Details of Control Systems

Key risks are supported by risk and control maps and company policies and procedures.

Ownership of key risks and controls is clearly defined. Assessments are undertaken upon a consistent and regular basis to ensure that risks remain relevant and up-to-date.  

When any residual risk i.e. a risk after the application of existing controls, falls outside the Company’s risk appetite, action plans are agreed, implemented and monitored.  Risk mitigation actions have clearly defined owners and implementation timescales.

Control Environment

The control environment sets the tone of the business influencing the control consciousness of its Directors and employees. The control environment provides structure and discipline for the other components of internal control, incorporating factors such as integrity, ethical values, management’s philosophy and operating style; assignment of authority and responsibility; competence of the workforce; organisational structure; and the attention and direction provided by the Board of Directors.

The control environment is communicated to employees through the following key documents:

  • Corporate objectives and risk appetite
  •  Code of Business Conduct and Ethics
  •  Whistle Blower Policy
  • Confidentiality and Trading Responsibilities Regarding Fairfax
  •  Documented polices and procedures for each operational business area
The control environment has been built up over time taking into account guidance provided under the UK Corporate Governance Code; advice from external consultants; input from Lloyd’s and the FSA and recommendations from the internal and external audit process.  As a small organisation, the Company’s culture is hands-on with extensive interaction between Executive Management and the employees and which takes pride in maintaining strong underwriting disciplines throughout the insurance cycle while acknowledging the potential volatility in short term results arising from catastrophe events.

In the current soft market, the Company recognises the need to earn an underwriting profit by declining unprofitable business and to protect its capital from losses. The Company’s primary measure of success for its underwriting business is to achieve underwriting profitability measured through the use of combined ratios.  The Company also seeks to establish claims reserves and premium estimates such that prior years’ claims development should not adversely affect the current year’s results. 

The Company seeks to incentivise staff through performance related cash and long term bonus schemes, both of which are measured by underwriting profitability and combined ratios.  For the most senior of staff annual cash bonuses are entirely at the discretion of the shareholder dependent upon the performance of the Company.

 

Risk Assesment

The Company faces a variety of risks from both internal and external sources that require identification, assessment and management of those risks. As the environment in which the Company is operating is constantly changing, the risk assessment process needs to be dynamic and updated on an ongoing basis.

From 2010, AUL introduced a Risk Committee to its governance structure to provide added management focus on the risk management framework.  This Committee is chaired by an AUL Non-Executive and meets at least quarterly.

The Company has completed an assessment of key risks consisting of the following:

  •  Insurance risk, including underwriting, catastrophe management, reserves and reinsurance
  •  Financial risk including quality of investments, interest rate volatility, credit exposure to counterparties, concentration risk and liquidity
  •  Foreign exchange risk and volatility
  •  Capital management
  •  Preparedness for the implementation of Solvency II
  • These key risks are supported by risk and control maps and company policies and procedures.
Ownership of key risks and controls is clearly defined. Assessments are undertaken upon a consistent and regular basis to ensure that risks remain relevant and up-to-date.

 

Control Functions

Control functions are those areas of the business that have a specific role in the Company’s system of internal control. For AUL these functions and their respective responsibilities are:

  • The Compliance function is responsible for ensuring compliance with regulation, legislation, policies and procedures, including identification of compliance risk and assessment of the potential impact of changes in the legal environment.
  •  The Risk Management function is responsible for facilitating the risk management framework.
  •  Internal Audit is responsible for providing independent assurance on the firm’s management of its key risks.
  • The Finance function is responsible for the implementation and maintenance of accounting policies and procedures to ensure the firm’s accounts give a true and fair value of its final position.
  •  The Actuarial function is responsible for calculating technical provisions, ensuring appropriateness of methodologies, models and assumptions used in the calculation of the technical provisions, assessing adequacy and quality of data used in calculating technical provisions and comparing best estimates against experience.

Each function has terms of reference approved by the AUL Board and/or detailed procedure manuals approved by Senior Management.

Communication

Appropriate information must be identified, captured and communicated in a form and timeframe that enables directors and employees to carry out their responsibilities.  The Company has an established management information system for the production of operational, financial and compliance reports which allow Executive Management and the Board to run and control the business. The accuracy of data is validated through a combination of validation reports, exception reports, peer review, independent review, internal audit and external audit.

The Company has established corporate objectives and risk appetite. The key performance data required for management and control purposes has been identified as return on shareholder equity, combined ratio, adequacy of reserves, exposure to catastrophe losses on a gross and net basis and performance against the approved business plan.

Management reports are produced monthly for the Executive Group and the shareholder and reported to the Board quarterly.  Decision making is made at the appropriate level, within pre-agreed parameters, and communicated throughout the Company as required.

The Company maintains pro-active channels of communication with all key stakeholders including existing and prospective clients, brokers, reinsurers, its shareholder, and regulators.

Monitoring

Internal control systems need to be monitored to assess the quality of the system over time. The Company achieves this through a combination of day-to-day operational monitoring conducted by management, such as the review of exception reports, together with a comprehensive risk based internal audit programme.

The audit programme is risk focussed with the majority of the activity centred upon those areas which are considered to generate the largest risks namely underwriting, reinsurance and claims, together with the target of auditing all other key areas of the Company’s operations at least once every two years. Audit reports are reviewed by Advent Underwriting Limited Audit Committee and other subsidiary boards and there are no fundamental action points outstanding or overdue.

The Company believes it has implemented an effective system of internal control.

 

Ian Hewitt
Ian Hewitt:  Head of Risk Management and Director of Advent Underwriting Limited.
 The Institute of Risk Management