Exams, Audit, SOX/MAR, ERM, ORSA,...what s next??? James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud) Jmenck@eidebailly.com 214.680.6889
Progression of Oversight How did we get here??? Increased overlap nothing goes away! Corporate failures due to fraud Stakeholder concerns SIU ERM MAR Where do we go from here??? Pressure for efficiencies Increase in self-policing Increased reliance on the work of others 2
Progression of Financial Examinations Prospective Solvency Risks Internal Controls / Risk Assessment Reliance on the work of others Increased coordination Limited substantive procedures Accreditation 3
Model Audit Rule Annual Financial Reporting Model Regulation (Model Audit Rule) Modeled after SOX annual independent statutory audit Insurers with $500 million in annual direct and assumed premium or $1 billion for groups Additional board independence Internal Audit Management s report on internal controls We trust you 4
NAIC ORSA Regulation Risk Management and Own Risk and Solvency Assessment Model Act Based on the EU Solvency II Directive Assess risk specific to the insurer Assess solvency in a continuous and prospective way Focus on stress scenario testing Transparency Annual Confidential 5
NAIC Activities Risk-focused Surveillance (E) Working Group Eliminate redundant collection of insurer information Increase communication Annual peer review of exams of different state DOIs Ongoing search for efficiencies Group Solvency Issues (E) Work Group Group-solvency-related issues Supervisory colleges ORSA Pilot Project 6
U.S. Insurance Financial Solvency Framework Image courtesy of 2010 National Association of Insurance Commissioners 7
Financial Solvency Framework - 7 Core Principles 1. Regulatory reporting, disclosure and transparency 2. Off-site monitoring and analysis 3. On-site regulatory examinations 4. Reserves, Capital Adequacy and Solvency 5. Regulatory Control of Significant, Broad-based Riskrelated Transactions/Activities 6. Preventive and Corrective Measurers, Including Enforcement 7. Exiting the Market and Receivership 8
NAIC 10 Critical Risks 1. Asset Valuation / Impairment 2. Liquidity 3. Investment Portfolio 4. Reinsurance Program 5. Reinsurance Reporting and Collectability 6. Underwriting / Pricing 7. Reserve Data 8. Reserve Adequacy 9. Related Party / Holding Company 10. Capital Management 9
Branded Risks Credit Market Pricing/Underwriting Reserving Liquidity Operational Legal Strategic Reputation 10
Branded Risks Assess each risk classification based on quantitative and qualitative information Consider prospective risk Risk trending Aggregate risk components for overall assessment 11
Regulatory Trends Cybersecurity Bill of Rights Dual Regulation International Standards Enhanced Monitoring Prioritization Quality of Capital Governance 12
State Regulator Considerations Availability of resources Industry Political pressures Laws and regulations Accreditation status Quarterly financial analysis 13
Reporting Objectives Solvency Risk Prospective Assessment Risks Fraud Financial Operational IT State Examinations X X X X X X X State Financial Analysis X X X External Audit X X X X X X Internal Audit X X X X X X X MAR/SOX X X X X X X ORSA X X X X X X X ERM X X X X X X X SIU X 14
Testing Focus State Examinations State Financial Analysis Internal Controls Financial Operational IT Safeguarding of Assets Review Corporate Governance Review Fraud Plan Process Walk- Throughs X X X X X If required Data Analysis Primary focus on review of Co. Internal Analysis NAIC Available Data Review internal analysis Strategic Plan Analysis Solvency X Prospective Risks Solvency Financial External Audit IT X X X X Going concern Going concern Financial Internal Audit Operational X X X X CAAT X X IT Financial Entity-Level Entity-Level MAR/SOX X X X X Financial IT Controls Controls Financial ORSA Operational X X X Rely on IA Stress testing X X IT Financial ERM Operational X X X Rely on IA X X X IT SIU Fraud Fraud Creates plan Fraud Fraud Fraud X 15
Audit Procedures Test Internal Controls Substantive Testing Reserving Practices Claims Handling Underwriting Practices / Policy Issuance Bank and Investment Confirmations Test Bank / Custodian Reconciliations Compliance with New Laws & Regulations Customer Service State Examinations Financial Operational IT Varies depending on IC reliance X Financial / Compliance X Year-End X X Complaints handling External Audit Financial IT Varies depending on IC reliance X Financial Pricing / FR Interim/Year- End X X Internal Audit Financial Operational IT X X X X X X X MAR/SOX Financial IT X Financial Pricing / FR IC Financial reporting 16
Techniques to Consider Managing Examinations Central point of contact Formal data requests Electronic format for responses Maintenance of request log Ongoing communication / responsive Early access to information / management / external auditor Access to adequate internet connection for electronic work papers on remote server 17
Techniques to Consider Managing Examinations Access to management reporting Entity-Level Controls Integrity Vertical communication Identification and testing of key controls Updated process flows / mapping / narratives Access to ERM reporting / supporting documentation 18
Techniques to Consider Managing Examinations Use Internal Audit to manage other audit activity Reduce duplication of efforts and disruption to the business Review auditor requests prior to delivery to the business Review documentation prior to delivery to the auditor/examiner/analyst Mock exams 19
Techniques to Consider External Audit Utilize Internal Audit s resources Incorporate regulatory concepts into audit plan / procedures Communicate and share strategy and prospective risk concerns - ERM, ORSA, Compliance Coordinate with State insurance department 20
Techniques for Internal Audit Coordinate with state insurance department Illustrate risk assessment process, results, and reporting Incorporate regulatory concepts into audit program and procedures Manage external and internal audit activity to minimize disruption to the business 21
Techniques for Internal Audit Exam and external audit assessment Focus on prospective risks Align resources with the business and prospective risks Ongoing risk assessment Incorporate business concerns into planned audits as much as possible 22
Techniques for Internal Audit Timing and scope of audits aligned with financial examination Premiums Underwriting/rating / pricing Commissions Claims (adjudication; timely; completeness/accuracy) Reinsurance program and accounting Customer service (Complaints) Approved advertising Corporate governance / ERM / ORSA assessment Focus on internal controls 23
Techniques for Internal Audit Assess compliance with laws and regulations Conduct SOX/MAR compliance testing Maximize Data analysis Fraud Financial analysis CAAT 24
Techniques to Consider Risk Management Focus on objectives and effective communication - avoid duplication of efforts Combine ERM and ORSA Incorporate Internal Audit Activities NAIC Branded Risks and analysis of Critical Risks Share results with regulator financial analyst Assess Capital 25
Questions? This presentation is presented with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns, as the contents of this presentation are intended for general informational purposes only. Viewers are urged not to act upon the information contained in this presentation without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and additional information can be submitted to your Eide Bailly representative, or to the presenter of this session. 26
Thank You! James Menck, Senior Manager, CPA, CIA, CFE, CFE (Fraud) Jmenck@eidebailly.com 214.680.6889