210 likes | 606 Vues
16 July 2012. Page 2. Index. Internal ControlConcept and elementsControl environmentControl activitiesCommunicationMonitoringDocumentationCompliance functionInternal AuditDuties and responsibilitiesProportionality . 16 July 2012. Page 3. BUT BOTH ARE IMPORTANT ELEMENTS OF GOVERNANCE . . IN
E N D
1. 17 July 2012 Page 1 Internal Control and Internal Audit Teija Korpiaho
Malta, 8/4/2010
2. 17 July 2012 Page 2 Index Internal Control
Concept and elements
Control environment
Control activities
Communication
Monitoring
Documentation
Compliance function
Internal Audit
Duties and responsibilities
Proportionality
3. 17 July 2012 Page 3 INTERNAL CONTROL
?
INTERNAL AUDIT
4. 17 July 2012 Page 4 Article 41 - General governance requirements
5. 24.4.2009 Page 5
6. Article 46 - Internal control undertaking shall have in place an effective internal control system.
The system shall at least include
administrative and accounting procedures,
an internal control framework,
appropriate reporting arrangements at all levels of the undertaking
a compliance function. 24.4.2009 Page 6
7. Internal Control the concept A set of continually operating processes involving the administrative, management or supervisory body and all levels of personnel.
Designed to secure at least the following:
a) Effectiveness and efficiency of the undertakings operations in view of its risks and objectives;
b) Availability and reliability of financial and non-financial information; and
c) Compliance with applicable laws, regulations and administrative provisions.
The more principles (and risk) based regulation the more is required from the internal control and risk management of the undertakings
24.4.2009 Page 7
8. Elements of Internal Control Control environment
Integrity and Ethical values
Competence
Control activities
To ensure that management directives are carried out: approvals, verifications, authorizations etc.
Communication
Reporting and communication lines
All levels of the organization
Monitoring
Management and supervisory activities, activities by the personnel
Recommendations by Internal and external auditors
Compliance 24.4.2009 Page 8
9. Documentation A key element of Internal Control
Well documented = written
Approved by administrative or management body
Updated at least annually
Strategies on
Business, risk management (incl. liquidity, concentration risk, credit risk, operational risk), underwriting and reserving, investment and ALM, reinsurance, internal audit
Policies on
risk management, underwriting, remuneration, investment and ALM, internal control, outsourcing, disclosure, information
Plans on
contingency and compliance 24.4.2009 Page 9
10. Article 46 - Internal control ..
The compliance function shall include advising the administrative or management body on compliance with the laws, regulations and administrative provisions adopted pursuant to this Directive. It shall also include an assessment of the possible impact of any significant changes in the legal environment on the operations of the undertaking concerned and the identification and assessment of compliance risk.
24.4.2009 Page 10
11. Compliance Function Compliance risk = the risk of legal or regulatory sanctions, material financial loss or loss to reputation an undertaking may suffer as a result of not complying with laws, regulations and administrative provisions as applicable to its activities.
Compliance function - to ensure the undertaking comply with applicable laws and regulatory requirements.
Compliance plan
Reporting: to report any major compliance problems it identifies to the administrative or management body. 24.4.2009 Page 11
12. 17 July 2012 Page 12 The internal control system should take into consideration
The risks of the undertaking
The way undertaking is organized
The information system in use
The decision making system
Etc. etc. One size does not fit all
13. Article 47 - Internal audit Insurance and reinsurance undertakings shall provide for an effective internal audit function.
The internal audit function shall include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the system of governance. 24.4.2009 Page 13
14. Article 47 - Internal audit The internal audit function shall be objective and independent from the operational functions.
Any findings and recommendations of the internal audit shall be reported to the administrative, management or supervisory body which shall determine what actions shall be taken with respect to each of the internal audit findings and recommendations and shall ensure that these actions are carried out.
17 July 2012 Page 14
15. Internal Audit 1(2) Systematic approach to evaluate and improve
Independent
From audited activities
Own initiative
Free access to all information
Under direct control of administrative, management or supervisory body
Direct communication with staff
Free to express opinion
Effective
Resource, remuneration
Objective
24.4.2009 Page 15
16. Internal Audit 2(2) Audit charter
The purpose, authority and responsibility
Audit plan
Audit work for next year(s)
Based on risk analysis
Annually reporting to the administrative, management or supervisory body
Follow up of the recommendations
24.4.2009 Page 16
17. Proportionality All undertakings shall have internal audit function
The requirements of the directive should be proportionate to the nature, scale and complexity of the risks inherent in the business of an insurance or reinsurance undertaking.
Not the size of the undertaking!
The function must be in place but outsourcing is possible
17 July 2012 Page 17
18. 17 July 2012 Page 18 Thank you teija.korpiaho@bof.fi