Internal Audit in Solvency II

advertisement
Internal Audit in Solvency II
Mag. Angela Witzany CIA
Sparkassen Versicherung AG
Vienna Insurance Group
10 Years Ago
 Dot com bubble explodet
 WorldCom bankruptsy as highest damage
till 2002 : 80 billions US$
 Fraudulent Top Management
 In fraud involved statutory auditors
 Disclosure by Whistleblowers
 Whistleblowing Internal Auditors
Mag. Angela Witzany
Internal Audit in Solvency II
2
Sarbanes Oxley Act
 Reaction to Enron, WorldCom etc.
 US listed companies and worldwide subsidiaries
 Installation of the Public Company Accounting
Oversight Board (PCAOB)
 Internal Control Over Financial Reporting
Requirements (Sec. 404)
 Whistleblowerprocedure under responsibility of
audit committee
 Whistleblower protection
Mag. Angela Witzany
Internal Audit in Solvency II
3
SOX Today
 Biggest World Economic Crisis in the history
 Lehman Bancruptcy with accounting fraud
Whistleblower was fired, statutory auditor did nothing
 Madoff‘s Ponzi Scheme
SEC ignored the whistleblower 8 years
 The expenditure of SOX outweights the benefits
 AIG, till then largest insurance of the world:
rescued by US government with 200 billions US$
 AIG difficulties were not caused by its insurance operations but by
its rash involvement in complex financial instruments such as
credit default swaps
 Federal regulator: OTS (Office of Thrift Supervision)
Responsible for Savings and Loans Companies
 Dodd – Frank Wall Street Reform and Consumer Protection Act
2010 – Three new regulators ?
Mag. Angela Witzany
Internal Audit in Solvency II
4
EU Directive on statutory audits
 EU Directive 2006/43: Not an European SOX
 Since public – interest entities have a higher
visibility and economically more important, stricter
requirements should apply in the case of a
statutory audit of their annual or consolidated
accounts.
Directive 2006 / 43 Wheras 23
 „Public – interest entities“ means entities … whose
transferable securities are admitted to trading on a
regulated market, credit institutions and insurance
undertakings.
Directive 2006 / 43 Article 2 / 13
Mag. Angela Witzany
Internal Audit in Solvency II
5
Audit Committee
in Public – Interest Entities
 Audit committees and an effective internal control system
help to minimise financial, operational and compliance risks,
and enhance the quality of financial reporting.
Directive 2006 / 43 Whereas 24
 Each public – interest entity shall have an audit committee.
 At least one member of the audit committee shall be
independent an shall have competence in accounting and /
or auditing.
 Member states may permit the functions assigned to the
audit committee be performed by the administrative or
supervisory body as whole.
Directive 2006 / 43 Article 41 / 1
Mag. Angela Witzany
Internal Audit in Solvency II
6
Audit Committee and IA
 Whithout prejudice the responsibility of the members of the
administrative, management or supervisory bodies …. the
audit committee shall, inter alia:
 monitor the financial reporting process,
 monitor the effectiveness of the company‘s internal control,
internal audit where applicable and risk management
systems,
 monitor the stuary audit of annual and consolidated
accounts,
 Review and monitor the independence of the statutory
auditor.
Directive 2006 / 43 Article 41 / 2
Mag. Angela Witzany
Internal Audit in Solvency II
7
Objectives of regulation
 The main objective of insurance and reinsurance
regulation and supervision is the adequate
protection of policy holders and beneficiaries.
 The term beneficiaries is intended to cover any
natural or legal person who ist entitled to a right
under an insurance contract.
 Financial stability and fair stable markets are other
objectives of insurance and reinsurance
regulations and supervision.
Directive 2009 / 138 Whereas 16
Mag. Angela Witzany
Internal Audit in Solvency II
8
Necessity of Solvency II
 The protection of policy holders presupposes that
insurance and reinsurance undertakings are
subject of effective solvency requirements that
result in an efficient allocation of capital across the
European Union.
 In light of market development the current system
is no longer adequate.
 It is therefore necessary to introduce a new
regulatory framework.
Directive 2009 / 138 Whereas 14
Mag. Angela Witzany
Internal Audit in Solvency II
9
Importance of Governance System
 Some risks may only be properly addressed
through the quantitative requirements reflected in
the Solvency Capital Requirements.
 An effective system of governance is therefore
essential for the adequate management of the
insurance undertaking and for the regulatory
system.
Directive 2009/138/EC Whereas 29
Mag. Angela Witzany
Internal Audit in Solvency II
10
Key Functions
 The System of Governance includes the risk –
management function, the compliance function, the
internal audit function and the actuarial function.
Directive 2009 / 138/ EC Whereas 30
 The functions included in the system of
governance are considered to be key functions and
consequently also important and critical functions.
Directive 2009 / 138 / EC Whereas 33
Mag. Angela Witzany
Internal Audit in Solvency II
11
Functions
 A function is an administrative capacity to undertake
particular governance tasks.
 The identification of a particular function does not prevent
the undertaking from freely deciding how to organise the
function in practice. It should be possible to be staffed by
own staff, to rely on advice from outside experts or be
outsourced.
Directive 209 / 38 / EC Whereas 31
 Furthermore, save as regards the internal function, in
smaller and less complex undertakings it should be possible
for more than one function to be carried out by a single
person or organisational unit.
Directive 209 / 38 / EC Whereas 32
Mag. Angela Witzany
Internal Audit in Solvency II
12
Fit and Proper
 All persons that perform key functions should be fit
and proper.
Directive 2009 / 138 / EC Whereas 34
 Fit: Professional qualifications, knowledge and
experience are adequate to enable sound and
prudent management.
 Proper: Good repute and integrity.
Directive 2009 / 138 / EC Article 42 / 1 / a, b
Mag. Angela Witzany
Internal Audit in Solvency II
13
Internal Control
 Insurance an reinsurance undertakings shall have
in place an effectice internal control system.
 The system shall at least include administrative
and accounting procedures, an internal control
framework, appropriate reporting arrangements at
all levels of the undertaking and a compliance
funktion.
Directive 2009 / 138 Article 46 / 1
Mag. Angela Witzany
Internal Audit in Solvency II
14
Compliance
 The compliance function shall include advising the
administrative, management or supervisory body
on compliance with the laws, regulations and
administrative provisions adopted pursuant to this
Directive.
 It shall also include an assessment of the possible
impact of any changes in the legal environment on
the operations of the undertaking concerned and
the identification and assessement of compliance
risk.
Directive 2009 /138 Article 46 / 2
Mag. Angela Witzany
Internal Audit in Solvency II
15
Risk Management
 Insurance and reinsurance undertakings shall have in place
an effective risk – management system, comprising
strategies, processes and reporting procedures necessary
to identify, measure, monitor, manage and report, on
continuous basis the risks, at an individual and at an
aggregated level, to wich they are or could be exposed, and
their independencies.
 The risk – management system shall be effective an well
integrated into the organisationel structure and in the
decision making process … with proper consideration of the
persons who effectively run the undertaking or have other
key functions.
Directive 2009 / 138 Article 44 / 1
Mag. Angela Witzany
Internal Audit in Solvency II
16
Covered Risks
 The risk – management system shall cover the risks to be
included in the calculation of the Solvency Capital
Requirement (Article 101/4) as well as the risks which are
not or not fully included in the calculation thereof.
 The risk – management system shall cover at least the
following areas: underwriting and reserving; asset – liability
management; investment, in particular derivates and similar
commitments; liquidity and concentration risk management;
operational risk management; reinsurance and other risk –
mitigation techniques.
Directive 2009 / 138 Article 44 / 2
Mag. Angela Witzany
Internal Audit in Solvency II
17
Internal Audit 1
 Insurance and reinsurance undertakings shall
provide for an effective internal audit function.
 The internal audit function shall include an
evaluation of the adequacy and effectiveness of the
internal control system [ including compliance
function ] and other elements of the system of
governance [ including risk management and
actuarial function ].
Directive 2009 / 138 / EC Article 47 / 1
Mag. Angela Witzany
Internal Audit in Solvency II
18
Internal Audit 2 + 3
 The internal audit function shall be objective and
independent from the operational functions.
 Any findings and recommendations of the internal
audit shall be reported to the administrative,
management or supervisory body which shall
determine what actions are to be taken with
respect to each of the internal audit findings and
recommendations and shall ensure that those
actions are carried out.
Directive 2009 / 138 / EC Article 47 2 / 3
Mag. Angela Witzany
Internal Audit in Solvency II
19
Outsourcing
 Insurance and reinsurance undertakings remain fully
responsible for discharging all of their obligations under this
Directive when they outsource functions or any insurance or
reinsurance activities.
Directive 2009 / 138 Article 49 / 1
 Outsourcing of critical or important operational functions or
activities shall not be undertaken in such way as to lead to
any as the following: materially impairing the quality of the
system of governance of the untertaking concerned; unduly
increasing the operational risk; impairing the ability of the
supervisory authorities to monitor the compliance of the
undertaking with ist obligations; undermining continuous
and satisfactory service to policy holders.
Directive 2009 / 138 Article 49 / 2
Mag. Angela Witzany
Internal Audit in Solvency II
20
Risk Level / Audit Intensity
1 – management, 2 – actuary, 3 – asset management,
4 – sales, 5 – marketing, 6 - legal
90
80
70
60
50
risk
audit
40
30
20
10
0
1
Mag. Angela Witzany
2
3
4
Internal Audit in Solvency II
5
6
21
Risk Level / Audit Intensity
1 – general administration, 2 – HR administration,
3 – underwriting, 4 – claims, 5 – controlling, 6 - accounting
80
70
60
50
Risk
Audit
40
30
20
10
0
1
Mag. Angela Witzany
2
3
4
Internal Audit in Solvency II
5
6
22
Characteristics of IA
1 – correct, 2 – helpful, 3 – independent,
4 – innovative, 5 – objective
100
90
80
70
60
50
40
30
20
10
0
IA
Board
1
Mag. Angela Witzany
2
3
4
Internal Audit in Solvency II
5
23
Contribution of IA to Company‘s
success, growth and security
100
90
80
70
60
50
40
30
20
10
0
IA
Board
success
Mag. Angela Witzany
growth
security
Internal Audit in Solvency II
24
Summary I
 Neither the economic system nor the managers nor
the internal auditors did learn anything from the
dot com bubble.
 Ad hoc regulations like SOX are expensive and not
really effective.
 Solvency II is a modern, wellprepared frame work
for the European insurance industry.
 Capital requirement will depend on accepted risks.
 The governance reqirements are as important as
the quantitative capital requirements.
Mag. Angela Witzany
Internal Audit in Solvency II
25
Summary II
 Risk Management , compliance, actuary and
Internal Audit are key functions.
 Internal Audit is the only key function, which is not
allowed to be merged with other functions.
 Responsible for key function as Internal Audit have
to be fit and proper.
 Internal Audit has to evaluate the internal control
system and the other key functions.
 As researches show, Internal Audit needs
immediatly a change of image.
Mag. Angela Witzany
Internal Audit in Solvency II
26
Conclusion
 To fulfill all requirements and chances of Solvency II,
Internal Audit needs a change in personal competence and
in special knowledge.
 IA has to work more risk orientated as today.
 IA has to accept gaps in knowledge and have to insource
missing capacities.
 IA is a part of internal control and therefore not a part or an
assistant of the Supervisory Authority.
 Top Management, Internal Audit and the Supervisory Board
have to agree about the goals of Internal Audit and are
obliged to work together respectfully and
trustingly and not because of public regulations.
Mag. Angela Witzany
Internal Audit in Solvency II
27
Thank you for your attention!
 If you need any additional information, feel free to
contact me:
 Mag. Angela Witzany, CIA
angela.witzany@s-versicherung.at
Mag. Angela Witzany
Internal Audit in Solvency II
28
Download