Purchase of Insurance Internal Audit Checklist

advertisement
Purchase of Insurance Internal Audit Checklist
Completed by:
Functional Area:
Date Completed:
W/P Ref:
Question
A. Regulatory Risk Focus
1.
Has the institution’s management and board of directors discussed and researched
the need to purchase and maintain appropriate types and levels of insurance
coverage?
2.
Has the institution’s management and board of directors recognized and agreed to
the need to manage certain risks (including property, liability, and personnel)
through the purchase of appropriate types and levels of insurance?
3.
Has the institution’s board of directors adopted a policy to document and direct its
acknowledgement of the risks posed when purchasing insurance, and does its
implementation of appropriate internal controls safeguard the institution?
B. Major Policy Elements
1.
If the institution has adopted a policy to govern insurance purchases, does this
policy include the following elements at a minimum:
a.
Development of a pre-purchase analysis?
b.
Identification and management of associated risks?
c.
Overview of policy types and guidance?
2.
Does the institution’s insurance purchase policy also include any other
considerations necessary to ensure that the bank’s purchases are consistent with
safety and soundness practices?
3.
If the institution has adopted other policies to address the risks inherent in
purchasing specific types of insurance such as life insurance, are the existences of
those policies noted in the general policy for purchasing insurance?
C. Statement of Need and Purpose
1.
Does the institution’s insurance purchase policy address the inherent risks
associated with the purchase of insurance to ensure that the institution continues to
operate within safe and sound banking practices?
2.
Does the institution’s insurance policy explicitly provide a rationale for those
circumstances that would lead the institution to consider purchasing insurance?
D. General Objective
1.
Does the institution’s insurance purchase policy clearly articulate the will of the
directors and senior management to establish guidance and direct the
implementation of procedures to allow the bank to purchase insurance consistent
with safe and sound bank practices, including setting purchase parameters and
requiring risk analyses?
Yes/No
Comments
E. Specific Goals
1.
Does the institution’s policy clearly articulate the manner in which it will review the
potential purchase of insurance and those policies already purchased, including but
not limited to taking the following steps:
a.
Implement a pre-purchase risk assessment and analysis process?
b.
Assess the need for specific insurance policies versus identified risks?
c.
Perform detailed vendor, carrier, and product selection reviews?
d.
Perform a cost/benefit analysis for each insurance product considered?
e.
Develop a mechanism to analyze and respond to risks associated with the
purchase of insurance products?
f.
Evaluate and document alternatives?
F. Policy Elements
1.
Does the institution’s policy establish a chain of command to ensure effective senior
management and board of director oversight for all bank insurance coverage needs
and policies?
2.
Has the board of directors delegated the authority to conduct the pre-purchase
analyses and ongoing monitoring and review of existing policies and coverage to an
appropriate bank officer?
3.
Has the board ensured through its own review that the officer charged with
responsibility for insurance purchases has a working knowledge of insurance and
insurance-related products along with the appropriate qualifications and
certifications (such as insurance broker, insurance license, advanced courses on
insurance coverage)?
4.
Does the institution’s policy require that the board or an appropriate committee of
the board receive periodic updates about the status of the bank’s insurance
coverages and the need for any additional coverage?
G. Definitions
1.
Does the institution’s policy include definitions for the terms used to describe
pertinent insurance coverages consistent with the generally accepted meaning of
those terms within the commercial insurance market?
H. Risk
1.
Does the institution’s insurance purchase policy specifically require that the bank
identify, measure, monitor, and control the risks associated with the purchase of
insurance, including but not limited to the following types of risk:
a.
Transaction risk?
b.
Credit risk?
c.
Interest rate?
d.
Liquidity?
e.
Compliance?
f.
Price?
I.
Risk Management Techniques
1.
Does the institution’s policy require bank management to develop a risk analysis
process that adequately addresses the risks associated with the purchase of
insurance?
2.
Does the institution’s policy identify the minimum risk analysis steps that the bank
must take to ensure that it applies an appropriate risk management strategy,
including but not limited to the following stages:
a.
Risk identification and evaluation?
b.
Risk control?
c.
Risk treatment?
3.
For the purposes of risk identification, does the bank’s policy require a review of all
aspects of the bank’s current and potential operations?
4.
Does the institution’s policy reflect management and the board’s decision on how to
treat the risk it has identified and, in the short-term, controlled?
5.
Does the institution’s policy reflect the role that cost considerations played in the
decision on risk treatment strategies?
6.
Does the institution’s policy state the maximum loss the bank is willing to assume
or incur?
7.
Does the institution’s policy establish guidelines to ensure that a knowledgeable
underwriter is hired to help the bank in its insurance purchases?
8.
Does the institution’s policy require that the financial strength of any underwriter
considered is reviewed thoroughly prior to engagement to ensure that if a payout is
appropriate it can be funded?
9.
Do the minutes of the board of directors’ meetings reflect that the directors have
reviewed insurance risk assessments, risk loss analyses and current insurance
coverage, at least annually?
J.
Selection of a Vendor and Carrier
1.
Does the institution’s insurance purchase policy include a direction to management
to consider the optimal outlet from which to purchase an insurance policy
(indirectly, such as vendors, brokers, consultants, or agents, or directly from an
insurance company)?
2.
Does the institution’s insurance policy direct management to consider the
knowledge of the vendor regarding insurance, the amount of resources he or she can
devote to servicing the insurance relationship, and the benefits that may be
provided?
3.
Does the institution’s policy require that a credit analysis of the intended carrier is
performed consistent with safe and sound banking practices?
4.
Does the bank’s policy require a risk analysis, a pre-purchase analysis, and
consideration of the following:
a.
Complexity of the transaction?
b.
Size of the transaction?
c.
Diversification of the credit risk?
d.
Financial capacity of the bank?
e.
Financial capacity of the insurance carrier(s)?
f.
Bank’s ability to identify, measure, monitor, and control associated risks?
5.
Does the institution’s policy require that management consider the insurance
coverage in relation to the bank’s capital levels at the time of purchase?
6.
Does the bank’s insurance purchase policy require management to consider
projected increases in risk or risk probability?
7.
Does the bank’s insurance purchase policy include a requirement that management
consider all alternatives to insurance, including self-insurance?
8.
Does the institution’s policy require that the bank maintain and retain sufficient
documentation to support its analysis and conclusions regarding the purchase of
insurance products?
K. Claims
1.
Does the institution’s policy direct management to develop and implement
appropriate procedures to ensure that claims filed are complete and all other
applicable steps have been taken (for example, contacting law enforcement in the
case of theft)?
L. Bonding Claims
1.
Does the institution’s policy direct management to develop and implement
appropriate procedures to manage bonding claims, including steps intended to
manage the risks associated with book insolvency for the period of time that
between the recognition of losses and the claim payout and regulatory risks with
respect to capital guidelines?
2.
Does the institution’s policy require management to ensure that bonding claims are
monitored closely while open and that appropriate reports are provided to the
applicable regulatory agencies?
M. Recordkeeping
1.
Does the institution’s policy require that management maintain records to document
the decision-making process, including but not limited to the following:
a.
The coverage provided, detailing major exclusions?
b.
The underwriter?
c.
The deductible amount?
d.
The upper limit?
e.
The term of the policy?
f.
The dates premiums are due?
g.
The premium amount?
N. Training
1.
Does the policy require external training for individuals responsible for insurance
portfolio management activities?
2.
Does the policy require them to be current on issues and methods discussed in staff
meetings?
O. Internal Monitoring and Audits
1.
Does the institution’s policy require bank management to develop and implement
procedures to ensure that it monitors compliance with this policy, bank procedures,
and regulatory requirements with respect to purchases of insurance?
Download