Risk Assessment & Management:
Details for Firms undergoing a Site‐Based Risk Assessment
Risk Assessment
Unless a forensic or focussed review is agreed, a QBE risk assessment is designed to be as holistic as possible such that a
broad range of business, operational, and regulatory risks are addressed. Our risk assessment process is based on QBE’s
detailed Quality Assurance Questionnaires* as we believe quality assurance principles are the best foundation on which
to build a risk management system. The main areas covered by the detailed risk assessment are:
1.
2.
3.
4.
5.
6.
7.
Organisation and Structure
Business Planning
Financial Management
Prevention of Financial Crime
IT, Communications and Infrastructure
File Management
Document Management
8.
9.
10.
11.
12.
13.
14.
Client Care & Complaints
Case/Project/Work Management
Supervision
Use of Third Parties
Risk Management Systems
Continuous Improvement
Review of any recent claims activity
* Access to the QRisk Quality Assurance Questionnaires can be requested by contacting your underwriter or support.qrisk@uk.qbe.com
It is unusual for any one individual to be able to answer all assessment questions in each of these areas (unless your firm
is very small), and so it is generally more effective to share responsibility and hence the time involved for each of these
areas amongst several of your personnel. Risk assessments are based on discussions with those nominated contacts,
observation of processes (where practical), and review of records/data including client / project files, management files,
computer records, minutes, analyses and reviews. In advance of our visit, we will send you a comprehensive list of the
records we would expect to see during the assessment so that these can be made readily available on the day. These
Audit Preparatory Checklists are also available on the relevant profession’s web page at http://www.qbeeurope.com/risksolutions/professional-indemnity/index.asp.
Risk assessments are generally one day in length but in larger firms or firms with other offices and/or conducting work at
other premises, additional time may be needed. The number of days needed for the assessment will generally be agreed
between the underwriter, your senior contact (or broker if preferred), and the risk consultant. Dates and times are
mutually agreed but if the assessment is considered urgent, for instance following notification of one or more claims or
circumstances, then a fairly prompt date for completion and reporting may need to be agreed.
Risk Management
Outline findings will be advised at a closing meeting between your senior contact(s) and the risk manager, but the main
feedback is given via a written report which addresses the detailed findings and recommendations within each of the
areas listed above. You may be required to provide feedback on progress against the recommendations within a specific
timescale for the underwriter to consider, or you may wish to provide such feedback voluntarily in any case to
demonstrate improvements to your risk profile.
The report provided is a useful risk management tool as it can be used by management to monitor implementation of
recommendations against the priority levels set to ensure that risks are being controlled effectively. It can also form the
basis of an annual risk audit within your firm to ensure that controls remain effective, thus giving relevant stakeholders
greater confidence in the firm’s risk management system on an ongoing basis.
If you have any further queries please liaise with your QBE Risk Solutions contact should you already have one,
or contact us on RS@uk.qbe.com. You may wish to liaise via your broker if you prefer.
Site Audit Info Sheet
Page 1 of 1
Mar-15