220 likes | 226 Views
Session 2 Internal Control. Regional Training Seminar IAIS-ASSAL San Salvador, El Salvador, 22-25 November 2010 Takao Miyamoto, IAIS Secretariat. Agenda. Introduction Purpose of Internal Control Framework Fundamentals Segregation of Duties Internal Control for Insurers Examples
E N D
Session 2Internal Control Regional Training Seminar IAIS-ASSAL San Salvador, El Salvador, 22-25 November 2010 Takao Miyamoto, IAIS Secretariat
Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 1
What is Internal Control? • Organisational system comprised of series of structures, methods & procedures to ensure orderly & effective conduct of business activities • Compliance with laws & regulations • Implementation of general policy defined by management • Control & management of business risks • Quality of accounting & financial information • Who does what? When? For what purpose? • Steps to be followed • Not necessarily decision model (What should be done?) 2
Objectives • Business is conducted in prudent manner in accordance with policies & strategies • Transactions are only entered into with appropriate authority • Assets are safeguarded • Accounting & other records provide complete, accurate & timely information • Management is able to identify, assess, manage & control risks and hold sufficient capital 3
Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 4
Players Board of directors (specific committees: e.g. audit, compensation) Compliance officer Internal auditors Every department, staff External auditors Actuaries Risk managers CPAs Supervisors 5
Basic Elements • Organisational chart & manual • Persons authorised to sign for insurer • Persons empowered to make decisions • Delegation of authorities & responsibilities • Fit and proper • Appropriate recruitment, ongoing training, setting motivation • Nevertheless, supervision is necessary – error, fraud • Information gathering scheme • Filtered information? • Proportionality • Nature, scale & complexity of business • Cost-benefit consideration 6
Three Factors for Fraud Rationalisation Motive/Incentive Opportunity • Financial problems • Unrealistic business objectives • Dissatisfied • “Everyone does it” • More likely to act when likelihood of detection is small 7
Segregation of Duties • Internal control becomes weak if same person carries out two functions in same operation that simultaneously involves • Authorisation (decision-making) • Custody (preservation/protection/safeguarding) of assets • Recording • Could be adjusted appropriately to computerized environment • Checks & balance – avoiding self-supervision • Cross checking • Reciprocal control • Supervision by chain of command 8
Examples • Accountant vs. Treasurer • Embezzlement of cash could be hidden by fraudulent accounting entries • Sales vs. Underwriting • Inappropriate risks could be accepted to meet sales targets • Actuary vs. Chief executive officer • Technical provisions could be understated to meet profit targets • Internal auditor vs. Chief financial officer • Internal audit could be pressured to minimize reporting of weaknesses • Systems designer vs. System user • Automated controls could be disabled to hide fraudulent transactions 9
Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 10
Relevance to Insurers • Examples • Risk assessment • Claims provisions • Safeguarding of investments • Asset-liability management (ALM) • Derivative instruments • Anti-money laundering • Computer systems • Use of intermediaries • Outsourcing 11
Computer Systems • Risks • Error: could be repetitive & voluminous • Malicious intent or fraud: erroneous entries • Negligence: blind confidence in IT operations • Chance mishaps: crashing of software program • Points to be checked • Reliability of hardware • Data entered, data processing, data protection • Locks, passwords, unauthorised access & use • Protection against natural phenomena, backup • Programming accuracy 12
Use of Intermediaries • Risks • Underwriting: accept poor risk • Fraud: withhold premiums, inflate premiums, insure non-existence policyholders • Financial: remittance of funds • Points to be checked • Control integrity of intermediaries • Segregate duties between intermediaries & departments in charge of pricing & issuing policies • Monitor positions of intermediaries regularly • Conduct internal audits 13
Outsourcing • Risks • Legal: noncompliance of providers with legal requirement • Operational: loss of control, dependence, conflict of interest • General: incompetence of providers, deterioration of quality of service, excessive cost • Points to be checked • Board of directors feel sense of responsibility and act accordingly • Guidelines are prepared & complied • Insurer’s resources for analysing risks of outsourcing • Alternate solutions exist if problems arise • Insurer is empowered to terminate contract if difficulties arise 14
Agenda • Introduction • Purpose of Internal Control • Framework • Fundamentals • Segregation of Duties • Internal Control for Insurers • Examples • Role of Supervisors • Comparison with Internal Audit • Stages to Follow 15
Supervisors • Require insurers to have in place internal control • Responsibilities for establishment & effective operations of internal control lie with board of directors • Monitor reliability & effectiveness of internal control • Use findings of internal control in assessing insurer’s financial soundness & operating system • Have access to reports of internal audit • Onsite inspection include assessment of internal control system 16
Internal Audit • Have unfettered access to all insurer’s business lines & departments • Assess outsourced functions • Have appropriate independence, including reporting lines to board of directors • Have status within insurer to ensure that senior management acts upon recommendations • Have sufficient resources &staff suitably trained & experienced to understand & evaluate business • Employ methodology that identifies key risks 17
Comparison 18
Stages Understanding of system • Study internal control manual • Review internal auditor’s report • Talks with officials Preparation of description of system • Not only accounting information • Supplementary information (e.g. new business statistics, claims by cost bracket) Verification of existence of system • Review processes whether systems are designed to eliminate or reduce risks of errors & fraud • May use pre-established questionnaires 19
Stages Verification of effectiveness of system • Whether they are actually in operation • Onsite inspections • May repeat processing by test data Final assessment • Determine extent of confidence • Shortcomings & weaknesses Follow-up • Communicate results • Action plans for improvement 20
¡Muchas gracias! www.iaisweb.org takao.miyamoto@bis.org 21