Phases of a Risk-Focused Examination

advertisement
State Examinations
Have No Fear, Help is Here
Risk-Focused Financial Condition Exams
• NAIC mandated for state insurance departments
beginning 1/1/2010
• Goal is to identify solvency issues earlier
• Compliance with laws and regulations
Risk-Focused Financial Condition Exams
Difference between former approach and riskfocused approach
• Former approach: Find material misstatements through
detailed testing of account balances
• New approach: Evaluate effectiveness of risk management
function; conduct testing in areas with high residual risk
Risk-Focused Financial Condition Exams
Phases of a Risk-Focused Examination
Phase 1
Understand the company and identify key functional activities to be
reviewed
Phase 2
Identify and assess inherent risk in activities
Phase 3
Identify and evaluate risk mitigation strategies/controls
Phase 4
Determine residual risk
Phase 5
Establish/conclude examination procedures
Phase 6
Update prioritization and supervisory plan
Phase 7
Draft examination report and management letter based up on findings
Pre-Examination Phase
Review recent financial examination reports released by
your state’s department of insurance
• Available on states’ websites
• Findings may be similar from company to company
• Evaluate your company’s compliance relative to these findings
Pre-Examination Phase
Familiarize yourself with the NAIC’s Financial Condition
Examiner’s Handbook
•
Examination repositories (control listings)
•
Sample interview questions
•
Exam planning questionnaires
Pre-Examination Phase
• Update/create process documentation including IT and
corporate governance functions
• Consider whether controls are evidenced
Risk-Focused Financial Condition Exams
Phase 1: Understand company and identify key
functional activities
•
•
•
•
•
Corporate governance
Audit function
Risk management program
Key business processes/units
Prospective risks
Risk-Focused Financial Condition Exams
Corporate governance – “Tone at the Top”
•
•
•
•
Competency
Independence
Code of conduct
Involvement in risk management
Risk-Focused Financial Condition Exams
Audit function
• Independent
• Maintain or improve effectiveness of risk management
function
• Assure accuracy and completeness of financial reporting
• Operational effectiveness
Risk-Focused Financial Condition Exams
Risk management program
•
•
•
•
•
Active board oversight
Adequate processes, monitoring and management
Clear policies, authorization limits and procedures
Comprehensive internal controls
Compliance with laws and regulations
Risk-Focused Financial Condition Exams
Key business process/units
• Activities and sub-activities
• Information technology
• Third party relationships
o SSAE 16 reports
Risk-Focused Financial Condition Exams
Prospective risks
•
•
•
•
•
•
•
Asset liability matching
Loss reserve development
Pricing and underwriting
Reinsurance
Growth, earnings
Capital adequacy
Other business risks
Risk-Focused Financial Condition Exams
Phase 2: Identify and assess inherent risks
•
•
•
•
C-level interviews
Financial and environmental review
IT risk assessment
Likelihood of occurrence and significance of impact
Risk-Focused Financial Condition Exams
C-level interviews
• Tone at the top
• Risk areas
• Corporate strategy
Risk-Focused Financial Condition Exams
Prepare for C-level interviews
• Circulate sample questions in advance
• Consistent message
Risk-Focused Financial Condition Exams
Financial and environmental review
• Environmental pressures
• Key solvency risks
Risk-Focused Financial Condition Exams
Assess IT risk
•
•
•
•
•
•
Quality and integrity of information
Access controls
Application controls
Availability of information
Security
Recoverability and business continuity
Risk-Focused Financial Condition Exams
Likelihood of occurrence and magnitude of impact
•
•
•
•
Percent of surplus
Material rating agency downgrade
Impact on reputation
Board and/or senior management attention
Risk-Focused Financial Condition Exams
Phase 3: Identify and evaluate risk
mitigation strategies/controls
•
•
•
•
•
Management oversight
Risk management program
Policies and procedures
Control monitoring
Compliance evaluation
Risk-Focused Financial Condition Exams
Management oversight and risk management
program
• Evaluated during Phase I
• Impacts activity-level controls
Risk-Focused Financial Condition Exams
Policies and procedures
• Comprehensive and documented?
• Followed?
Risk-Focused Financial Condition Exams
Control monitoring
•
•
•
•
Compare to commonly accepted standard
Perform control testing
Reliance on external auditor’s work
Evaluate control design and effectiveness
Risk-Focused Financial Condition Exams
Compliance evaluation
• Test control procedures
Risk-Focused Financial Condition Exams
Phase 4: Determine residual risk
Phase 5: Conduct exam procedures
Phase 6: Update prioritization
Phase 7: Draft examination report and
management letter
Overview of Phases 4-7
• Examiners consider the results of the control testing and then
apply professional judgment to determine whether the residual
risk in each business cycle is high, moderate or low
• High residual risk = Substantive, more detailed tests
• Moderate risk = Some substantive tests and analytical
procedures
• Low residual risk = Few, if any, substantive tests. Mostly high
level analytical procedures
Overview of Phases 4-7
Manage examination process using best practices
• Provide information in a complete and timely manner
• Participate in regular update meetings with examiners
• Carefully review exam report and management letter for
accuracy
Risk-Focused Financial Condition Exams
Contact Information
Marc Smith, CPA, CPCU
Partner
Johnson Lambert LLP
msmith@johnsonlambert.com
Kellie S. Mixon
Director of Finance
New Mexico Mutual
KellieM@NewMexicoMutual.com
Janet Byrne, CPA
Sr. Financial Controls Analyst
Pinnacol Assurance
Janet.byrne@pinnacol.com
Download