Definition
- Internal control
is broadly defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
Tone at the Top
A good system of internal control begins, first and foremost with a high level of corporate integrity and ethical values.
A positive “tone at the top” is prerequisite for establishing appropriate policies and procedures at all organizational levels.
The commitment to a positive tone at the top begins with the organization’s board of directors, audit committee, and chief executive officer and filters down through all levels of corporate management.
Objectives of Internal Control System
Accomplishment of Organizational Objectives
Management is responsible for defining and establishing the organization’s basic business objectives.
An internal control system by itself cannot ensure that an entity will achieve its basic business objectives.
Objectives of Internal Control System
Safeguard Assets
Internal control systems should take into consideration such factors as prevention of the asset/resource loss through theft, waste, or inefficiency. In addition, considerations such as selling the product at too low a price, extension of credit to bad risks, failing to retain key employees, taking steps to prevent patent infringement, and incurring unforeseen liabilities or contingencies should be factored into an effective internal control system.
Objectives of Internal Control System
- Integrity and Reliability of Reporting
1. Financial Reporting
2. Management Information
Internal control systems should be designed to ensure that financial reporting and management information is reliable and useful.
Management information is needed at all levels of the organization to run the business and to achieve the entity’s objectives
Objectives of Internal Control System
Effectiveness and Efficiency of Operations
The COSO Report suggests an internal control system is effective when the board of direc- tors and management have reasonable assurance that:
- They understand the extent to which the entity’s operations objectives are being achieved.
- Published financial statements are being prepared reliably.
- There is compliance with applicable laws and regulations.
(Committee of Sponsoring Organizations of the Treadway Commission) COSO
Objectives of Internal Control System
Cost/Benefit Considerations
The decision to implement a particular internal control system is influenced greatly by the resources and associated costs that are needed and the perceived benefits of it.
- Element of an Internal Control System
Internal control system components can be divided into two categories:
(1) basic features applicable to all internal control systems, and
(2) specific control features applicable to the life insurance industry.
Elements Of An Internal Control System
two categories: (1) basic features applicable to all internal control systems, and (2) specific control features applicable to the life insurance industry.
- Basic Internal Control Features?
Budget Authorization Procedures Personnel Policies and Practices Segregation of Duties Physical Controls Documentation and Communication Monitoring Information Systems Controls
Elements Of An Internal Control System
two categories: (1) basic features applicable to all internal control systems, and (2) specific control features applicable to the life insurance industry.
Basic Internal Control Features
Budgeting
A primary function of management in determining whether corporatewide controls are being followed lies in developing realistic budgets and comparing actual perform- ance with expected performance.`
Elements Of An Internal Control System
two categories: (1) basic features applicable to all internal control systems, and (2) specific control features applicable to the life insurance industry.
Basic Internal Control Features
Segregation of Duties
There are four basic segregation rules that contribute to the effectiveness of an internal control system:
1) segregating custody of assets from accounting;
2) segregating custody of assets from authorization;
3) segregating record keeping from operations; and
4) separating individual accounting tasks.
Elements Of An Internal Control System
two categories: (1) basic features applicable to all internal control systems, and (2) specific control features applicable to the life insurance industry.
Basic Internal Control Features
Monitoring
is the process that assesses the quality and effectiveness of an internal control system over time. This process is used first to ensure that existing controls are working, and second to ensure that changes to the control system are proper and func- tioning as expected.
Elements Of An Internal Control System
two categories: (1) basic features applicable to all internal control systems, and (2) specific control features applicable to the life insurance industry.
- Basic Internal Control Features
Information Systems Controls
Information systems controls are typically classified into two groups, general and application controls.
General controls are those which apply to many if not all appli- cations processed by the data center. Application controls are those which are written for and used to control the processing of a single application. Together these controls help ensure the accuracy and validity of the information obtained through the system.
- General controls, which can apply to all sizes and types of computer systems, typi- cally include controls related to the data center operations, system software, applica- tion development, and system and file access.
- Application controls are built into each application and are designed to control the completeness and accuracy of transaction processing.
Specific Life Insurance Accounts and Activities
- Accounts or activities that are unique to the insurance industry include:
Underwriting and Premium Income Benefits and Claim Liabilities Policy Reserves and Insurance In-force Agent Commissions Reinsurance
Roles and Responsibilities
*Five particular groups play key roles in the development, maintenance, and testing of the internal control system.
(1) the board of directors,
(2) audit committee,
(3) operating management,
(4) internal auditors, and
(5) independent auditors.
Roles and Responsibilities
These groups are: (1) the board of directors, (2)
audit committee, (3) operating management, (4) internal auditors, and (5) independent auditors.
Board of Directors
Has the ultimate responsibility for the internal control system.
Roles and Responsibilities
Five particular groups play key roles in the development, maintenance, and testing of the internal control system. These groups are: (1) the board of directors, (2)
audit committee, (3) operating management, (4) internal auditors, and (5) independent auditors.
Audit Committees
Typical responsibilities of the audit committee?
Typical responsibilities of the audit committee would include the following:
• Oversight of the annual and interim financial reporting processes and the company’s internal control system
- Oversight of the internal audit function and the annual internal audit plan, meeting regularly with the internal auditors to review internal audit results
- Review of management’s annual process in engaging the company’s independent auditors
- Meeting regularly with the company’s independent auditors: a preaudit meeting normally addressing the auditors plans for the annual audit, and postaudit/postreview meetings normally addressing the auditors’ findings
- Review and discussion of audited financial statements with company management
- Communicating to shareholders and/or policyholders, through the company’s Annual Report and Proxy Statement, the committee’s responsibilities and activities during the year
Roles and Responsibilities
Five particular groups play key roles in the development, maintenance, and testing of the internal control system. These groups are: (1) the board of directors, (2)
audit committee, (3) operating management, (4) internal auditors, and (5) independent auditors.
Operating Management
Operating management should:
• Confirm their commitment to integrity and ethical values in their selection of subordinates
• Document and maintain evaluations of internal control systems under their areas of responsibility
• Continually challenge and cost justify the
effectiveness of the controls for which they are responsible
- Investigate and resolve control questions and problems brought to their attention from their subordinates
- Recommend to appropriate levels of management suggestions for improvement in existing control systems
- Accept the accountability commensurate with the responsibility for the controls entrusted to them
Roles and Responsibilities
Five particular groups play key roles in the development, maintenance, and testing of the internal control system. These groups are: (1) the board of directors, (2)
audit committee, (3) operating management, (4) internal auditors, and (5) independent auditors.
Internal Auditors
The standards developed by the Institute of Internal Auditors are:
The primary responsibility for evaluating the operation and effectiveness of internal control systems usually rests with the internal auditors.
The standards developed by the Institute of Internal Auditors are:
• Reliability and Integrity of Information
• Compliance with Policies, Plans, Procedures, Laws, and Regulations
• Safeguarding of Assets
• Economical and Efficient Use of Resources
• Accomplishment of Established Objectives and Goals for Operations or Programs
Roles and Responsibilities
Five particular groups play key roles in the development, maintenance, and testing of the internal control system.
Internal Auditors
the internal audit function will be established through an internal audit charter or policy statement approved by the audit committee or the board of directors. At a minimum, the charter should comprehend the following:
- Internal audit is an independent appraisal activity
- Internal audit’s authority includes the full, free, and unrestricted access to all company records, assets, and personnel
- Internal audit should receive full support and cooperation of all levels of company management
- Internal audit’s responsibilities
- Internal audit should be notified of suspected or known fraudulent or illegal activities and proposals for new or modified systems, procedures and products
Roles and Responsibilities
Five particular groups play key roles in the development, maintenance, and testing of the internal control system. These groups are: (1) the board of directors, (2)
audit committee, (3) operating management, (4) internal auditors, and (5) independent auditors.
Independent Auditors
- Under the Sarbanes-Oxley Act of 2002 (SOA), independent auditors of public companies are now prohibited from performing specific non-audit services contemporaneously with an audit. Examples include bookkeeping and other services, financial systems designs and implementations, internal audit outsourcing services, and actuarial services.
- Additionally, the SOA requires that public company auditors’ appointment, compensation and oversight be the direct responsibility of the audit committee, and that the audit committee be responsible for the preapproval of any non-audit services performed by independent auditors.
- The SOA also mandates audit partner rotation on a five-year basis, and requires the Comptroller General to conduct a study of the effect of requiring mandatory rotation of independent auditing firms (of public companies).
- Finally, the SOA requires that each public accounting firm provide a report to the audit committee of the applicable public company regarding accounting policies and practices utilized
Insurance Marketplace Standards and Associations (IMSA)
IMSA’s goal is that through increased focus on six areas of insurance marketing policies and procedures, member companies will not only assure compliance with laws and regulations
Through its Principles and Code of Ethical Market Conduct, IMSA promotes the development of sound market conduct practices through six areas of insurance.
-
Chapter 251
-
Chapter 358
-
Chapter 427
-
Chapter 521
-
Chapter 655
-
Chapter 718
-
Chapter 823
-
Chapter 918
-
Chapter 1018
-
Chapter 1120
-
Chapter 1237
-
Chapter 1317
-
Chapter 1425
-
Chapter 1520
-
Chapter 1626
-
Chapter 17 - Budget24
-
Chapter 18 - Strategic Planning8
-
Chapter 19 - Management reports18
-
Chapter 20 - Mergers and Acquisitions20
-
Chapter 2120
-
Chapter 2220
-
Chapter 24 - Internal Control22
-
Chapter 25 - Reinsurance25
-
Chapter 262
