The Society of Insurance Broking (SIB), a U.K.-based professional association, has issued a new guide for internal auditors to reinforce the hallmarks of a well-structured internal audit function in the industry.
While the practice guide is aimed at insurance brokerage firms, it highlights some best practices that are valid for internal audit shops in all industries. The eight page “Good Practice Guide” seeks to address recent regulatory changes, such as the European Union’s Insurance Distribution Directive and the General Data Protection Regulation (GDPR), and well as increased scrutiny of brokers from the U.K.’s Financial Conduct Authority and increased merger activity in the industry.
(See also, Ten Core Principles for Internal Auditors to Live By)
“Clear and structured internal control frameworks need to be maintained as well as easily identifying senior management’s roles and responsibilities. Combining these with an effective three-line-defense model mean that insurance brokers and firms are not only complying with regulation but are also operating an efficient risk management strategy,” the SIB states in its introduction to the guide. “This Good Practice Guide outlines the three lines of defense model, as well as detailing the structure and benefits of an internal audit.”
Internal Controls Model
The guide, which was developed along with accounting and advisory firm PFK Littlejohn, provides a model against which brokers can map their existing internal controls and also serves as a reminder to review their approach to internal audit and risk management.
“We see a wide variation in the extent to which firms have established and implemented effective frameworks or functions for managing risk and for providing assurance on the effectiveness of internal controls,” writes PKF Littlejohn partner Jessica Wills in the forward to the guide. “This Good Practice Guide summarizes what these functions should look like within a three lines of defense model with some examples of good practice.”
While the SIB guide doesn’t break any new ground, nor does it advocate for any controversial or cutting edge structures or practices, it does serve as an adequate review for good internal audit structures and practices. And since it’s a quick read, it’s worth a skim for just about any internal auditor, if only to check against your priorities and to ensure your internal audit shop isn’t an outlier. 