internal audit in solvency ii mag. angela witzany cia sparkassen versicherung ag vienna insurance...
TRANSCRIPT
Internal Audit in Solvency IIInternal Audit in Solvency II
Mag. Angela Witzany CIA
Sparkassen Versicherung AG
Vienna Insurance Group
Mag. Angela Witzany Internal Audit in Solvency II 2
10 Years Ago10 Years Ago
Dot com bubble explodet WorldCom bankruptsy as highest damage
till 2002 : 80 billions US$ Fraudulent Top Management In fraud involved statutory auditors Disclosure by Whistleblowers Whistleblowing Internal Auditors
Mag. Angela Witzany Internal Audit in Solvency II 3
Sarbanes Oxley ActSarbanes Oxley Act
Reaction to Enron, WorldCom etc. US listed companies and worldwide subsidiaries Installation of the Public Company Accounting
Oversight Board (PCAOB) Internal Control Over Financial Reporting
Requirements (Sec. 404) Whistleblowerprocedure under responsibility of
audit committee Whistleblower protection
Mag. Angela Witzany Internal Audit in Solvency II 4
SOX TodaySOX Today
Biggest World Economic Crisis in the history Lehman Bancruptcy with accounting fraud
Whistleblower was fired, statutory auditor did nothing Madoff‘s Ponzi Scheme
SEC ignored the whistleblower 8 years The expenditure of SOX outweights the benefits AIG, till then largest insurance of the world:
rescued by US government with 200 billions US$ AIG difficulties were not caused by its insurance operations but by
its rash involvement in complex financial instruments such as credit default swaps
Federal regulator: OTS (Office of Thrift Supervision)Responsible for Savings and Loans Companies
Dodd – Frank Wall Street Reform and Consumer Protection Act 2010 – Three new regulators ?
Mag. Angela Witzany Internal Audit in Solvency II 5
EU Directive on statutory auditsEU Directive on statutory audits
EU Directive 2006/43: Not an European SOX Since public – interest entities have a higher
visibility and economically more important, stricter requirements should apply in the case of a statutory audit of their annual or consolidated accounts.Directive 2006 / 43 Wheras 23
„Public – interest entities“ means entities … whose transferable securities are admitted to trading on a regulated market, credit institutions and insurance undertakings.Directive 2006 / 43 Article 2 / 13
Mag. Angela Witzany Internal Audit in Solvency II 6
Audit Committee Audit Committee in Public – Interest Entitiesin Public – Interest Entities
Audit committees and an effective internal control system help to minimise financial, operational and compliance risks, and enhance the quality of financial reporting. Directive 2006 / 43 Whereas 24
Each public – interest entity shall have an audit committee. At least one member of the audit committee shall be
independent an shall have competence in accounting and / or auditing.
Member states may permit the functions assigned to the audit committee be performed by the administrative or supervisory body as whole.Directive 2006 / 43 Article 41 / 1
Mag. Angela Witzany Internal Audit in Solvency II 7
Audit Committee and IAAudit Committee and IA
Whithout prejudice the responsibility of the members of the administrative, management or supervisory bodies …. the audit committee shall, inter alia:
monitor the financial reporting process, monitor the effectiveness of the company‘s internal control,
internal audit where applicable and risk management systems,
monitor the stuary audit of annual and consolidated accounts,
Review and monitor the independence of the statutory auditor.Directive 2006 / 43 Article 41 / 2
Mag. Angela Witzany Internal Audit in Solvency II 8
Objectives of regulationObjectives of regulation
The main objective of insurance and reinsurance regulation and supervision is the adequate protection of policy holders and beneficiaries.
The term beneficiaries is intended to cover any natural or legal person who ist entitled to a right under an insurance contract.
Financial stability and fair stable markets are other objectives of insurance and reinsurance regulations and supervision.Directive 2009 / 138 Whereas 16
Mag. Angela Witzany Internal Audit in Solvency II 9
Necessity of Solvency IINecessity of Solvency II
The protection of policy holders presupposes that insurance and reinsurance undertakings are subject of effective solvency requirements that result in an efficient allocation of capital across the European Union.
In light of market development the current system is no longer adequate.
It is therefore necessary to introduce a new regulatory framework.Directive 2009 / 138 Whereas 14
Mag. Angela Witzany Internal Audit in Solvency II 10
Importance of Governance SystemImportance of Governance System
Some risks may only be properly addressed through the quantitative requirements reflected in the Solvency Capital Requirements.
An effective system of governance is therefore essential for the adequate management of the insurance undertaking and for the regulatory system.Directive 2009/138/EC Whereas 29
Mag. Angela Witzany Internal Audit in Solvency II 11
Key FunctionsKey Functions
The System of Governance includes the risk – management function, the compliance function, the internal audit function and the actuarial function.Directive 2009 / 138/ EC Whereas 30
The functions included in the system of governance are considered to be key functions and consequently also important and critical functions.Directive 2009 / 138 / EC Whereas 33
Mag. Angela Witzany Internal Audit in Solvency II 12
FunctionsFunctions
A function is an administrative capacity to undertake particular governance tasks.
The identification of a particular function does not prevent the undertaking from freely deciding how to organise the function in practice. It should be possible to be staffed by own staff, to rely on advice from outside experts or be outsourced.Directive 209 / 38 / EC Whereas 31
Furthermore, save as regards the internal function, in smaller and less complex undertakings it should be possible for more than one function to be carried out by a single person or organisational unit. Directive 209 / 38 / EC Whereas 32
Mag. Angela Witzany Internal Audit in Solvency II 13
Fit and ProperFit and Proper
All persons that perform key functions should be fit and proper.Directive 2009 / 138 / EC Whereas 34
Fit: Professional qualifications, knowledge and experience are adequate to enable sound and prudent management.
Proper: Good repute and integrity.Directive 2009 / 138 / EC Article 42 / 1 / a, b
Mag. Angela Witzany Internal Audit in Solvency II 14
Internal ControlInternal Control
Insurance an reinsurance undertakings shall have in place an effectice internal control system.
The system shall at least include administrative and accounting procedures, an internal control framework, appropriate reporting arrangements at all levels of the undertaking and a compliance funktion.Directive 2009 / 138 Article 46 / 1
Mag. Angela Witzany Internal Audit in Solvency II 15
ComplianceCompliance
The compliance function shall include advising the administrative, management or supervisory body on compliance with the laws, regulations and administrative provisions adopted pursuant to this Directive.
It shall also include an assessment of the possible impact of any changes in the legal environment on the operations of the undertaking concerned and the identification and assessement of compliance risk.Directive 2009 /138 Article 46 / 2
Mag. Angela Witzany Internal Audit in Solvency II 16
Risk ManagementRisk Management
Insurance and reinsurance undertakings shall have in place an effective risk – management system, comprising strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report, on continuous basis the risks, at an individual and at an aggregated level, to wich they are or could be exposed, and their independencies.
The risk – management system shall be effective an well integrated into the organisationel structure and in the decision making process … with proper consideration of the persons who effectively run the undertaking or have other key functions.Directive 2009 / 138 Article 44 / 1
Mag. Angela Witzany Internal Audit in Solvency II 17
Covered RisksCovered Risks
The risk – management system shall cover the risks to be included in the calculation of the Solvency Capital Requirement (Article 101/4) as well as the risks which are not or not fully included in the calculation thereof.
The risk – management system shall cover at least the following areas: underwriting and reserving; asset – liability management; investment, in particular derivates and similar commitments; liquidity and concentration risk management; operational risk management; reinsurance and other risk – mitigation techniques.Directive 2009 / 138 Article 44 / 2
Mag. Angela Witzany Internal Audit in Solvency II 18
Internal Audit 1Internal Audit 1
Insurance and reinsurance undertakings shall provide for an effective internal audit function.
The internal audit function shall include an evaluation of the adequacy and effectiveness of the internal control system [ including compliance function ] and other elements of the system of governance [ including risk management and actuarial function ].Directive 2009 / 138 / EC Article 47 / 1
Mag. Angela Witzany Internal Audit in Solvency II 19
Internal Audit 2 + 3Internal Audit 2 + 3
The internal audit function shall be objective and independent from the operational functions.
Any findings and recommendations of the internal audit shall be reported to the administrative, management or supervisory body which shall determine what actions are to be taken with respect to each of the internal audit findings and recommendations and shall ensure that those actions are carried out.Directive 2009 / 138 / EC Article 47 2 / 3
Mag. Angela Witzany Internal Audit in Solvency II 20
OutsourcingOutsourcing
Insurance and reinsurance undertakings remain fully responsible for discharging all of their obligations under this Directive when they outsource functions or any insurance or reinsurance activities.Directive 2009 / 138 Article 49 / 1
Outsourcing of critical or important operational functions or activities shall not be undertaken in such way as to lead to any as the following: materially impairing the quality of the system of governance of the untertaking concerned; unduly increasing the operational risk; impairing the ability of the supervisory authorities to monitor the compliance of the undertaking with ist obligations; undermining continuous and satisfactory service to policy holders.Directive 2009 / 138 Article 49 / 2
Mag. Angela Witzany Internal Audit in Solvency II 21
Risk Level / Audit IntensityRisk Level / Audit Intensity
1 – management, 2 – actuary, 3 – asset management, 4 – sales, 5 – marketing, 6 - legal
0
10
20
30
40
50
60
70
80
90
1 2 3 4 5 6
risk
audit
Mag. Angela Witzany Internal Audit in Solvency II 22
Risk Level / Audit IntensityRisk Level / Audit Intensity
1 – general administration, 2 – HR administration, 3 – underwriting, 4 – claims, 5 – controlling, 6 - accounting
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6
Risk
Audit
Mag. Angela Witzany Internal Audit in Solvency II 23
Characteristics of IACharacteristics of IA
1 – correct, 2 – helpful, 3 – independent,4 – innovative, 5 – objective
0102030405060708090
100
1 2 3 4 5
IA
Board
Mag. Angela Witzany Internal Audit in Solvency II 24
Contribution of IA to Company‘s Contribution of IA to Company‘s success, growth and securitysuccess, growth and security
0102030405060708090
100
success growth security
IA
Board
Mag. Angela Witzany Internal Audit in Solvency II 25
Summary ISummary I
Neither the economic system nor the managers nor the internal auditors did learn anything from the dot com bubble.
Ad hoc regulations like SOX are expensive and not really effective.
Solvency II is a modern, wellprepared frame work for the European insurance industry.
Capital requirement will depend on accepted risks. The governance reqirements are as important as
the quantitative capital requirements.
Mag. Angela Witzany Internal Audit in Solvency II 26
Summary IISummary II
Risk Management , compliance, actuary and Internal Audit are key functions.
Internal Audit is the only key function, which is not allowed to be merged with other functions.
Responsible for key function as Internal Audit have to be fit and proper.
Internal Audit has to evaluate the internal control system and the other key functions.
As researches show, Internal Audit needs immediatly a change of image.
Mag. Angela Witzany Internal Audit in Solvency II 27
ConclusionConclusion
To fulfill all requirements and chances of Solvency II, Internal Audit needs a change in personal competence and in special knowledge.
IA has to work more risk orientated as today. IA has to accept gaps in knowledge and have to insource
missing capacities. IA is a part of internal control and therefore not a part or an
assistant of the Supervisory Authority. Top Management, Internal Audit and the Supervisory Board
have to agree about the goals of Internal Audit and are obliged to work together respectfully and trustingly and not because of public regulations.
Mag. Angela Witzany Internal Audit in Solvency II 28
Thank you for your attention!
If you need any additional information, feel free to contact me:
Mag. Angela Witzany, [email protected]