The Perfect Compliance Company Is there such a thing

1
The Perfect Compliance CompanyIs there such a
thing ?

• Tony Lloyd
• Group Internal Audit Manager
• NFU Mutual

2
The Perfect Compliance CompanyIs there such a
thing ?

• The NFU Mutual
• The Governance Structure
• Effective Risk Management
• Internal Audits Role
• Continuous Monitoring
• Challenges

3
NFU Mutual

• General Insurance, Life Assurance and Pensions
  business.
• Assets as at 31.12.06 11.5 billion
• GWPI for 2006 914m
• 300 agencies throughout the UK
• Direct call centre
• Direct Sales force of Financial Consultants
• 3000 employees

4
Governance Structure
Main Board
Audit Committee
CEO
Dir Finance
GM Business Risk
Compliance
Risk
Audit
5
Effective Risk Management

• Things may go wrong
• KRI indicators
• Reporting and escalation process
• Effective and timely response
• Risk Levels
• Background risks
• Crystallising risks
• Issue
• Ownership
• Risks owned by the business

6
Audit Role

• Risk based auditing
• Cyclical element
• Sample based testing
• Data file interrogation / analysis
• Continuous monitoring ?

7
Continuous Monitoring

• Automated testing of 100 of journal entries
• Identification of exceptions to predefined
  conditions
• Identification of potential fraudulent or
  erroneous transactions
• High level of assurance with low level of
  resource input

8
Continuous Monitoring

• What is involved
• Understanding the concept
• Understand your systems and data
• Establish what can be achieved
• Cost / Benefit
• Challenges
• Capacity for change
• Availability of resource
• Other pressing programmes and projects
• Business as usual
• Who to involve
• Senior management buy in
• Business input Finance
• IT input
• Legal
• Procurement

9
The Solution key components

• Infrastructure Provides scaleable infrastructure
  for CM solution, e.g.
• Application independent
• User Administration
• Controls Provides the framework for establishing
  and executing controls, e.g.
• Data extraction and conversion
• Rule engine (Data analytics)
• Monitoring mechanism to ensure all exceptions
  are visible to aid continuous improvements, e.g.
• Exception dispatching and monitoring
• Rule calibrating
• Reporting Provides detailed and aggregated
  status information, e.g.
• Web browser interface
• KPI reporting

Reporting

Infrastructure
Monitoring
Controls
10
What will it do?
As a vital part of day-to-day operations
By continuously analyzing transaction data CCM
monitors the effectiveness of controls
Effectiveness of Controls
Detect
Comprehensive Analysis
CCM is applied to large volumes of transactional
data. CCM does not rely on sample audits
Prevent
Inform
The exceptions are available for a range of users
within the organisation
Analysis for different user needs
Act
CM leads to continuous improvements
11
Summary

• Effective Risk Management
• Audits role
• The most valuable thing an internal audit
  function can provide is independent assurance on
  the effectiveness of controls over risk,
• Simon DArcy President IIA UK and Ireland
• Continuous Monitoring