Enterprise Risk & Assurance Management in Zurich North America
-
Upload
alvin-wyatt -
Category
Documents
-
view
14 -
download
2
description
Transcript of Enterprise Risk & Assurance Management in Zurich North America
![Page 1: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/1.jpg)
04/19/2304/19/23 11
Enterprise Risk & Assurance Enterprise Risk & Assurance Management in Zurich North Management in Zurich North
AmericaAmerica
Brian SelbyBrian SelbyMA (Audit), FIIA, QiCA, MBCS, CISAMA (Audit), FIIA, QiCA, MBCS, CISA
![Page 2: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/2.jpg)
04/19/2304/19/23 22
Zurich North AmericaZurich North America
Zurich North America, a leader in business Zurich North America, a leader in business insurance, provides property, casualty and insurance, provides property, casualty and specialty insurance and risk management solutions specialty insurance and risk management solutions to businesses throughout the United States. Zurich to businesses throughout the United States. Zurich North America also offers customers a range of North America also offers customers a range of financial services in more than 60 countries financial services in more than 60 countries worldwide through the affiliated companies of the worldwide through the affiliated companies of the Zurich Financial Services Group. Zurich Financial Services Group.
![Page 3: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/3.jpg)
04/19/2304/19/23 33
Management focus
Significant risk and control issues Risk management and control aspects of the
operations Risk identification, quantification and mitigation
procedures Reliable assurance In short (and in the news!) …..
CORPORATE GOVERNANCE
![Page 4: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/4.jpg)
04/19/2304/19/23 44
What is Corporate What is Corporate Governance?Governance?
The system by which companies are The system by which companies are directed and controlleddirected and controlled
The accountability of a board of directors The accountability of a board of directors and the chief executive to their stakeholders and the chief executive to their stakeholders and the risk management architecture and the risk management architecture underpinning the actual and perceived underpinning the actual and perceived fulfillment of this accountabilityfulfillment of this accountability
![Page 5: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/5.jpg)
04/19/2304/19/23 55
Corporate Governance Corporate Governance componentscomponents
© ICAEW, 2000 ISSN 1367-2517
![Page 6: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/6.jpg)
04/19/2304/19/23 66
Corporate Governance best Corporate Governance best practicepractice
Enterprise Risk Management (ERM):Enterprise Risk Management (ERM):– A rigorous and coordinated approach to assessing and A rigorous and coordinated approach to assessing and
responding to responding to allall risks that affect the achievement of an risks that affect the achievement of an organization’s strategic, operational and financial organization’s strategic, operational and financial objectives (a ‘portfolio’ approach)objectives (a ‘portfolio’ approach)
Chief Risk Officer (CRO)Chief Risk Officer (CRO)– Assures continuity and consistency in risk management Assures continuity and consistency in risk management
within an organization, bears direct responsibility for within an organization, bears direct responsibility for directing the organizations entire risk management directing the organizations entire risk management process. process.
![Page 7: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/7.jpg)
04/19/2304/19/23 77
The Zurich governance The Zurich governance solutionsolution
Enterprise level: Group Level GovernanceEnterprise level: Group Level Governance Chief Risk Officer: in Group Head OfficeChief Risk Officer: in Group Head Office ‘‘Local’ Risk Managers & NetworksLocal’ Risk Managers & Networks Risk Policy Manual & Procedures Risk Policy Manual & Procedures (ZRP)(ZRP) Risk Based CapitalRisk Based Capital Total Risk Profiling Total Risk Profiling (TRP)(TRP) Internal Control Assessments Internal Control Assessments (ICA)(ICA)
![Page 8: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/8.jpg)
04/19/2304/19/23 88
Strategy componentsStrategy components
Control Environment and Control ActivitiesControl Environment and Control Activities– Oversight structure and committeesOversight structure and committees– Delegated Authorities and Powers ReservedDelegated Authorities and Powers Reserved– ComplianceCompliance– SecuritySecurity– Risk management policyRisk management policy– Leadership commitment (to risk management)Leadership commitment (to risk management)
![Page 9: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/9.jpg)
04/19/2304/19/23 99
Strategy components Strategy components (continued)(continued)
Information and CommunicationInformation and Communication– Communicate business objectivesCommunicate business objectives– Communication of risk management policy & Communication of risk management policy &
goalsgoals– Internal risk reporting systemsInternal risk reporting systems– Effective management informationEffective management information
![Page 10: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/10.jpg)
04/19/2304/19/23 1010
Strategy components Strategy components (continued)(continued)
Risk AssessmentRisk Assessment– Common risk language and approachCommon risk language and approach– Identify emerging and existing risksIdentify emerging and existing risks– Source emerging and existing risksSource emerging and existing risks– Estimate, evaluate and prioritize risks identified Estimate, evaluate and prioritize risks identified – Establish accountability and actions at levels Establish accountability and actions at levels
commensurate with riskcommensurate with risk
![Page 11: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/11.jpg)
04/19/2304/19/23 1111
Strategy components Strategy components (continued)(continued)
MonitoringMonitoring– Internal monitoring (of risk management and Internal monitoring (of risk management and
internal control effectiveness)internal control effectiveness)– Risk Key Performance IndicatorsRisk Key Performance Indicators– Internal Audit roleInternal Audit role– Internal Control ReportingInternal Control Reporting
![Page 12: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/12.jpg)
04/19/2304/19/23 1212
So it’s that easy? No!!So it’s that easy? No!! This is a management cultural shiftThis is a management cultural shift A change in the “Tone at the Top” is A change in the “Tone at the Top” is
requiredrequired The strategy is prioritized:The strategy is prioritized:
– Initial actions - get momentum; early ‘wins’Initial actions - get momentum; early ‘wins’– Transform (crawl, walk, run …)Transform (crawl, walk, run …)– Target end state - level 3 of the Zurich ICA Target end state - level 3 of the Zurich ICA
maturity modelmaturity model Management Board endorsement and active Management Board endorsement and active
support for the strategy is essentialsupport for the strategy is essential
![Page 13: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/13.jpg)
04/19/2304/19/23 1313
Assurance?Assurance?
A positive declaration intended to give confidenceA positive declaration intended to give confidence Driver – the level of assurance of the effectiveness Driver – the level of assurance of the effectiveness
of risk management and control requiredof risk management and control required– Low - self-assessment reports within operationLow - self-assessment reports within operation– Medium – separate quality assurance activity within, or Medium – separate quality assurance activity within, or
commissioned by, the operationcommissioned by, the operation– High – independent assurance from Internal Audit or High – independent assurance from Internal Audit or
other advisors independent of the operationother advisors independent of the operation The higher the assurance level, the higher the costThe higher the assurance level, the higher the cost
![Page 14: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/14.jpg)
04/19/2304/19/23 1414
Assurance in Zurich North Assurance in Zurich North AmericaAmerica
Coordinate the results of review activity within the Coordinate the results of review activity within the ERM framework:ERM framework:– self-assessments on risk & control issues self-assessments on risk & control issues – underwriting auditsunderwriting audits– claims technical auditsclaims technical audits– premium auditspremium audits– profitability reviewsprofitability reviews– Internal AuditInternal Audit– External AuditExternal Audit
![Page 15: Enterprise Risk & Assurance Management in Zurich North America](https://reader035.fdocuments.us/reader035/viewer/2022071807/56812ecb550346895d946b70/html5/thumbnails/15.jpg)
04/19/2304/19/23 1515
Finally ….Finally …. Any questions?Any questions? Any ideas you would like to share?Any ideas you would like to share?
Brian
Thank you for Thank you for your attention, your attention, questions & ideas questions & ideas