and processing of data) to support corresponding data management controls? Is the information generated by end-user computing susceptible to distortion or manipulation, due to lack of controls to data amendments? Management have a thorough understanding of, and are accountable for reviewing, internal model data processes Recognising and remediating data errors, omissions or inaccuracies which may compromise data quality Assurance over data materiality and ensuring its consistent application throughout the organisation Maintenance of data quality standards to ensure demonstrable accuracy, appropriateness, completeness and timeliness Adequacy of technical expertise available to the firm Maintaining robust IT General Controls (e.g. change management and access controls) to safeguard data integrity. Issues around controls design and effectiveness around spreadsheets, SQL databases and other end user computing applications, which may be less controlled

Given the requirements and challenges noted in the adjacent table, a diverse set of skill-sets will be required to perform this audit and the review must be performed by suitably qualified individuals who are independent of model design, build, and operation (as per the Lloyd s Data Audit Report draft guidance published in February 2012 and the FSA External Review guidance published in July 2011). Managing Agents should be actively seeking specialist review assistance now to ensure the regulatory timeline for Data Audits is met and that a robust, independent and objective review is performed (in line with the Lloyd s draft guidance). Grant Thornton s data review and data management professionals are able to provide assurance to your Management and Non- Executives, Lloyd s and the FSA that they are compliant with the requirements. We feel our team s experience of supporting clients in the marketplace enables us to provide you with pragmatic, and independent audit challenge. Our approach to completing the Data Audit To address the requirements of the Data Audit, we have split our approach into 2 sections: 1 Foundation elements and 2 Specific elements Foundation elements Examining the adequacy of the oversight of data by management and the effectiveness of IT General Controls Specific elements Performing detailed analysis over data policies, quality and usage through 3 aspects The understanding of data management principles Experience of advising clients on data framework enhancements Where applicable, the use of data interrogation tools

Lloyd s Managing Agents FSA Solvency II Data Audit The Lloyd s Timeline for Data Audits Managing Agents are required to complete Data Audits between May and June 2012, with final Data Audit Reports due for submission to Lloyd s on 15 June 2012: Feb March April May June t *10 February 2012 Draft Data Report guidance t t *30 March 2012 Final Data Audit Report guidance *15 June 2012 Data Audit Report due Our experience and how we can help Grant Thornton s experienced data review and data management professionals are ideally placed to perform your Data Audit. We will draw on our experienced IT and business audit specialists to deliver objective, efficient and robust data audit assurance. We have experience of: objectively examining all required aspects of Solvency II data management (including data policy, governance, limitations, processing and IT environment including change management and spreadsheet assurance), using our highly experienced Technology Audit, Data and IT specialists working closely with key business areas (such as modelling teams, risk specialists, IT and Compliance) to fully understand and evaluate data management and data quality against Solvency II and FSA requirements providing assurance over all areas of IT environment, technology, tools and subsequent processing and controls and evaluating the impact on data management assessing the use of non-proprietary external and third-party data reliance, policies, processes and agreements, as well as corresponding internal governance and oversight delivering high quality audit evidence and results to fulfil the designated Lloyd s scope, detailing the assessment of internal control design and operating effectiveness, assessment of business process flows and gap analysis providing a continued presence to support future discussions with senior stakeholders and Lloyd s where required.

Why Grant Thornton? Grant Thornton can assist your organisation with the Lloyd s Data Audit through: highly experienced audit professionals, with dedicated specialist Data and IT staff and unparalleled access to deep expertise and relationship oversight proven experience using a specialist resource with regulatory and industry insight, allowing your organisation to meet all review deadlines on time and within budget providing objective, robust assurance and pragmatic solutions for improvement or next steps to be used internally and in discussion with Lloyd s and the FSA providing ongoing assurance for Solvency II internal model validation a long-standing commitment to excellent client service and support both during and after all engagements. Who should I contact for Data Audit assistance? Sandy Kumar Partner Head of Financial Services Business Risk Services T 020 7728 3248 E sandy.kumar@uk.gt.com Kiran Sudhakar Lead for IT Internal Audit Financial Services/Head of Technology Services Business Risk Services T 020 7728 2909 E kiran.sudhakar@uk.gt.com Other Related Services While this document focuses on the requirements of Data Audit for Lloyd s Managing Agents and how our data review and data management professionals can help, Grant Thornton s Business Consulting Division can also assist in the design and build of your data management framework, if required. This team has worked with a number of Managing Agents in designing their data dictionary and performing gap analysis. Should you require further assistance regarding this please do not hesitate to contact our Business Consulting Division. A contact is provided directly below. Sarah Talbott Lead for Insurance Internal Audit Financial Services Business Risk Services T 020 7865 2815 E sarah.d.talbott@uk.gt.com Mark A Spurlock Lead for Insurance Business Consulting Business Consulting Division Financial Services Advisory T 020 7865 2346 E mark.a.spurlock@uk.gt.com 2012 Grant Thornton UK LLP. All rights reserved. Grant Thornton means Grant Thornton UK LLP, a limited liability partnership. Grant Thornton UK LLP is a member firm within Grant Thornton International Ltd ( Grant Thornton International ). Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered by the member firms independently. This publication has been prepared only as a guide. No responsibility can be accepted by us for loss occassioned to any person acting or refraining from acting as a result of any material in this publication. www.grant-thornton.co.uk V21426

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information