Internal audit

We are one of the largest insurance Internal Audit (IA) providers in the market, and have built a very strong presence and reputation in doing so. Through outsource and co-source arrangements, and the provision of EQAs, we have extensive experience of providing our insurance clients with high quality, timely assurance in their key risk areas.

Current market challenges

Ever-increasing regulatory demands, combined with ongoing commercial pressures, require insurers and brokers to have robust internal controls systems in place. The SMCR regime has also served to heighten personal and collective accountability for business conduct and practices.

Internal audit functions have needed to mature significantly in recent years to ensure alignment with the IIA’s IPPF and its revised Financial Services Internal Audit Code.

Current challenges for the market include:

  • governance;
  • remote working;
  • operational and IT resilience;
  • conduct risk;
  • underwriting discipline;
  • errors, omissions and record-keeping;
  • sustainability, ESG and the financial risks of climate change;
  • pricing practices;
  • capital;
  • reserving;
  • data governance,
  • management and privacy;
  • change, including the widespread move to the cloud and digital platforms;
  • cyber and ransomware attacks.

The list goes on.

We have experience in reviewing each of these areas, providing proportionate, pragmatic recommendations to ensure that our insurance clients can grow with confidence in the skills, rigour, and expertise of their ‘third line’ internal audit function.

IA functions themselves also face challenges in meeting stakeholders' demands and expectations to provide assurance in rapidly evolving areas of risk. We can supplement the skills of your IA teams through co-source assistance and secondments.

How we can help

We have a team of dedicated financial services and insurance specialists who work in IA all year round, supplemented by an extensive pool of specialists who regularly work on IA assignments, adding value through their deep knowledge of specific risk areas.

Due to the specific nature of risks facing insurers, we have found that IA benefits from increased specialist input to provide greater levels of assurance and add credibility and value when liaising with your people.

Whether through fully outsourced IA arrangements, or the provision of co-source assistance, we take a collaborative approach to IA, ensuring that IA does not alienate itself from the business, but is instead seen as a trusted advisor for the business and those charged with governance.

Case study

We have experience in applying IA guidance and best practice in a proportionate way to ensure our clients get the maximum benefit from our work.  Our IA expertise covers the full range of insurance risks, including claims, underwriting, reserving and capital, supplemented by expertise in IT, cyber, data, regulatory compliance, actuarial and anti-financial crime.

As a global, integrated firm with a wide-ranging international reach, we provide cross-jurisdictional IA services to international groups and were appointed to become the outsource provider of a large motor insurer in 2019, replacing their in-house function.  Over a three-year period, we have performed audits across all key risk areas, including:

  • GDPR
  • Underwriting & Pricing (including Retail Pricing)
  • Capital & Solvency
  • Reserving
  • Change Management & Governance
  • Internal & External Fraud
  • Supplier Management
  • Cyber
  • IT Vulnerability Management
  • Compliance
  • SMCR
  • Claims (including QA)
  • Governance
  • Risk Management

During this time, we have observed and contributed to, a significant improvement in the group’s risk and control culture and the status of the IA function within the organisation.

We identified the following issues:

  • Supplier Management – as a result of our work, the group recognised the need to better demonstrate its management of conflicts of interest
  • Cyber (Assumed Compromise) – our specialist team successfully simulated an attack and was able to:
    • install and execute a custom Remote Access Toolkit (RAT) onto a company laptop
    • escalate its network privilege to Domain Administrator level, targeting the production environment
    • gather sensitive and proprietary information

As a result of our work, significant enhancements were made. The client recognised that our work was instrumental in enabling the group to later thwart a real-life attack in 2021, which could have had severe financial, regulatory, and reputational consequences.

Explore our insurance services

National contacts