Rating agencies are beginning to encourage insurers to adopt advanced risk management practices, often referred to as Enterprise Risk Management (ERM).

ERM is a risk-based approach to include all aspects of business operations that involve risk:  insurance risk, investment risk, and operating and financial risk.  The rating agencies have expressed their intent to evaluate the processes and techniques by which companies manage risk exposure as a part of their qualitative review process.

Are you prepared for ERM?

Commencing in 2003, the National Association of Insurance Commissioners (NAIC) began reviewing the requirements of Sarbanes-Oxley.  The NAIC is considering adopting many revisions to the Model Audit Rule (MAR), to incorporate certain aspects of Sarbanes-Oxley, which would be applicable to all insurers, both public and nonpublic.  The key titles of interest, to the NAIC, are Titles II, III, and IV.

These titles are auditor independence (Title II), corporate responsibility, including audit committees (Title III), and enhanced financial disclosures, including management’s assertion to the effectiveness of its internal controls (Title IV).

As these issues have worked their way through the various committees and sub-groups of the NAIC, they have been met with great resistance.  Although no resolution is complete, and the NAIC continues its focus, one thing is certain – ERM and Sarbanes/Oxley is here to stay.

Realize, the implementation mechanism is the rating agencies’ focus of it.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines Enterprise Risk Management (ERM) as:

“A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

As a Public Company Accounting Oversight Board (PCAOB) registered accounting firm, we are well experienced in implementing Sarbanes/Oxley.  Along with nearly four decades of auditing insurance related entities, we are well prepared to provide guidance on implementation of ERM to the insurance industry.