State Examinations Have No Fear, Help is Here Risk-Focused Financial Condition Exams • NAIC mandated for state insurance departments beginning 1/1/2010 • Goal is to identify solvency issues earlier • Compliance with laws and regulations Risk-Focused Financial Condition Exams Difference between former approach and riskfocused approach • Former approach: Find material misstatements through detailed testing of account balances • New approach: Evaluate effectiveness of risk management function; conduct testing in areas with high residual risk Risk-Focused Financial Condition Exams Phases of a Risk-Focused Examination Phase 1 Understand the company and identify key functional activities to be reviewed Phase 2 Identify and assess inherent risk in activities Phase 3 Identify and evaluate risk mitigation strategies/controls Phase 4 Determine residual risk Phase 5 Establish/conclude examination procedures Phase 6 Update prioritization and supervisory plan Phase 7 Draft examination report and management letter based up on findings Pre-Examination Phase Review recent financial examination reports released by your state’s department of insurance • Available on states’ websites • Findings may be similar from company to company • Evaluate your company’s compliance relative to these findings Pre-Examination Phase Familiarize yourself with the NAIC’s Financial Condition Examiner’s Handbook • Examination repositories (control listings) • Sample interview questions • Exam planning questionnaires Pre-Examination Phase • Update/create process documentation including IT and corporate governance functions • Consider whether controls are evidenced Risk-Focused Financial Condition Exams Phase 1: Understand company and identify key functional activities • • • • • Corporate governance Audit function Risk management program Key business processes/units Prospective risks Risk-Focused Financial Condition Exams Corporate governance – “Tone at the Top” • • • • Competency Independence Code of conduct Involvement in risk management Risk-Focused Financial Condition Exams Audit function • Independent • Maintain or improve effectiveness of risk management function • Assure accuracy and completeness of financial reporting • Operational effectiveness Risk-Focused Financial Condition Exams Risk management program • • • • • Active board oversight Adequate processes, monitoring and management Clear policies, authorization limits and procedures Comprehensive internal controls Compliance with laws and regulations Risk-Focused Financial Condition Exams Key business process/units • Activities and sub-activities • Information technology • Third party relationships o SSAE 16 reports Risk-Focused Financial Condition Exams Prospective risks • • • • • • • Asset liability matching Loss reserve development Pricing and underwriting Reinsurance Growth, earnings Capital adequacy Other business risks Risk-Focused Financial Condition Exams Phase 2: Identify and assess inherent risks • • • • C-level interviews Financial and environmental review IT risk assessment Likelihood of occurrence and significance of impact Risk-Focused Financial Condition Exams C-level interviews • Tone at the top • Risk areas • Corporate strategy Risk-Focused Financial Condition Exams Prepare for C-level interviews • Circulate sample questions in advance • Consistent message Risk-Focused Financial Condition Exams Financial and environmental review • Environmental pressures • Key solvency risks Risk-Focused Financial Condition Exams Assess IT risk • • • • • • Quality and integrity of information Access controls Application controls Availability of information Security Recoverability and business continuity Risk-Focused Financial Condition Exams Likelihood of occurrence and magnitude of impact • • • • Percent of surplus Material rating agency downgrade Impact on reputation Board and/or senior management attention Risk-Focused Financial Condition Exams Phase 3: Identify and evaluate risk mitigation strategies/controls • • • • • Management oversight Risk management program Policies and procedures Control monitoring Compliance evaluation Risk-Focused Financial Condition Exams Management oversight and risk management program • Evaluated during Phase I • Impacts activity-level controls Risk-Focused Financial Condition Exams Policies and procedures • Comprehensive and documented? • Followed? Risk-Focused Financial Condition Exams Control monitoring • • • • Compare to commonly accepted standard Perform control testing Reliance on external auditor’s work Evaluate control design and effectiveness Risk-Focused Financial Condition Exams Compliance evaluation • Test control procedures Risk-Focused Financial Condition Exams Phase 4: Determine residual risk Phase 5: Conduct exam procedures Phase 6: Update prioritization Phase 7: Draft examination report and management letter Overview of Phases 4-7 • Examiners consider the results of the control testing and then apply professional judgment to determine whether the residual risk in each business cycle is high, moderate or low • High residual risk = Substantive, more detailed tests • Moderate risk = Some substantive tests and analytical procedures • Low residual risk = Few, if any, substantive tests. Mostly high level analytical procedures Overview of Phases 4-7 Manage examination process using best practices • Provide information in a complete and timely manner • Participate in regular update meetings with examiners • Carefully review exam report and management letter for accuracy Risk-Focused Financial Condition Exams Contact Information Marc Smith, CPA, CPCU Partner Johnson Lambert LLP msmith@johnsonlambert.com Kellie S. Mixon Director of Finance New Mexico Mutual KellieM@NewMexicoMutual.com Janet Byrne, CPA Sr. Financial Controls Analyst Pinnacol Assurance Janet.byrne@pinnacol.com