Process/Sub-Process
Underwriting Cycle—P&C
COSO Component / Cycle / Transaction Process / Control Objective / Control Objective Control Type (CAVR) / Control Objective Category (C/FR/O) /Risk
/ Point of Focus / Point of Focus Control Type (CAVR) /Control Activities / Underwriting / Underwriting Guidelines / Underwriting strategy has been clearly communicated to management and personnel responsible for underwriting decisions. / V / FR / Underwriting guidelines have not been effectively communicated to management and personnel responsible for underwriting decisions. / Underwriting guidelines are effectively communicated and readily accessible by personnel and management responsible for underwriting decision making / V
Control Activities / Underwriting / Underwriting Guidelines / Underwriting strategy has been clearly documented to provide for the consistent acceptance of submissions that are consistent with the company's risk tolerance, pricing strategy and exposure aggregation. / V / FR / Underwriting guidelines have not been formally documented in sufficient detail to consistently ensure appropriate underwriting decision with regards to risk acceptance, pricing and aggregation. / Underwriting guidelines are clearly to document standard policies and procedures related to:
* risk acceptance/decline (including loss history review, risk surveys/loss control inspections)
* risk pricing (including experience and schedule credit)
* risk aggregation
* lines of authority and approval process
* contract language and provisions (coverage, exclusions, etc.)
* reinsurance (alignment with in-force treaties or placement of facultative)
* transaction processing (recording policy issuance and subsequent activities as well as other necessary functions such as premium audits) / V
Control Activities / Underwriting / Underwriting Guidelines / Changes to underwriting strategy are properly updated in documented underwriting guidelines. / V / FR / Underwriting guidelines are not regularly updated by authorized personnel to reflect changes in underwriting strategy. / Underwriting guidelines are updated by a limited number of authorized individuals on a timely basis to reflect changes in underwriting strategy such as entry or departure from writing business based on geography, lines of business, class codes, exposure limits, industry, etc. / V
Monitoring / Underwriting / Underwriting Guidelines / Management regularly monitors compliance with underwriting guidelines. / V / FR / Underwriting decisions (new business placement, policy endorsements, renewals, etc.) are not consistent with underwriting guidelines or by unauthorized personnel. / Underwriting management performs regular self-audits of the book of business to ensure compliance with underwriting guidelines. The self-audits are risk based but also provide for coverage for all underwriting personnel and lines of business. Note: New system technology is available to automate underwriting decision-making ("expert underwriting") particularly for high volume, homogeneous lines of business. / V
Control Activities / Underwriting / Underwriting Guidelines / Underwriting decisions are made by suitably qualified and experienced underwriters. / V / FR / Underwriters have insufficient experience to assess complex or specialist risks. / Underwriters have requisite experience with lines of business to be underwritten and afforded appropriate lines of authority. Management also encourages the obtainment of professional qualifications (e.g. CPCU, ARe, etc). / V
Control Activities / Underwriting / Approval Process / Management only accepts contracts introduced through an approved distribution network. / V / FR / Contracts are accepted from unauthorized intermediaries (e.g. unappointed, unlicensed brokers and agents including MGAs). / A comprehensive list of approved brokers and agents, including MGA relationships, across all regions and lines of business is maintained by a limited number of authorized individuals. Submissions and subsequent contract activities are only accepted from intermediaries on the approved listing. / V
Control Activities / Underwriting / Approval Process / All policy submissions and subsequent activities (policy endorsements, renewals, etc.) are considered for approval on a timely basis. / C / FR / Acceptance of duplicate policy, incomplete processing or backlog of submissions and subsequent activities. / All policy submissions and subsequent activities (via phone, email, hard mail, fax or EDI) are logged. Policy submissions are reviewed for enterprise-wide account clearance and status (Open, Bound, Declined) for each submission. / C
Control Activities / Underwriting / Approval Process / Acceptance of policy submissions and subsequent activities is only granted upon receipt and assessment of all underwriting and contract information. / C, A, V / FR / Acceptance of policy submissions and subsequent activities is granted based upon incomplete or inaccurate underwriting and contract information. / Underwriting documentation requirements (e.g. applicant’s claim history, credit rating, any outstanding judgments, full details of the risk to be insured, geographical location, etc.) are standardized as relevant to the respective line of business / C, A, V
Control Activities / Underwriting / Approval Process / Appropriate segregation of duties between the solicitation and acceptance of policy submissions and subsequent activities. / V, R / FR / Production goals (e.g. premium growth) and/or compensation models lead to fraudulent or inappropriate acceptance of policy submissions and subsequent activities. / Appropriate segregation of duties exists between the solicitation and acceptance of policy submissions and subsequent activities. Where direct segregation of such responsibilities can't be implemented (e.g. marketing/territory representatives or "field underwriters"), there is an independent review of the bound business. / V, R
Control Activities / Underwriting / Pricing / Contract pricing accurately reflects the risk assumed and is consistent with the Company’s business objectives, reinsurance program and capacity to accept risk. / A / FR / Inappropriate pricing (premium rates) is applied to contracts. / Contract pricing, including performed by third parties (MGAs, agents, brokers, insureds, etc.), is determined by standardized rate tables and/or pricing models and use of experience or schedule credit facilities are appropriately used. / A
Monitoring / Underwriting / Pricing / Management regularly monitors contract pricing. / A / FR / Inaccurate or unauthorized rate tables and pricing models and/or inappropriate use of experience and schedule credit facilities are used to determine contract pricing. / Underwriting management performs regular self-audits of the book of business to ensure use of correct rate tables, pricing models and experience and schedule credit facilities including review of pricing performed by third parties (MGAs, agents, brokers, etc.). The self-audits are risk based but also provide for coverage for all underwriting personnel, distribution channels and lines of business. / A
Control Activities / Underwriting / Pricing / Product pricing is adjusted to reflect product performance. / A / FR / Product pricing is not adjusted to reflect actual experience by line of business. / Pricing analysis is regularly performed of claims experience and loss ratios by line of business, intermediary and geographical location and is incorporated into the Company's rate tables, pricing model and guidance for experience and schedule credit facilities. Access to update rate tables and/or pricing models is restricted to a limited number of authorized personnel. / A
Control Activities / Underwriting / Pricing / Product pricing complies with regulatory requirements. / V / FR / Unauthorized premium rates may result in punitive sanctions from regulatory bodies. / Where required for particular jurisdictions or lines of business, regulatory approval is obtained for pricing, including pricing changes. / V
Control Activities / Underwriting / Policy Issuance / Policy documents issued for all risks assumed. / C, A / FR / Policyholders are not issued contracts on a timely basis. / The number/value of policies and subsequent activities issued is reconciled to the listing of approved transactions and the confirmation of mailing. For automated policy issuance, the reconciliation may include the use of batch headers and hash totals. / C, A
Control Activities / Underwriting / Policy Issuance / Appropriate segregation of duties between the solicitation and processing of policy submissions and subsequent activities. / V, R / FR / Production goals (e.g. premium growth) and/or compensation models lead to fraudulent or inappropriate recording of policy submissions and subsequent activities. / Appropriate segregation of duties exists between the solicitation and processing of policy submissions and subsequent activities. Where direct segregation of such responsibilities can't be implemented (e.g. marketing/territory representatives or "field underwriters"), there is an independent review of the bound business. / V, R
Control Activities / Underwriting / Transaction Recording / Policy information recorded on the Company's administrative system is restricted to authorized personnel. / V, R / FR / Policy details and terms are recorded in the Company's administrative systems by unauthorized personnel. / Access to the Company's administrative system is restricted to authorized personnel through programmed authority levels. / V, R
Control Activities / Underwriting / Transaction Recording / Authorized contract information (including new business placement, policy endorsements, renewals, etc.) is recorded on the Company's administrative system on a timely basis. / C, A, V / FR / Incomplete processing or backlog of submissions and subsequent activities in the Company's administrative systems. / All policy submissions and subsequent activities (via phone, email, hard mail, fax or EDI) are logged and reviewed for evidence of underwriting approval prior to input into the policy administration system. Logs are regularly reviewed for confirmation of processing and review of stale submissions (i.e. quoted but not bound). / C, A, V
Control Activities / Underwriting / Transaction Recording / Transactions (including new business placement, policy endorsements, renewals, etc.) are only recorded against valid policies. / A, V / FR / The underwriting administration system misrepresents in-force polices. / System checks are in operation to prevent duplicate policy inputs. Sequential policy numbers are used with programmed controls ensure that only transactions with a valid policy number can be entered into the policy administration system and spoiled policy documents accounted for. / A, V
Control Activities / Underwriting / Transaction Recording / All transactions are completely and accurately recorded in the Company's administrative system. / V / FR / Inaccurate recording of underwriting data due to incorrect/invalid data entry resulting in the misclassification of policy administration and financial records. / The Company's administrative system performs edits and validations on the policy input and a quality assurance program has been implemented for independent review of policy input. Rejected policy data is isolated, analysed and corrected on a timely basis through programmed controls, batch headers and suspense accounts. Management reviews resulting exception reports. / V
Control Activities / Underwriting / Transaction Recording / Management monitors completeness and accuracy of data input into the Company's administrative system / C, A / FR / Management is unable to identify significant data entry problems in the recording of underwriting transactions. / Management reviews policy information to critically analyze premium activity, including current and historical premiums trends, new and renewal business, premiums by lines of business, intermediary and insured. / C, A
Control Activities / Underwriting / Transaction Recording / The Company’s records support al. transactions entered into the Company's administrative system. / V / FR / Insufficient documentation is retained to evidence underwriting transactions / The underwriting file clearly evidences review by an appropriate official to confirm that all required underwriting procedures have been performed and documented and appropriately entered into the Company's administrative system. / V
Monitoring / Underwriting / Transaction Recording / Management monitors and tests the internal control environment. / C, A, V, R / FR / Internal control weaknesses over underwriting activities are not identified and resolved on a timely basis. / Internal Audit reviews are conducted periodically to determine whether data recorded in the policy administration system is accurate. / C, A, V, R
Control Activities / Underwriting / Transaction Recording / Premium transactions are accurately reflected and classified in the financial ledgers / C, A, V / FR / Inaccurate data input results in the misclassification of policy data and financial records and the miscalculation of ADIAL due to inaccurate premium data. / The financial sub ledgers are reconciled to the general ledger. Reconciliations are reviewed and approved by financial management. / C, A, V
Control Activities / Underwriting / Transaction Recording / Premiums are correctly stated in the reporting currency. / A / FR / Misstatement of premium and related income due to inaccurate or incomplete foreign currency translation. / Translation of foreign currency written premiums is calculated using prevailing exchange rates at the date of policy inception. / A
Control Activities / Underwriting / Transaction Recording / Tax information derived from premium activities is accurately and promptly reported. / C, A / FR / Erroneous data may be used in tax computations and result in overpayments or underpayments of taxes. / Documented procedures for developing, summarizing, and reporting required tax information. Review of major transactions or major classes of transactions by individuals who are knowledgeable about tax requirements. Programmed sub ledger coding facilitates the automated classification, summarization, and retrieval of required tax information. / C, A
Control Activities / Underwriting / Transaction Recording / Relevant disclosure data is gathered completely, accurately and on a timely basis. / C, A, V / FR / Required GAAP/ MD&A/ 10-K disclosures are incomplete or inaccurate for presentation in the financial statements / Recorded transactions capture and aggregate required account disclosures including:
- gross and net written premiums
- earned premium (including changes in unearned premium)
- allowance for bad debts
- insurance balances receivable
- appropriate segmental and geographical analysis
- associated cash flows
- material legal proceedings
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Prevention or detection of incorrect entries to policyholder accounts, agents' balances and reinsurance data. / R / FR / Unauthorized adjustments are made to the financial sub ledgers. / Access to ledger journal entries is restricted to appropriate finance personal through programmed authority levels. / R
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Appropriate segregation of duties between the entry and approval of journal entries (related to underwriting transactions not recorded in the Company's administrative systems). / R / FR / Unauthorized adjustments are made to the financial sub ledgers. / Appropriate segregation of duties exists between the entry and approval of journal entries / R
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Polices and procedures exist for processing journal entries. / A, V / FR / Incorrect/ inconsistent treatment of manual adjustments between sub ledgers. / A chart of accounts is maintained and updated on a timely basis, establishing procedures and account mappings for processing journal entries to sub ledgers. / A, V
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Sub ledger journal entries represent valid adjustments to the Company’s financial records. / V / FR / Incorrect of fraudulent journal entries are recorded. / All journal vouchers are approved by management and attached to supporting documentation. / V
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Sub ledger journal entries are recorded on a timely basis. / V / FR / Ledger maintenance activities are not recorded in the correct financial period. / Manual adjustments are reviewed by an appropriate official to ensure accuracy of cut-off. / V
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Prevention or detection of incorrect entries to policyholder accounts, agents' balances and reinsurance data. / C, A / FR / The financial sub ledgers do not accurately reflect current policy data, reinsurance terms and billings. / The financial sub ledgers are reconciled to the underlying policy administration, actuarial and reinsurance systems. Reconciliations are reviewed and approved by financial management. / C, A
Control Activities / Underwriting / Adjustments and Ledger Maintenance / Sub ledgers are reconciled to policy administration, billing and reinsurance systems. / C, A / FR / Unreconciled suspense accounts exist and are not cleared on a timely basis. / Suspense accounts are reconciled and reviewed by an appropriate official to identify and clear unusual or aged balances. / C, A
4/20/2011 Page 1 of 9