1 / 36

RISK-FOCUSED SURVEILLANCE FRAMEWORK UPDATE

RISK-FOCUSED SURVEILLANCE FRAMEWORK UPDATE. Agenda. Overview of Risk Assessment Cycle Conducting Risk-Focused Exams Seven Phases to Conducting Exams Status and Project Timeline. Risk Assessment Cycle. Examination. Risk Based Examination Identify Functional Activities

herve
Download Presentation

RISK-FOCUSED SURVEILLANCE FRAMEWORK UPDATE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RISK-FOCUSED SURVEILLANCE FRAMEWORK UPDATE

  2. Agenda • Overview of Risk Assessment Cycle • Conducting Risk-Focused Exams • Seven Phases to Conducting Exams • Status and Project Timeline

  3. Risk Assessment Cycle Examination Risk Based Examination Identify Functional Activities Identify/Assess Inherent Risk Identify & Evaluate Controls Determine Residual Risk Establish Procedures and Conduct Exam Update Supervisory Plan Exam Report//Mgmt Letter Supervisory Plan Develop Ongoing Supervision That Includes: • Frequency of Exams • Scope of Exams • Meetings with Company Management • Follow-Up on Recommendations • Financial Analysis Monitoring INSURER PROFILE SUMMARY Off-Site Risk Focused Financial Analysis Priority System Financial Analysis includes: Risk Assessment Results Financial Analysis Handbook Process Ratio Analysis (IRIS, FAST, Internal Ratios) Actuarial Analysis Update with internal/external changes Priority System Based on Dept. analysis and NAIC financial Analysis tools: Scoring System ATS Results IRIS Ratios Internal/External Changes Consider Changes to: • NRSRO Ratings • Ownership/Management/ Corporate Structure • Business Strategy/Plan • CPA Report or Auditor • Legal or Regulatory Status

  4. Examination Risk Based Examination Identify Functional Activities Identify/Assess Inherent Risk Identify & Evaluate Controls Determine Residual Risk Establish Procedures and Conduct Exam Update Supervisory Plan Exam Report//Mgmt Letter

  5. Off-Site Risk Focused Financial Analysis Financial Analysis includes: Risk Assessment Results Financial Analysis Handbook Process Ratio Analysis (IRIS, FAST, Internal Ratios) Actuarial Analysis Update with internal/external changes

  6. Internal/External Changes Consider Changes to: • NRSRO Ratings • Ownership/Management/ Corporate Structure • Business Strategy/Plan • CPA Report or Auditor • Legal or Regulatory Status

  7. Priority System Priority System Based on Dept. analysis and NAIC financial Analysis tools: • Scoring System • ATS Results • IRIS Ratios

  8. Supervisory Plan Develop Ongoing Supervision That Includes: • Frequency of Exams • Scope of Exams • Meetings with Company Management • Follow-Up on Recommendations • Financial Analysis Monitoring

  9. Insurer Profile Summary XYZ Insurance Insurer Profile Summary • General/Basic Information • Business Summary • Priority Rating • Regulatory Findings • Regulatory Plan • External Information • Key Financial Data • Overall Summary

  10. Seven-Phase Examination Process 1-4 • Phase 1 – Understand the Company and Identify Key Functional Activities to be Reviewed • Phase 2 – Identify and Assess Inherent Risks in Activities • Phase 3 – Identify and Evaluate Risk Mitigation Strategies/Controls • Phase 4 – Determine Residual Risk

  11. Seven-Phase Examination Process 5-7 • Phase 5 – Establish/Conduct Exam Procedures • Phase 6 – Update Prioritization and Supervisory Plan • Phase 7 – Draft Exam Report and Management Letter Based on Findings

  12. Risk Assessment Matrix

  13. Phase 1 – Understand the Company/Identify Key Activities Parts to Phase 1 • Understanding the Company • Understanding the Corporate Governance Structure • Assessing the Adequacy of the Audit Function • Identifying Key Functional Activities • Consideration of Prospective Risks

  14. Phase 1 – Understand the Company/Identify Key Activities Steps to Part 1- Understanding the Company • Gather Necessary Planning Information • Review the Gathered Information • Analytical and Operational Reviews • Consideration of Information Technology Risk • Update the Insurer Profile

  15. Phase 1 – Understand the Company/Identify Key Activities Part 2- Understanding the Corporate Governance Structure • Understanding the Organizational Structure • Understanding & Assessing the Board of Directors • Understanding & Assessing Management

  16. Phase 1 – Understand the Company/Identify Key Activities Part 3-Assessing the Adequacy of the Audit Function • External audit • Internal audit

  17. Phase 1 – Understand the Company/Identify Key Activities Part 3-Assessing the Adequacy of the Audit Function External • Provide understanding of control structure • Understand CPA’s risk assessment • Review compliance and substantive procedures

  18. Part 3-Assessing the Adequacy of the Audit Function Internal Financial Operational Compliance IS or Technology Phase 1 – Understand the Company/Identify Key Activities

  19. Phase 1 – Understand the Company/Identify Key Activities Corporate Governance Information Obtained Audit Assessment Management Assessment Key Activities Prospective Risks

  20. Phase 1 – Understand the Company/Identify Key Activities Part 4- Identify Key Functional Activities • Identify key activities using company background information from various sources.

  21. Phase 1 – Understand the Company/Identify Key Activities Part 5-Consideration of Prospective Risks • Consideration of prospective risks is an intrinsic element of a risk-focused examination and should occur throughout all phases of the examination process

  22. Phase 2 –Identify Inherent Risk • Key activities and sub-activities identified in Phase 1 are the building blocks for identifying inherent risk. • Inherent risk is the risk before considering internal controls. • The examiners asks the question, “What can go wrong?” for each of the key activities.

  23. Inherent risk that has been identified is then classified into the branded Risk Classifications. Phase 2 –Identify Inherent Risk

  24. Phase 2 –Assess Inherent Risk Inherent risk is assessed by considering: • the likelihood of occurrence, • the magnitude of impact and • examiner’s judgment.

  25. Phase 2 –Assess Inherent Risk Likelihood of Occurrence: The likelihood that the risk will occur or would prevent a process or activity from attaining its objectives. • Low: rare occasions. • Moderate-low: at some time. • Moderate-high: probably occur at some time. • High: expected to occur most of the time.

  26. Phase 2 –Assess Inherent Risk Magnitude of Impact: The potential impact or potential materiality of a risk. • Magnitude of Impact is measured as: • Threatening: Greater than 5% of surplus • Severe: 3-5% of surplus • Moderate: 1-3% of surplus • Immaterial: Less than 1% of surplus

  27. Phase 2 –Assess Inherent Risk

  28. Phase 3 – Risk Mitigation Strategies • The insurer’s control risk should be assessed by determining how well the risk mitigation strategies/controlsoffset the inherent risks identified • Leverage off work of external/internal audit and company self-assessments.

  29. Phase 3 – Risk Mitigation Strategies The Overall Risk Mitigation Strategy/Control Assessment ratings to be indicated in the Risk Assessment Matrix are: • Strong Risk Management • Moderate Risk Management • Weak Risk Management

  30. Phase 4 – Determine Residual Risk Inherent Risk – Internal Controls = Calculated Residual Risk Overall Residual Risk = Calculated Residual Risk +/- Examiner’s Judgment

  31. Phase 4 – Determine Residual Risk IR = Inherent Risk

  32. Phase 5 – Establish/Conduct Exam Procedures • After completion of the Risk Assessment for key activities, the nature and extent of testing can be determined and the examination procedures designed accordingly. • Examination procedures should be selected to correspond with the financial reporting and other than financial reporting risks noted within the entity.

  33. Phase 5 –Establish Exam Procedures Key Concept: Focus examination effort where there is more risk. Examination procedures should be designed to focus on the risks that remain after consideration of internal controls. • High Residual Risk – Substantive tests • Moderate Residual Risk – Fewer substantive tests and analytical procedures • Low Residual Risk – Minimal substantive tests, more analytical procedures, potentially eliminate tests.

  34. Phase 6 – Update Prioritization and Supervisory Plan • From relevant and material findings: • Update priority score • Establish the Supervisory Plan for on-going analysis • Examination Report and Management Letter should be a reflection of the Prioritization and Supervisory Plan

  35. Phase 7 – Draft Exam Report and Management Letter • Examination Report – Contains the findings of the examination related to the scope • Management Letter – Optional tool to convey results and observations noted during the exam that are not needed in the public report • Vehicle for ongoing dialogue with insurer • Content determined by state insurance department

  36. Timeline 2006 - 2009 – Training Program for Implementation of the Risk-Focused Process 2007-2009 Dual Examination Approach 2004-2006 Handbook Revisions Exposed for Comment 2004 Adoption of Risk-Focused Surveillance Framework 2010 Proposed Accreditation Standards 2006 – Adoption of the Revisions to the NAIC Financial Condition Examiners Handbook

More Related