sarbanes oxley 404 where do we stand cas 2004 annual meeting november 15 16 2004 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 PowerPoint Presentation
Download Presentation
Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004

Loading in 2 Seconds...

play fullscreen
1 / 38

Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004 - PowerPoint PPT Presentation


  • 289 Views
  • Uploaded on

Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004. Today’s Panel James C. Votta, Partner, Ernst & Young LLP Lise A. Hasegawa, AVP and Reserving Actuary, MetLife Auto & Home Kenneth T. Sipiora, Senior Manager, Deloitte & Touche LLP

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Sarbanes-Oxley 404 – Where Do We Stand? CAS 2004 Annual Meeting November 15 & 16, 2004


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sarbanes oxley 404 where do we stand cas 2004 annual meeting november 15 16 2004

Sarbanes-Oxley 404 – Where Do We Stand?CAS 2004 Annual MeetingNovember 15 & 16, 2004

Today’s Panel

James C. Votta, Partner, Ernst & Young LLP

Lise A. Hasegawa, AVP and Reserving Actuary, MetLife Auto & Home

Kenneth T. Sipiora, Senior Manager, Deloitte & Touche LLP

David T. Perine, Senior Manager, Ernst & Young LLP

sarbanes oxley 404 where do we stand
Sarbanes-Oxley 404 – Where Do We Stand?

Auditor Management

Company Completed Auditor Reviewed

Company Completed Auditor Completed

Company Completed Auditor Reviewed

Sign Off

Remediation

Testing

Documentation

sarbanes oxley 404 where do we stand1
Sarbanes-Oxley 404 – Where Do We Stand?
  • Survey of 950 SEC Registrants as of October 2004
    • Green = No concern with timely completion = 32%
    • Yellow = Greater than low level concern = 60%
    • Red = Significant concern = 8%
sarbanes oxley 404 where do we stand2
Sarbanes-Oxley 404 – Where Do We Stand?
  • In Scope or Out of Scope?
    • Pricing
    • IBNR Generating Systems
    • Pockets of Reserves
    • CAT Models
sarbanes oxley 404 where do we stand3
Sarbanes-Oxley 404 – Where Do We Stand?
  • What is Ahead?
    • Internal Audit Focus
    • Spitzer Investigations
    • NAIC Model Law
sarbanes oxley 404 where do we stand4

Sarbanes-Oxley 404Where Do We Stand?

Insurance Company Perspective

Lise A. Hasegawa, AVP and Reserving Actuary

MetLife Auto & Home

the metlife enterprise
The MetLife Enterprise
  • Over $300 Billion in Assets Under Management
  • Locations
    • United States
    • International – 11 Locations
  • Business segments include

■ Individual ■International

■ Institutional ■ Reinsurance

■ Auto & Home

sox the players
SOX ─ The Players
  • Steering Committee
  • Project Management Office
  • Line of Business Teams
  • Internal Auditing
  • Outside Advisor
  • External Auditor
sox the process
SOX ─ The Process
  • Identify Processes
  • Scope & Coverage
  • Process Map Activities
  • Identify Risks
  • Identify Key Controls
  • Testing
  • Action Plans
  • Review and Signoff
in scope actuarial processes
In Scope Actuarial Processes
  • Reserves
  • Reinsurance
reserving process map
Reserving Process Map

Data

Analysis

Documentation

Communication

data the risks
Data ─ The Risks
  • All loss data accounted for?
  • Loss data accurate?
  • Loss data transferred and separated accurately?
data the controls
Data ─ The Controls
  • All loss data accounted for?

Balancing reports, consistency, judgment

  • Loss data accurate?

Claims edits, audits, detective reports

  • Loss data transferred and separated accurately?

More balancing reports, consistency, judgment

next steps
Next Steps
  • Testing
  • Action Plans
  • Review
  • Sign Off
  • Repeat
lessons learned
Lessons Learned
  • Support from the top
  • Takes more effort, energy and people than you think ─ but it is worth it
  • Define the scope precisely ─ expect it to change
  • Expect guests … often … add a chair
  • Auditable proof
lessons learned1
Lessons Learned
  • Software versus Spreadsheets
  • Controls are closer than you think
  • Education for all employees
  • Take advantage of the situation
    • Learn how other processes work
    • Learn how the data is created and used
    • Improve processes
    • Eliminate risk
sarbanes oxley 404 where do we stand5

Sarbanes-Oxley 404Where Do We Stand?

Corporate Risk Management Perspective

Kenneth T. Sipiora, Senior Manager

Deloitte & Touche LLP

corporate risk management environment
Corporate Risk Management ─ Environment
  • Risk Management (broadly defined) increasingly critical to corporations, their officers and directors
    • COSO, ERM, etc.
    • Investors, Regulators, Lenders and other stakeholders demanding disclosure and independent verification of financial controls
  • Risk Management and related insurance transactions increasingly complex
  • Many large corporations have significant self-insured/retained risk
    • General/Product Liabilities, Auto Liability, Workers’ Compensation, D&O, etc.
    • Third-party service providers common
corporate risk management environment1
Corporate Risk Management ─ Environment
  • Paid losses and reserves are material to financial reporting
    • Significant cost drivers, financial statement disclosures common
    • Independent actuarial analysis
  • Variety of alternative risk financing strategies in use
    • Qualified self insurance, Captives, Finite Risk, Capital Markets, etc.
  • Risk Management Information Systems (RMIS) prevalent
    • Data warehouses, Management Reporting, Actuarial Data
  • Entity level controls (“C” level and B.O.D.) requiring greater scrutiny
    • Retain or Transfer risk?
    • Counterparty security
corporate risk management sox 404 examples
Corporate Risk Management ─ SOX 404 Examples
  • Control Objectives
  • Process Documentation
  • Testing
corporate risk management environment2
Corporate Risk Management ─ Environment
  • Reserve estimates are adequately developed, reported and monitored
    • Appropriate data is accurately documented and retained to support management estimates of liabilities.
    • Reserves are determined according to appropriate actuarial standards of practice, consistent with regulatory, GAAP and other required standards.
  • Financial reporting is timely and accurate
    • Claims activity is recorded timely and accurately in the appropriate accounting period.
    • Disbursements for premium expenses, claims payments, captive fees and other risk management expenses are validated, calculated accurately, processed completely and recorded to general ledger.
corporate risk management environment3
Corporate Risk Management ─ Environment
  • Risks are identified, quantified or transferred
    • Expected losses to be retained are quantified.
    • Commercial insurance for risk not self-insured is secured.
    • Insurance company counterparty security (financial strength) evaluated regularly.
  • Claims reporting is timely and accurate
    • Claims processing policy and procedures established by Senior Management exists and duties or claims staff and third-party administrators (TPAs) are performed accordingly.
    • TPAs or other external providers have adequate controls in place.
corporate risk management environment4
Corporate Risk Management ─ Environment
  • Self-insured risks are identified and funded by captive as appropriate
    • Captive transactions are accurately recorded in a timely manner.
    • Captive management and other service providers have adequate controls
    • Captive financial statements are timely and accurately consolidated with parent company statements.
corporate risk management sox 404 sample process documentation
Corporate Risk Management ─ SOX 404 Sample Process Documentation
  • Claims (workers’ compensation)
  • Loss reserving
  • Financial reporting
  • Captive transaction
slide25

LEGEND

Primary Control Activity Secondary Control Activity

Primary Company Level Controls Control Gap

slide26

LEGEND

Primary Control Activity Secondary Control Activity

Primary Company Level Controls Control Gap

slide27

LEGEND

Primary Control Activity Secondary Control Activity

Primary Company Level Controls Control Gap

slide28

LEGEND

Primary Control Activity Secondary Control Activity

Primary Company Level Controls Control Gap

sarbanes oxley 404 where do we stand6

Sarbanes-Oxley 404Where Do We Stand?

A Consultant’s Perspective

David T. Perine, Senior Manager

Ernst & Young LLP

what have we done to date
What Have We Done To Date?
  • Planning
    • Timing
    • Structure
    • Roles
  • Documentation
    • Business and financial processes
    • Risks
    • Controls
what have we done to date1
What Have We Done To Date?
  • Testing and Remediation
    • Remediation of controls deemed necessary as a result of the documentation phase
    • Testing of controls
    • Remediation as a result of testing
what is happening now through q1 2005
What Is Happening Now Through Q1 2005?
  • Documentation of new processes or significant changes to existing processes
  • Continued remediation
  • 4th quarter and annual testing
    • As a result of remediation of controls
    • Of 3rd and 4th quarter controls
    • Of annual controls
  • Evaluating exceptions and deficiencies
what is happening now through q1 20051
What Is Happening Now Through Q1 2005?
  • Management’s assertion on the effectiveness of internal controls
  • Auditor’s attestation to the effectiveness of internal controls
future steps commitments to sox 404
Future Steps/Commitments to SOX 404
  • Reinforce a compliance culture
    • From the top (Audit Committee, CEO, CFO, CCO)
    • SOX 404 compliance must be embedded in the company’s culture
    • Ownership of SOX 404 must reside with the company, not outside parties
    • Consider maintaining/establishing a Project Management Office
future steps commitments to sox 4041
Future Steps/Commitments to SOX 404
  • The changing role of internal audit
    • More internal control focused?
  • The role of outside consultants
    • Coaching? Support?
  • Updating documentation
    • When and by whom?
    • Peer review
future steps commitments to sox 4042
Future Steps/Commitments to SOX 404
  • Testing
    • When and by whom?
  • Remediation
  • Management’s assertion
  • Auditors attestation
  • Responding to a negative attestation?