1 / 22

Session 2 Internal Control

Session 2 Internal Control. Regional Training Seminar IAIS-ASSAL San Salvador, El Salvador, 22-25 November 2010 Takao Miyamoto, IAIS Secretariat. Agenda. Introduction Purpose of Internal Control Framework Fundamentals Segregation of Duties Internal Control for Insurers Examples

hlangston
Download Presentation

Session 2 Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 2Internal Control Regional Training Seminar IAIS-ASSAL San Salvador, El Salvador, 22-25 November 2010 Takao Miyamoto, IAIS Secretariat

  2. Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 1

  3. What is Internal Control? • Organisational system comprised of series of structures, methods & procedures to ensure orderly & effective conduct of business activities • Compliance with laws & regulations • Implementation of general policy defined by management • Control & management of business risks • Quality of accounting & financial information • Who does what? When? For what purpose? • Steps to be followed • Not necessarily decision model (What should be done?) 2

  4. Objectives • Business is conducted in prudent manner in accordance with policies & strategies • Transactions are only entered into with appropriate authority • Assets are safeguarded • Accounting & other records provide complete, accurate & timely information • Management is able to identify, assess, manage & control risks and hold sufficient capital 3

  5. Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 4

  6. Players Board of directors (specific committees: e.g. audit, compensation) Compliance officer Internal auditors Every department, staff External auditors Actuaries Risk managers CPAs Supervisors 5

  7. Basic Elements • Organisational chart & manual • Persons authorised to sign for insurer • Persons empowered to make decisions • Delegation of authorities & responsibilities • Fit and proper • Appropriate recruitment, ongoing training, setting motivation • Nevertheless, supervision is necessary – error, fraud • Information gathering scheme • Filtered information? • Proportionality • Nature, scale & complexity of business • Cost-benefit consideration 6

  8. Three Factors for Fraud Rationalisation Motive/Incentive Opportunity • Financial problems • Unrealistic business objectives • Dissatisfied • “Everyone does it” • More likely to act when likelihood of detection is small 7

  9. Segregation of Duties • Internal control becomes weak if same person carries out two functions in same operation that simultaneously involves • Authorisation (decision-making) • Custody (preservation/protection/safeguarding) of assets • Recording • Could be adjusted appropriately to computerized environment • Checks & balance – avoiding self-supervision • Cross checking • Reciprocal control • Supervision by chain of command 8

  10. Examples • Accountant vs. Treasurer • Embezzlement of cash could be hidden by fraudulent accounting entries • Sales vs. Underwriting • Inappropriate risks could be accepted to meet sales targets • Actuary vs. Chief executive officer • Technical provisions could be understated to meet profit targets • Internal auditor vs. Chief financial officer • Internal audit could be pressured to minimize reporting of weaknesses • Systems designer vs. System user • Automated controls could be disabled to hide fraudulent transactions 9

  11. Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 10

  12. Relevance to Insurers • Examples • Risk assessment • Claims provisions • Safeguarding of investments • Asset-liability management (ALM) • Derivative instruments • Anti-money laundering • Computer systems • Use of intermediaries • Outsourcing 11

  13. Computer Systems • Risks • Error: could be repetitive & voluminous • Malicious intent or fraud: erroneous entries • Negligence: blind confidence in IT operations • Chance mishaps: crashing of software program • Points to be checked • Reliability of hardware • Data entered, data processing, data protection • Locks, passwords, unauthorised access & use • Protection against natural phenomena, backup • Programming accuracy 12

  14. Use of Intermediaries • Risks • Underwriting: accept poor risk • Fraud: withhold premiums, inflate premiums, insure non-existence policyholders • Financial: remittance of funds • Points to be checked • Control integrity of intermediaries • Segregate duties between intermediaries & departments in charge of pricing & issuing policies • Monitor positions of intermediaries regularly • Conduct internal audits 13

  15. Outsourcing • Risks • Legal: noncompliance of providers with legal requirement • Operational: loss of control, dependence, conflict of interest • General: incompetence of providers, deterioration of quality of service, excessive cost • Points to be checked • Board of directors feel sense of responsibility and act accordingly • Guidelines are prepared & complied • Insurer’s resources for analysing risks of outsourcing • Alternate solutions exist if problems arise • Insurer is empowered to terminate contract if difficulties arise 14

  16. Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 15

  17. Supervisors • Require insurers to have in place internal control • Responsibilities for establishment & effective operations of internal control lie with board of directors • Monitor reliability & effectiveness of internal control • Use findings of internal control in assessing insurer’s financial soundness & operating system • Have access to reports of internal audit • Onsite inspection include assessment of internal control system 16

  18. Internal Audit • Have unfettered access to all insurer’s business lines & departments • Assess outsourced functions • Have appropriate independence, including reporting lines to board of directors • Have status within insurer to ensure that senior management acts upon recommendations • Have sufficient resources &staff suitably trained & experienced to understand & evaluate business • Employ methodology that identifies key risks 17

  19. Comparison 18

  20. Stages Understanding of system • Study internal control manual • Review internal auditor’s report • Talks with officials Preparation of description of system • Not only accounting information • Supplementary information (e.g. new business statistics, claims by cost bracket) Verification of existence of system • Review processes whether systems are designed to eliminate or reduce risks of errors & fraud • May use pre-established questionnaires 19

  21. Stages Verification of effectiveness of system • Whether they are actually in operation • Onsite inspections • May repeat processing by test data Final assessment • Determine extent of confidence • Shortcomings & weaknesses Follow-up • Communicate results • Action plans for improvement 20

  22. ¡Muchas gracias! www.iaisweb.org takao.miyamoto@bis.org 21

More Related