Internal audit

Effective governance, risk management and internal controls are fundamental to the success of every organisation. An internal audit provides assurance on whether an organisation is well governed and managed, and on the adequacy of its internal controls.

Within the insurance sector, it is a regulatory requirement under Solvency II regulations for insurers to establish and maintain effective risk management and internal audit functions. Whilst insurance intermediaries are not subject to the same regulations, there is an increasing need and demand for greater assurance, with many firms now looking to establish an internal audit function. This is due to:

• Recent and upcoming changes in regulation (eg GDPR, IDD and SM&CR);
• More focus from the Financial Conduct Authority (FCA) on the sector, as seen through recent thematic reviews; and
• Increase in merger and acquisition (M&A) activity within the sector meaning that, as firms grow in size and complexity, there is greater need for assurance by investors and senior management.

Clear and structured internal controlframeworks need to be maintained as well as easily identifying senior management’s roles and responsibilities. Combining these with an effective three line defence model mean that insurance brokers and firms are not only complying with regulation but are also operating an efficient risk management strategy. This Good Practice Guide outlines the three lines of defence model, as well as detailing the structure and benefits of an internal audit.

Read the full Good Practice Guide HERE (PDF)