6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Published byModified over 6 years ago
Presentation on theme: "6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA."— Presentation transcript:
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA
6/2/20152 Zurich North America Zurich North America, a leader in business insurance, provides property, casualty and specialty insurance and risk management solutions to businesses throughout the United States. Zurich North America also offers customers a range of financial services in more than 60 countries worldwide through the affiliated companies of the Zurich Financial Services Group. Zurich Financial Services Group.Zurich Financial Services Group.
6/2/20153 Management focus Significant risk and control issues Risk management and control aspects of the operations Risk identification, quantification and mitigation procedures Reliable assurance In short (and in the news!) ….. CORPORATE GOVERNANCE
6/2/20154 What is Corporate Governance? The system by which companies are directed and controlled The accountability of a board of directors and the chief executive to their stakeholders and the risk management architecture underpinning the actual and perceived fulfillment of this accountability
6/2/20156 Corporate Governance best practice Enterprise Risk Management (ERM): –A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic, operational and financial objectives (a ‘portfolio’ approach) Chief Risk Officer (CRO) –Assures continuity and consistency in risk management within an organization, bears direct responsibility for directing the organizations entire risk management process.
6/2/20157 The Zurich governance solution Enterprise level: Group Level Governance Chief Risk Officer: in Group Head Office ‘Local’ Risk Managers & Networks Risk Policy Manual & Procedures (ZRP) Risk Based Capital Total Risk Profiling (TRP) Internal Control Assessments (ICA)
6/2/20158 Strategy components Control Environment and Control Activities –Oversight structure and committees –Delegated Authorities and Powers Reserved –Compliance –Security –Risk management policy –Leadership commitment (to risk management)
6/2/20159 Strategy components (continued) Information and Communication –Communicate business objectives –Communication of risk management policy & goals –Internal risk reporting systems –Effective management information
6/2/201510 Strategy components (continued) Risk Assessment –Common risk language and approach –Identify emerging and existing risks –Source emerging and existing risks –Estimate, evaluate and prioritize risks identified –Establish accountability and actions at levels commensurate with risk
6/2/201511 Strategy components (continued) Monitoring –Internal monitoring (of risk management and internal control effectiveness) –Risk Key Performance Indicators –Internal Audit role –Internal Control Reporting
6/2/201512 So it’s that easy? No!! This is a management cultural shift A change in the “Tone at the Top” is required The strategy is prioritized: –Initial actions - get momentum; early ‘wins’ –Transform (crawl, walk, run …) –Target end state - level 3 of the Zurich ICA maturity model Management Board endorsement and active support for the strategy is essential
6/2/201513 Assurance? A positive declaration intended to give confidence Driver – the level of assurance of the effectiveness of risk management and control required –Low - self-assessment reports within operation –Medium – separate quality assurance activity within, or commissioned by, the operation –High – independent assurance from Internal Audit or other advisors independent of the operation The higher the assurance level, the higher the cost
6/2/201514 Assurance in Zurich North America Coordinate the results of review activity within the ERM framework: –self-assessments on risk & control issues –underwriting audits –claims technical audits –premium audits –profitability reviews –Internal Audit –External Audit
6/2/201515 Finally …. Any questions? Any ideas you would like to share? Brian Thank you for your attention, questions & ideas