6Internal/External Changes Consider Changes to:NRSRO RatingsOwnership/Management/ Corporate StructureBusiness Strategy/PlanCPA Report or AuditorLegal or Regulatory Status
7Priority SystemPriority System Based on Dept. analysis and NAIC financial Analysis tools:Scoring SystemATS ResultsIRIS Ratios
8Develop Ongoing Supervision That Includes: Supervisory PlanDevelop Ongoing Supervision That Includes:Frequency of ExamsScope of ExamsMeetings with Company ManagementFollow-Up on RecommendationsFinancial Analysis Monitoring
10Seven-Phase Examination Process 1-4 Phase 1 – Understand the Company and Identify Key Functional Activities to be ReviewedPhase 2 – Identify and Assess Inherent Risks in ActivitiesPhase 3 – Identify and Evaluate Risk Mitigation Strategies/ControlsPhase 4 – Determine Residual Risk
11Seven-Phase Examination Process 5-7 Phase 5 – Establish/Conduct Exam ProceduresPhase 6 – Update Prioritization and Supervisory PlanPhase 7 – Draft Exam Report and Management Letter Based on Findings
13Phase 1 – Understand the Company/Identify Key Activities Parts to Phase 1Understanding the CompanyUnderstanding the Corporate Governance StructureAssessing the Adequacy of the Audit FunctionIdentifying Key Functional ActivitiesConsideration of Prospective Risks
14Phase 1 – Understand the Company/Identify Key Activities Steps to Part 1-Understanding the CompanyGather Necessary Planning InformationReview the Gathered InformationAnalytical and Operational ReviewsConsideration of Information Technology RiskUpdate the Insurer Profile
15Phase 1 – Understand the Company/Identify Key Activities Part 2- Understanding the Corporate Governance StructureUnderstanding the Organizational StructureUnderstanding & Assessing the Board of DirectorsUnderstanding & Assessing Management
16Phase 1 – Understand the Company/Identify Key Activities Part 3-Assessing the Adequacy of the Audit FunctionExternal auditInternal audit
17Phase 1 – Understand the Company/Identify Key Activities Part 3-Assessing the Adequacy of the Audit FunctionExternalProvide understanding of control structureUnderstand CPA’s risk assessmentReview compliance and substantive procedures
18Phase 1 – Understand the Company/Identify Key Activities Part 3-Assessing the Adequacy of the Audit FunctionInternalFinancialOperationalComplianceIS or Technology
20Phase 1 – Understand the Company/Identify Key Activities Part 4- Identify Key Functional ActivitiesIdentify key activities using company background information from various sources.
21Phase 1 – Understand the Company/Identify Key Activities Part 5-Consideration of Prospective RisksConsideration of prospective risks is an intrinsic element of a risk-focused examination and should occur throughout all phases of the examination process
22Phase 2 – Identify Inherent Risk Key activities and sub-activities identified in Phase 1 are the building blocks for identifying inherent risk.Inherent risk is the risk before considering internal controls.The examiners asks the question, “What can go wrong?” for each of the key activities.
23Phase 2 – Identify Inherent Risk Inherent risk that has been identified is then classified into the branded Risk Classifications.CreditMarketPricing/UnderwritingReservingLiquidityOperational/ Financial Rptg.LegalStrategicReputational
24Phase 2 – Assess Inherent Risk Inherent risk is assessed by considering:the likelihood of occurrence,the magnitude of impact andexaminer’s judgment.
25Phase 2 – Assess Inherent Risk Likelihood of Occurrence: The likelihood that the risk will occur or would prevent a process or activity from attaining its objectives.Low: rare occasions.Moderate-low: at some time.Moderate-high: probably occur at some time.High: expected to occur most of the time.
26Phase 2 – Assess Inherent Risk Magnitude of Impact:The potential impact or potential materiality of a risk.Magnitude of Impact is measured as:Threatening: Greater than 5% of surplusSevere: 3-5% of surplusModerate: 1-3% of surplusImmaterial: Less than 1% of surplus
28Phase 3 – Risk Mitigation Strategies The insurer’s control risk should be assessed by determining how well the risk mitigation strategies/controls offset the inherent risks identifiedLeverage off work of external/internal audit and company self-assessments.
29Phase 3 – Risk Mitigation Strategies The Overall Risk Mitigation Strategy/Control Assessment ratings to be indicated in the Risk Assessment Matrix are:Strong Risk ManagementModerate Risk ManagementWeak Risk Management
31Phase 4 – Determine Residual Risk Strong ControlsModerateControlsWeak ControlsHigh IRModerate to HighHighModerate IRLow to ModerateLow IRLowIR = Inherent Risk
32Phase 5 – Establish/Conduct Exam Procedures After completion of the Risk Assessment for key activities, the nature and extent of testing can be determined and the examination procedures designed accordingly.Examination procedures should be selected to correspond with the financial reporting and other than financial reporting risks noted within the entity.
33Phase 5 – Establish Exam Procedures Key Concept:Focus examination effort where there is more risk.Examination procedures should be designed to focus on the risks that remain after consideration of internal controls.High Residual Risk – Substantive testsModerate Residual Risk – Fewer substantive tests and analytical proceduresLow Residual Risk – Minimal substantive tests, more analytical procedures, potentially eliminate tests.
34Phase 6 – Update Prioritization and Supervisory Plan From relevant and material findings:Update priority scoreEstablish the Supervisory Plan for on-going analysisExamination Report and Management Letter should be a reflection of the Prioritization and Supervisory Plan
35Phase 7 – Draft Exam Report and Management Letter Examination Report – Contains the findings of the examination related to the scopeManagement Letter – Optional tool to convey results and observations noted during the exam that are not needed in the public reportVehicle for ongoing dialogue with insurerContent determined by state insurance department
36Timeline– Training Program for Implementation of the Risk-Focused ProcessDual Examination ApproachHandbook Revisions Exposed for Comment2004 Adoption of Risk-Focused Surveillance Framework2010 Proposed Accreditation Standards2006 – Adoption of the Revisions to the NAIC Financial Condition Examiners Handbook