The fundamentals: 5 key principles for robust and secure insurance auditing
An insurance audit can surface insight that help navigate a businesses’ growth trajectory. Best practice insurance audits are underpinned by these 5 principles.
- Integrity: The integrity of internal auditors is pivotal to delivering a trusted and reliable judgement. With potential implications around compliance and profits, this is an area that cannot be ignored in insurance auditing.
- Objectivity: Objectivity in communicating, gathering and evaluating data is critical to ensure insurance auditors deliver a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgements. This ensures fairness in evaluating the financial position of the company.
- Confidentiality: With an insurance audit, it is vital that auditors respect the value and ownership of information and do not disclose information without appropriate authority, or a legal or professional obligation to do so.
- Security: Given the increasing cyber threats that insurance businesses now face, it is critical that insurance audits and auditors follow strict data security and protection protocols.
- Competency: Specialised insurance knowledge is a critical component to a successful insurance audit. Oftentimes, law firms without the requisite technical expertise are called upon to help with audits, which is not recommended.
The 5 key components of a robust insurance audit:
1: Document collation
Collating all relevant documentation to commence the audit process is a complex process, but one which the insurance audit depends upon.
Documentation required for this process includes:
- Claims and policy issuance data.
- General ledger balances as well as pertinent MGA, TPA, or other agreements with third parties.
- Relevant personnel documents.
- Corporate governance.
- IT policies and procedures.
2: Process mapping
Process mapping ensures that the complexity of a business process does not block anything or cause operational issues. Responsibilities, success indicators and quality assurance all fall within the area of process mapping. There are a number of key tasks involved:
- Documenting the control environment relating to existing claims.
- Policy issuance workflow and regulatory compliance procedures.
- Establishing existing record-keeping processes that are in place between technical processing teams, finance, claims and underwriting.
- Mapping the data archiving process to ensure accurate processing and secure storage of data.
3: Operational evaluation
Operational evaluation involves deep scrutiny of business processes. Accounting and operational procedures are thoroughly examined, including mid-term adjustments, query monitoring and unallocated cash management. The claims management and automatch system are also evaluated to ensure accounting is clearly defined, reporting is accurate and that accounts are reported punctually and accurately to the general ledger.
4: Control policies
From theft to mismanagement of funds, there are many risks attached to poor internal controls and policy management. A robust insurance audit should evaluate and optimise policies on:
- Claims controls and policy issuance
- On-site security including safe security and cash storage
- Password protection on software,
- Accounting systems and employee responsibilities.
5: Reconciling records
As a fundamental aspect of a robust insurance audit, reconciliation covers a number of key areas that enable compliance and boost growth:
- Working through the general ledger to reconcile unallocated cash
- Identifying and resolving unapproved deductions
- Identifying and managing billing errors
- Identifying partial settlements and duplicate payments
- Ensuring records are accurate on aged debt position
- Effective claims adjustment, tax refunds from underwriters and resolving erroneous exchange rate differentials on transactions
The insurance audit landscape
Assuring the reliability of internal cash management processes is only possible through forensic auditing. In order to ensure the deep analysis and accuracy that defends a business, it is imperative to leverage specialist knowledge.
- TPA audit: An audit of third-party support services involves benchmarking the underwriting, claims, accounting and management of your business to ensure data, reputation, brand and quality standards are protected.
- Coverholder audit: Evaluating binders based on their potential capital effect, enabling you to tailor a portfolio strategy that minimizes risk, identify opportunities to cut costs and maximise data security.
- Unallocated cash audit: Identifying the extent and causes of unallocated cash by analysing all cash records, ledgers and journals. This clarifies if any historic fraud has occurred in cash management and enables the insurer to build a remediation plan.
TPA Audit
As part of the insurance audit, a TPA’s internal control environment can be verified through a third-party audit.
During a TPA audit, detailed tests can be conducted on the claims processed during a defined time period and forensic analysis can help identify irregularities in claims and policies.
A typical TPA audit includes rigorous inspection on TPA services and risk mapping covering all data and major classes of direct and reinsurance business.
This process enables you to benchmark underwriting, claims, accounting and management of your business so you can be confident that your reputation, brand and quality standards are being protected.
Inspection teams undertake audit & due diligence programmes on an anonymised ‘third party’ basis to get a true picture of the TPA’s operations.
Coverholder Audit
Coverholder audits can focus on compliance, claims handling, claims reporting, underwriting, or systems and can help management teams review issues related to specific areas of concern, supporting decision making and informing wider strategic objectives.
Both coverholders and insurers can benefit from coverholder audits by enabling coverholders to identify opportunities to streamline processes.
In addition to identifying and reducing unnecessary operating expenditures, audits can improve credit control, reduce cyber threats, and ensure compliance with regulations.
Governance coverholder audit components
- Strategic business review
- IT Strategy, sourcing and implementation review
- Outsourcing review
- Process review
Operational coverholder audit elements
- Coverholder operational review
- TPA review
- Claims audit & inspection
- Individual claims assessment
Unallocated cash audit
Most organisations have process maps which can be used and interrogated to identify the causes of unallocated cash. Having established the extent of the problem, a remediation plan can then be defined to allocate ownership. This includes identifying the resource required, as well as setting high level KPIs; this ensures progress is monitored and meets expectations.
A vital part of an insurance audit, the remediation plan will also enable you to assess the required budget to address the problem and then to maintain an effective cash management process thereafter.
5 key components to an unallocated cash audit
Access to historic data: Where cash relates to historic systems or acquired accounts, access to the data is essential when undertaking an insurance audit. Where the data is simply not available a decision has to be made as to whether the business requests information from brokers or clients.
Access to technical resources: Where technical transactions are incorrectly processed or missing, technical resources will be needed to reprocess transactions so the cash can be cleared.
Query resolution: Robust query monitoring is necessary to ensure that queries which are preventing the allocation of cash are answered.
Interaction with credit control: Procedures should be established to ensure the immediate referral of identified funding and previously unidentified outstanding aged debt (premium or claims) become apparent.
Write-off parameters: Cost efficiency dictates that an acceptable de minimis limit for investigation is set.
Defending your business against legacy and ongoing threats requires a rigorous insurance audit. Keeping the above principles and operational components in mind will ensure the process is a useful one.
The Ultimate Insurance Industry Toolkit: