Presentation on theme: "Internal Control and Internal Audit"— Presentation transcript:
1 Internal Control and Internal Audit Teija KorpiahoMalta, 8/4/201019 April 2017
2 Index Internal Control Internal Audit Concept and elements Control environmentControl activitiesCommunicationMonitoringDocumentationCompliance functionInternal AuditDuties and responsibilitiesProportionality19 April 2017
3 BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE INTERNAL CONTROL≠INTERNAL AUDITBUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE19 April 2017
4 Article 41 - General governance requirements … an effective system of governance …. sound and prudent management of the business.The system of governance shall be subject to regular internal review.The system of governance shall be proportionate to the nature, scale and complexity of the operations of the insurance or reinsurance undertaking.written policies …in relation to … internal control, internal auditInsurance and reinsurance undertakings shall take reasonable steps to ensure continuity and regularity in the performance of their activities, including the development of contingency plans.19 April 2017
5 SRP ORSA Risk Management Internal Control SCR-std Strategic risk MarketRiskCredit RiskSCR-stdUnderwritingriskOperationalriskInternal Control
6 Article 46 - Internal control …undertaking shall have in place an effective internal control system.The system shall at least includeadministrative and accounting procedures,an internal control framework,appropriate reporting arrangements at all levels of the undertakinga compliance function.
7 Internal Control – the concept A set of continually operating processes involving the administrative, management or supervisory body and all levels of personnel.Designed to secure at least the following:a) Effectiveness and efficiency of the undertaking’s operations in view of its risks and objectives;b) Availability and reliability of financial and non-financial information; andc) Compliance with applicable laws, regulations and administrative provisions.The more principles (and risk) based regulation the more is required from the internal control and risk management of the undertakings
8 Elements of Internal Control Control environmentIntegrity and Ethical valuesCompetenceControl activitiesTo ensure that management directives are carried out: approvals, verifications, authorizations etc.CommunicationReporting and communication linesAll levels of the organizationMonitoringManagement and supervisory activities, activities by the personnelRecommendations by Internal and external auditorsCompliance
9 Documentation A key element of Internal Control Well documented = writtenApproved by administrative or management bodyUpdated at least annuallyStrategies onBusiness, risk management (incl. liquidity, concentration risk, credit risk, operational risk), underwriting and reserving, investment and ALM, reinsurance, internal auditPolicies onrisk management, underwriting, remuneration, investment and ALM, internal control, outsourcing, disclosure, informationPlans oncontingency and compliance
10 Article 46 - Internal control …..The compliance function shall include advising the administrative or management body on compliance with the laws, regulations and administrative provisions adopted pursuant to this Directive. It shall also include an assessment of the possible impact of any significant changes in the legal environment on the operations of the undertaking concerned and the identification and assessment of compliance risk.
11 Compliance FunctionCompliance risk = the risk of legal or regulatory sanctions, material financial loss or loss to reputation an undertaking may suffer as a result of not complying with laws, regulations and administrative provisions as applicable to its activities.Compliance function - to ensure the undertaking comply with applicable laws and regulatory requirements.Compliance planReporting: to report any major compliance problems it identifies to the administrative or management body.
12 One size does not fit all CEIOPSOne size does not fit allThe internal control system should take into considerationThe risks of the undertakingThe way undertaking is organizedThe information system in useThe decision making systemEtc. etc.Make the internal control system right for your undertaking!19 April 2017
13 Article 47 - Internal audit Insurance and reinsurance undertakings shall provide for an effective internal audit function.The internal audit function shall include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the system of governance.
14 Article 47 - Internal audit The internal audit function shall be objective and independent from the operational functions.Any findings and recommendations of the internal audit shall be reported to the administrative, management or supervisory body which shall determine what actions shall be taken with respect to each of the internal audit findings and recommendations and shall ensure that these actions are carried out.19 April 2017
15 Internal Audit 1(2) Systematic approach to evaluate and improve IndependentFrom audited activitiesOwn initiativeFree access to all informationUnder direct control of administrative, management or supervisory bodyDirect communication with staffFree to express opinionEffectiveResource, remunerationObjective
16 Internal Audit 2(2) Audit charter Audit plan The purpose, authority and responsibilityAudit planAudit work for next year(s)Based on risk analysisAnnually reporting to the administrative, management or supervisory bodyFollow up of the recommendations
17 The function must be in place but outsourcing is possible ProportionalityAll undertakings shall have internal audit functionThe requirements of the directive should be proportionate to the nature, scale and complexity of the risks inherent in the business of an insurance or reinsurance undertaking.Not the size of the undertaking!The function must be in place but outsourcing is possible19 April 2017