Recent Searches
Helping a FTSE insurer strengthen their internal controls to mitigate risk, drive innovation and instil confidence in decision-making.
The better the question
Our client asked us to help them gain assurance in their testing strategy.
How EY can help
EY audit team can help you uncover controls that are not effectively designed and provide improvement recommendations. Learn more.
Read moreFinancial services firms are all too aware of the importance of financial controls. Getting it wrong damages reputation — especially with investors —and can lead to possible regulatory sanctions. For directors, the introduction of the Senior Managers and Certification Regime (SM&CR) also places personal accountability on them for any failings.
There has been a spotlight on internal controls since the Kingman and Brydon reviews, and the proposal of a UK version of the US Sarbanes-Oxley (SOX) act by the Department of Business, Energy and Industrial Strategy (BEIS). Regardless of whether legislative action is taken, or through what route it is enforced, internal control frameworks can take years to fully implement. With this in mind, our client knew that they needed to act immediately.
Internal controls are critical to setting and achieving strategic and operational objectives. Improved transparency over processes and clear ownership enables better financial reporting, allowing management to make informed decisions based on accurate data. From a risk perspective, having robust controls helps identify threats to the firm, detects any irregularities or fraud and helps comply with relevant regulations.
Our client, a large global insurer, wanted us to look at their control testing. This presented significant difficulties around the scale of their geographic footprint and operations. With a significant presence in the UK, mainland Europe and North America, they wanted to ensure consistency in their approach. This meant working within the different control requirements of each jurisdiction. It also needed complex testing and assurance across hundreds of models across numerous divisions and product lines, including general insurance, life insurance and annuities.
The better the answer
Managing risk, whilst giving our client the confidence and space to innovate.
Our initial efforts focussed on a thorough review of all key controls. This included checking 1000 financial controls, as well as over 800 end user computing (EUC) controls, which focus on the risks arising from complex spreadsheets and internal tools. Over 200 financial models were also tested to ensure that they worked as designed. Key to this assurance testing was our experience of internal control testing for global insurance firms, including working on US SOX projects.
We helped our client standardise their approach and gain assurance over the quality of their framework. Our team then identified what controls needed improving and worked with the client to define a remediation program, that focused on mitigating the key risks in their end user controls.
Several use cases were identified where manual uploading was slowing down systems and exposing the insurer to operational risks. Using our firm-wide capabilities in data and automation, we demonstrated how robotic process automation could help improve the speed and efficiency of their mass uploading, by automating uploads and downloads from a database system. This solution was tailored to the needs of our client, saving hundreds of hours, freeing up teams to spend more time on value-added tasks.
To improve the transparency of their reporting, we also designed, built and tested an interactive dashboard that allows the finance team to monitor testing progress and outputs for all their financial controls and end user controls. The dashboard provides real-time access, allowing them to manage risk, capture insights and substantiate key business decisions made by senior finance leaders. This has enabled them to review hundreds of data points instantly, highlighting the key issues on a live and dynamic basis. Our work also required careful engagement with the teams managing the controls, who were not used to facing such a high level of external scrutiny. We became a trusted partner and an extension of the insurer’s finance team. The key to success was an environment of mutual understanding and trust across divisions — all achieved in a virtual working environment during the COVID-19 pandemic. Our experience and adaptability allowed us to work seamlessly together, offering a huge level of flexibility to deal with unforeseen challenges.
Risk management does not need to limit innovation and productivity. Our dashboard is a key example of this, as it has enabled live analysis and understanding of controls across the business. In fact, enhanced risk management can provide a safer environment, giving firms confidence and space to innovate.
The better the world works
Better financial controls for a safer, more successful future.
Our client now has a financial control framework that is much closer to the level that US firms must comply with. They have confidence that their controls are working as designed and have been subjected to a high level of challenge and insight. This has increased control understanding across the business. We have also enhanced the efficiency of their control testing and identified historic control failures, improving their overall business operation and management accountability.
As managements understanding of controls has improved, they have demonstrated increased accountability for control performance. Better controls mean management are more confident that they are making the right decisions based on accurate data. This will make a real difference to the client. Since US SOX was introduced, we have seen that US filers have around 90% less financial restatements, demonstrating better data. We expect the same impact for UK firms that comply with a UK SOX style regime. It also means less work for an external auditor, leading to lower audit fees. Other UK financial institutions should be giving serious consideration to their internal controls, given the benefits on offer and the possibility of a UK SOX framework being introduced.
Regulators want to see firms modernise and invest in their financial controls. It is key to ensuring public confidence that the numbers firms report on are accurate. It matters to us all, as either direct investors or through our pension investments.
Our support has not stopped there. Our team continue to work with the insurer to improve its control frameworks, suggest new initiatives, oversee and monitor progress. We are helping them raise the standard for insurers.
Robust internal controls are only increasing in importance. Insurers are continuing to use technology to boost their operations, accelerated by COVID-19. Consequently, many may look to build a completely new, SOX-compliant control system. Our client is already on the journey and is well placed to lead the way.
How EY can help
As more companies list on the US stock exchange and regulatory oversight intensifies, we can help you implement a robust Sarbanes-Oxley framework.
Read moreEY’s UK Corporate Governance team provides guidance and thought leadership on governance issues to help our clients, and to contribute to wider discussions on governance.
Read more
