Enterprise Risk & Assurance Management in Zurich North America
-
Upload
alvin-wyatt -
Category
Documents
-
view
14 -
download
2
description
Transcript of Enterprise Risk & Assurance Management in Zurich North America
04/19/2304/19/23 11
Enterprise Risk & Assurance Enterprise Risk & Assurance Management in Zurich North Management in Zurich North
AmericaAmerica
Brian SelbyBrian SelbyMA (Audit), FIIA, QiCA, MBCS, CISAMA (Audit), FIIA, QiCA, MBCS, CISA
04/19/2304/19/23 22
Zurich North AmericaZurich North America
Zurich North America, a leader in business Zurich North America, a leader in business insurance, provides property, casualty and insurance, provides property, casualty and specialty insurance and risk management solutions specialty insurance and risk management solutions to businesses throughout the United States. Zurich to businesses throughout the United States. Zurich North America also offers customers a range of North America also offers customers a range of financial services in more than 60 countries financial services in more than 60 countries worldwide through the affiliated companies of the worldwide through the affiliated companies of the Zurich Financial Services Group. Zurich Financial Services Group.
04/19/2304/19/23 33
Management focus
Significant risk and control issues Risk management and control aspects of the
operations Risk identification, quantification and mitigation
procedures Reliable assurance In short (and in the news!) …..
CORPORATE GOVERNANCE
04/19/2304/19/23 44
What is Corporate What is Corporate Governance?Governance?
The system by which companies are The system by which companies are directed and controlleddirected and controlled
The accountability of a board of directors The accountability of a board of directors and the chief executive to their stakeholders and the chief executive to their stakeholders and the risk management architecture and the risk management architecture underpinning the actual and perceived underpinning the actual and perceived fulfillment of this accountabilityfulfillment of this accountability
04/19/2304/19/23 55
Corporate Governance Corporate Governance componentscomponents
© ICAEW, 2000 ISSN 1367-2517
04/19/2304/19/23 66
Corporate Governance best Corporate Governance best practicepractice
Enterprise Risk Management (ERM):Enterprise Risk Management (ERM):– A rigorous and coordinated approach to assessing and A rigorous and coordinated approach to assessing and
responding to responding to allall risks that affect the achievement of an risks that affect the achievement of an organization’s strategic, operational and financial organization’s strategic, operational and financial objectives (a ‘portfolio’ approach)objectives (a ‘portfolio’ approach)
Chief Risk Officer (CRO)Chief Risk Officer (CRO)– Assures continuity and consistency in risk management Assures continuity and consistency in risk management
within an organization, bears direct responsibility for within an organization, bears direct responsibility for directing the organizations entire risk management directing the organizations entire risk management process. process.
04/19/2304/19/23 77
The Zurich governance The Zurich governance solutionsolution
Enterprise level: Group Level GovernanceEnterprise level: Group Level Governance Chief Risk Officer: in Group Head OfficeChief Risk Officer: in Group Head Office ‘‘Local’ Risk Managers & NetworksLocal’ Risk Managers & Networks Risk Policy Manual & Procedures Risk Policy Manual & Procedures (ZRP)(ZRP) Risk Based CapitalRisk Based Capital Total Risk Profiling Total Risk Profiling (TRP)(TRP) Internal Control Assessments Internal Control Assessments (ICA)(ICA)
04/19/2304/19/23 88
Strategy componentsStrategy components
Control Environment and Control ActivitiesControl Environment and Control Activities– Oversight structure and committeesOversight structure and committees– Delegated Authorities and Powers ReservedDelegated Authorities and Powers Reserved– ComplianceCompliance– SecuritySecurity– Risk management policyRisk management policy– Leadership commitment (to risk management)Leadership commitment (to risk management)
04/19/2304/19/23 99
Strategy components Strategy components (continued)(continued)
Information and CommunicationInformation and Communication– Communicate business objectivesCommunicate business objectives– Communication of risk management policy & Communication of risk management policy &
goalsgoals– Internal risk reporting systemsInternal risk reporting systems– Effective management informationEffective management information
04/19/2304/19/23 1010
Strategy components Strategy components (continued)(continued)
Risk AssessmentRisk Assessment– Common risk language and approachCommon risk language and approach– Identify emerging and existing risksIdentify emerging and existing risks– Source emerging and existing risksSource emerging and existing risks– Estimate, evaluate and prioritize risks identified Estimate, evaluate and prioritize risks identified – Establish accountability and actions at levels Establish accountability and actions at levels
commensurate with riskcommensurate with risk
04/19/2304/19/23 1111
Strategy components Strategy components (continued)(continued)
MonitoringMonitoring– Internal monitoring (of risk management and Internal monitoring (of risk management and
internal control effectiveness)internal control effectiveness)– Risk Key Performance IndicatorsRisk Key Performance Indicators– Internal Audit roleInternal Audit role– Internal Control ReportingInternal Control Reporting
04/19/2304/19/23 1212
So it’s that easy? No!!So it’s that easy? No!! This is a management cultural shiftThis is a management cultural shift A change in the “Tone at the Top” is A change in the “Tone at the Top” is
requiredrequired The strategy is prioritized:The strategy is prioritized:
– Initial actions - get momentum; early ‘wins’Initial actions - get momentum; early ‘wins’– Transform (crawl, walk, run …)Transform (crawl, walk, run …)– Target end state - level 3 of the Zurich ICA Target end state - level 3 of the Zurich ICA
maturity modelmaturity model Management Board endorsement and active Management Board endorsement and active
support for the strategy is essentialsupport for the strategy is essential
04/19/2304/19/23 1313
Assurance?Assurance?
A positive declaration intended to give confidenceA positive declaration intended to give confidence Driver – the level of assurance of the effectiveness Driver – the level of assurance of the effectiveness
of risk management and control requiredof risk management and control required– Low - self-assessment reports within operationLow - self-assessment reports within operation– Medium – separate quality assurance activity within, or Medium – separate quality assurance activity within, or
commissioned by, the operationcommissioned by, the operation– High – independent assurance from Internal Audit or High – independent assurance from Internal Audit or
other advisors independent of the operationother advisors independent of the operation The higher the assurance level, the higher the costThe higher the assurance level, the higher the cost
04/19/2304/19/23 1414
Assurance in Zurich North Assurance in Zurich North AmericaAmerica
Coordinate the results of review activity within the Coordinate the results of review activity within the ERM framework:ERM framework:– self-assessments on risk & control issues self-assessments on risk & control issues – underwriting auditsunderwriting audits– claims technical auditsclaims technical audits– premium auditspremium audits– profitability reviewsprofitability reviews– Internal AuditInternal Audit– External AuditExternal Audit
04/19/2304/19/23 1515
Finally ….Finally …. Any questions?Any questions? Any ideas you would like to share?Any ideas you would like to share?
Brian
Thank you for Thank you for your attention, your attention, questions & ideas questions & ideas