( Expert )
24 August 2010
STANDARD OPERATING PROCEDURE
COVERING ‘SYSTEMS AND PROCESSES’
Before proceeding with the audit, the auditor is expected to obtain the following information at the audit location.
NO PARTICULARS DETAILS / REMARKS
1 Location(s) from where Investment activity is conducted
2 IT Applications used to manage the Insurer’s Investment Portfolio.
3 Obtain the system layout of the IT and network infrastructure including:
• Server details,
• database details,
• type of network connectivity,
• Other facilities / utilities (describe)
4 Are systems and applications hosted at a central location or hosted at different office?
5 Previous Audit reports and open issues / details of unresolved issues from:
• Internal Audit
• Statutory Audit
• IRDA Inspection / Audit
6 Internal circulars and guidelines of the Insurer.
7 Standard Operating Procedures (SOP)
8 List of new Products / funds introduced during the period under review along with IRDA approvals for the same.
9 Scrip wise list of all investments, fund wise, classified as per IRDA Guidelines, held on date
10 IRDA Correspondence files, circulars and notifications issued by IRDA.
11 IT Security Policy
12 Business Continuity Plans
13 Network Security Reports pertaining to IT Assets
REVIEW OF SOP
Check if the following are covered in SOP and also whether they have been adhered to through interviews, review of documentation, reports and substantial checks.
NO ISSUE COVERED IN SOP ADHERED TO BY THE INSURANCE COMPANY
1 The CIO, CFO, CEO responsibilities should be clearly laid down and CIO should not be in charge of mid office and back office functions.
2 Clear guidelines to be adhered by the Dealer
3 Clear guidelines to be followed while dealing with intermediaries (brokers, counterparties etc.)
4 Does Clear Trading guidelines for Personal Investments done by the Investment Team?
5 Investment Department should have documented the segregation of Fund Managers and Dealers through Authority Matrix as a part of its ‘Standard Operating Procedure’. Such segregation should also include segregation of front office, mid office and back office functions. Reporting and compliance should be independent of investment activities.
6 The Insurer should have documented the Access Controls and Authorization process for Orders and Deal execution
7 Provision for conducting periodic credit reviews for all companies in the portfolio. The periodicity should be clearly mentioned in the Investment Policy.
8 Procedure for adhering to exposure / prudential norms at the time of making investments.
10 Cover age of the process of generating and reviewing exceptions reports generated through the System?
11 Requirement that Insurer is required to keep a track of movement of Securities between Approved and Other Investments Status, as a part of audit trail, and at individual security level.
Proper internal procedures for such classification and also for periodical updation of individual ‘fund wise’ portfolio, at least on a Quarterly periodicity, for proper Regulatory reporting?
12 Clear statement that there cannot be any short sales by insurer. Ensure that the system does not allow short sales.
13 Cover age of the Dealing Room as well as the availability of a Voice Recorder and procedure for maintaining the recorded conversation and their disposal.
14 I Investments in an Investee Company, Group and Industry Sector should signal when both Internal / Regulatory limits are nearly reached PRIOR to taking such exposure and making actual investment.
15 There should be procedures to ensure that circulars and notices received from IRDA are acted upon.
16 Procedures to ensure that exposure norms determined by IRDA from time to time are appropriately communicated within the organization, and acted upon.
17 Coverage of the yearly compliance certificate with regard to section 7 deposit issued to IRDA. Are there procedures on the part of the insurer in governing the deposit made under section 7?
18 Procedures followed by the Insurer to ensure that when corpus size or fund size crosses certain threshold limits defined by IRDA, applicable regulations, circulars and exposure limits are identified and acted upon.
19 Procedures within the insurer for identifying and assigning outsourcing activities. These should comply with IRDA regulations on outsourcing for insurance companies
20 Procedures for empanelment of brokers / agents for investment activities. Such procedures should also specify the limit for each broker / agent.
21 Has there been an audit of the custodial services to ensure that the service provider
1 Is a regulated custodial service provider with experience and expertise in NAV computation?
2 Is not part of a ‘Group’ as defined under Regulation 2 (ca) of IRDA (Investment) Regulations, 2000 as amended from time to time and Guidelines issued there under?
3 Complies with all consumer laws and regulations.
4 Maintains confidentiality and protects data from intentional or inadvertent disclosure to unauthorized persons.
5 Has a comprehensive and effective system for disaster recovery and periodic testing of backup facilities?
6 Has an adequate system to address all Operational Risks arising out of technology, errors and frauds been put in place?
7. Provides full access to all records and other material to the IRDA or its authorised representatives to the same extent as if it were a department of the insurer.
22 The outsourcing agreement with custodian shall contain an exit clause providing for smooth transfer of records and functions to the insurer or its nominated contractor in the event of the outsourcing agreement being terminated, without imposing onerous penalties for termination
23 There should be procedures and assignment of responsibilities to ensure that when changes need to be made to system / application parameters consequent to circulars and notices of IRDA, these are communicated to the respective teams, and it is ensured that they are carried out.
OPERATIONS & PROCESSES
24 Insurer Procedure of Maker / Checker mapped in Standard Operating Procedure / Operations Manual of Investment Operations
25 Covers activities in NDS system should be available and integrated with SOP covering investment procedures
26 Procedures to ascertain cash positions and make investment decisions within available cash positions
27 There should be Electronic transfer of Data without manual intervention. All Systems should be seamlessly integrated
28 Audit Trail required at every Data entry point. Procedures for reviewing and maintaining audit trail
29 Is there adequate process to identify all corporate actions?
30 Is there adequate process to ensure that all the corporate actions have been accounted for?
31 Cover age of the following with respect to computation of NAV and handling of errors:
1. All expenses and incomes accrued up to the Valuation date shall be considered for computation of NAV. For this purpose, while major expenses like management fees and other periodic expenses should be accrued on a day- to- day basis, other minor expenses and income can be accrued on a weekly basis, provided the non-accrual does not affect the NAV calculations by more than 1%.
2. Any changes in Securities and in the number of Units should be recorded in the books not later than the first valuation date following the date of transaction. If this is not possible, the recording may be delayed upto a period of seven days following the date of the transaction, provided, the non-recording does not affect the NAV calculations by more than 1%.
3. In case the NAV of a scheme differs by more than 1% due to non - recording of the transactions or any other errors / mistakes, the investors or fund(s) as the case may be, shall be paid the difference in amount as follows:-
(i) If the investors are allotted units at a price higher than NAV or are given a price lower than NAV at the time of sale of their Units, they shall be paid the difference in amount by the scheme and the same shall be borne by the Shareholders.
(ii) If the investors are charged lower NAV at the time of purchase of their units or are given higher NAV at the time of sale of their units, the Insurer shall pay the difference in amount to the scheme and the same shall be borne by the Shareholders.
32 Presence of a process for investment reconciliation with custodian certificates
33 Provision for - in the case of a Life Insurer- fund-wise, reconciled Investment Accounts with Insurer, and Custodian records on day-to-day basis for all types of products
34 Provision for: Has the Insurer, in respect of ULIP products, reconciled with Policy Admin Systems, the Units, on a day-to-day basis?
35 Provision for: Has the Insurer, in the case of General Insurer / Re-insurer / Health Business, reconciled Investment Accounts with Insurer and Custodian records on a day-to-day basis
36 Cover age of the list of day end reports / confirmations to be generated and the process of their review
37 Has all the valuation of investments as required in FORM 5 been made in line with IRDA guidelines?
38 Are there adequate checks to ensure that all the returns filed with IRDA are complete and correct?