Administrative audits are a certainty in today’s reinsurance industry.
And whether you’re a seasoned veteran auditor or a first time auditee, you’ll likely have the same question crossing your mind; “What are the findings going to be?”
In many cases, as a reinsurance auditor with new staff or an untested or unproven audit program in place, you want to ensure that your audit team is providing an appropriate attestation of the auditees control environment.
Whatever the context, to help you prepare for that upcoming audit, I’ve included a list of five common control gaps that our team of administrative audit experts have come across when auditing on behalf of our Reinsurance clients.
1. There’s no evidence
Believe it or not, one of the most common issues found by the auditors is that despite having a well-controlled process in place, you’re still unable to prove to auditors that those controls were actually performed. This typically occurs in regular/recurring tasks (i.e. checking the daily exception report).
2. There's insufficient evidence
Auditors want to be able to rely on the evidence provided to demonstrate that the control was performed as designed (not just rubber stamped). As a result, the requirements for evidence have become much more comprehensive. A simple signature and date on a report may no longer satisfy the auditor as proof that a review was performed. In these cases, an auditor will look to see if notes were made on the report, or if the approval included a detailed explanation of what was being approved.
PRO TIP: TAKE NOTES!
Nowadays, a simple signature and date may not be enough evidence for your auditors. Taking notes throughout the process may serve as more valid verification and proof to your auditors that actions were taken and controls were performed.
3. Segregation of duties
Ensuring that key tasks are distributed across multiple staff is key in preventing fraud and theft within your organization. Segregation of responsibilities is usually an issue that is more prevalent in smaller teams, where staff take on a greater breadth of responsibilities and/or there are insufficient peer/management reviews and approvals in place.
4. Process changes made in other departments
Often controls or procedures done in one area address risks in a number of different areas. Relying on controls performed in other departments/areas can greatly reduce the duplication of effort within an organization. That said, as processes evolve over time, changes in staffing or systems may result in the adjustment of procedures. It is important to periodically confirm that the controls performed by other areas still address the risks within yours.
5. No clear control owner
A common response an auditor will hear when they ask who is performing a specific review or control is “that’s done by another team or department”. The real problem arises when everyone assumes that a control is being performed elsewhere, when in fact the control is not being performed at all. To ensure that this doesn’t occur in your company, an owner should be assigned to each control, who is responsible for ensuring the control is completed on a timely basis.
What are some of the gaps that you’ve seen in conducting on-site audits?! How robust was the administrative audit program in place? Which of the following areas had the most room for improvement:
- Sample selection for individual case testing
- Treaty review & compliance
- Premium calculation testing
- Data Integrity
- Review of conversions and changes
- Review of administrative process and controls
- Retention management
If you checked off one or more of the above mentioned areas – our administrative audit training and mentoring program and administrative audit program design services would be of great value to you.
Our years of expertise in administrative audits have led us to develop sound internal control procedures for our outsourced reinsurance administration practice.
I’d like to invite you to learn more about how our audit experts can help you improve your internal or external audit capabilities.