Transcript Download Handout 2

Sarbanes-Oxley
A Primary Insurer’s
Perspective
Sally M. Kaplan, ACAS, MAAA
Markel Corporation
Tuesday, September 12, 2006
Implementation
• First years, 2004 - 2005
• Submitted detailed documentation to
Corporate Accounting, Internal Audit,
and our External Auditors and Actuaries
Implementation
• For the units that I am responsible for, I
submitted already-existing
documentation.
• This occurred by operating unit within
Markel
Implementation
• Iterative process in which substantial
amounts were eliminated and inserted
– For example, a lot of our documentation
about process was too detailed and was
deleted.
Implementation
– On the other hand, sections about
judgment in the process was virtually non
existent in my documentation and had to
be added. For me, this was the most
challenging aspect.
Implementation
• Within the documentation for each
operating unit, controls were identified
and highlighted
– Controls that related to checking the
accuracy of the data
– Controls that related to accuracy of the
pick
Controls- Accuracy of the Data
• Basic checks such as, after splitting
our analyses by line, program, etc., on
the back end do we have the correct
premium, paids, and case reserves that
tie to ledger?
Controls- Accuracy of the Data
• Do the source systems that give us
triangles, detailed program info (which
is not available in ledger) tie to ledger?
Controls- Accuracy of the Data
• Each control had ‘Completed by’ and
‘Reviewed by’ box to be initialed and
dated by Actuarial personnel.
• This part was relatively easy for me, as
I had addressed it in my own process
to help analysts in my area for several
years prior.
Controls-Do we have a
reasonable pick?
• We thought a lot about how we can
evidence that our picks are actuarially
sound, given that we had already
proven that the data was correct.
• Huge challenge for me
Controls-Do we have a
reasonable pick?
• Reasonability checks
– Manager’s check on each other’s work
– Escalation of issues to Chief Actuary
– Preliminary meetings with executives in
operating units
Controls-Do we have a reasonable
pick?
• Reasonability checks (contd)
- Numerical calculations that we look at
from quarter to quarter to check validity
of our pick (actual versus expected,
comparison to budget, etc.)
- We use standard methodology
Controls-Do we have a reasonable
pick?
• Reasonability checks (contd)
– Rolling up to corporate-wide review allows
Chief Actuary to provide another high level
check
– Management’s final judgment on what to
book
Identification of Key Controls
• We identified the key controls within
each operating entity’s process.
– These generally were the ones that
included the data checks and the review
with management within an operating
entity.
Implementation: Testing
• Quarterly, internal and external auditors
would visit my office, copy papers from
our binders, and test the key controls.
2006 Revision Process
• Spring of 2006
• We took a look at the most serious risks
• We streamlined the controls
2006 Revision Process
• Separated controls into ‘serious’ and
‘intermediate’
– If we considered a control to address a
high risk area, meaning there would be
severe consequences if a particular
control was not met, we kept that control
as a key control.
2006 Revision Process
•
Separated controls into ‘serious’ and
‘intermediate’ (contd)
– Intermediate controls are still part of the
process in each operating entity but are
not subject to testing
2006 Revision Process
• Established a checklist and put all of
the key and intermediate controls in
there
• Now, quarterly, the actuary shows the
checklist to the auditors and says ‘the
checklist was completed.’
Positive Outcomes of Sarbanes
Oxley
• The checklist with the key controls at the top
and the moderate tasks listed below has
been a great addition to our process.
– Beyond focusing only on the high risk controls
– Great efficiency tool for areas where there are
quick quarter end timeframes, multiple analysts
working on a particular operating entity.
– Allowed occasionally, where appropriate, an
analyst to check work I had completed.
Positive Outcomes of Sarbanes
Oxley
• Spreadsheet controls
– Archive to read only after quarter end
– Did a review of who had access to our files
– Ensured that versions were named
according to the evaluation date of the
review
Not-So-Positive Impacts of
Sarbanes Oxley