Avoiding Audit Own Goals

Any firm that operates under a Delegated Authority arrangement, whether that be for underwriting, claims or both, will be subject to audit on behalf of the capacity providers.  Some insurers have an inhouse audit team, but most assignments are carried out by specialist audit firms that work across the market.

Contrary to popular belief, auditors are not looking to find problems.  However, they are duty bound to audit you against the terms of your Delegated Authority agreement and report on any breaches that they find, even if these appear to be relatively minor in nature.

An audit shouldn’t be feared; rather it should be viewed as an opportunity for the firm to gain an independent assurance review of their activities – with the added bonus that someone else is paying the bill.   However, there are some simple steps that firms can take to ensure a smoother audit process and avoid unfortunate own goals:

Read the agreement

This might sound obvious – but read the delegated authority agreement and make sure that it accurately reflects both what you do and how you do it.  Remember anything that you do that is outside of the terms of the agreement is a breach.   I once reviewed an agreement that was written for entirely the wrong class of business – somehow the agreement had been prepared and signed by the insurer, the broker and the Coverholder with no one noticing that it was totally incorrect.

Make sure that changes are endorsed

It is common for arrangements to evolve over time; the insurers underwriting appetite may change or as they get more comfortable with your firm they may increase your authority.  Any changes to the agreement should be formalised in an endorsement that is signed by the insurer.  At the very least you should ensure that you have written authority from the insurer for anything that you do that is outside of the agreement.  The auditor can only benchmark you against the agreement and any endorsements that sit alongside it – if you are relying on a verbal agreement to change your authority you are potentially leaving yourself very exposed.

Reporting Dates

There will be a set of timelines in the agreement which dictate when you should be sending various types of Bordereaux and remittances to the insurer.  The audit will include a random file check to ensure that these dates are being adhered to.  If due to a system or process, you cannot meet the deadline set out in the agreement then you need to get the date changed by endorsement, else you are breaching the agreement month after month.

Read the previous audit(s)

It is absolutely normal for an audit to produce a number of recommendations.  However, these should be acted upon and remedied within the time frame set out in the final audit report.  If the same recommendations are appearing in consecutive audit reports you need to understand why this is – if it is something that you cannot fix, then the agreement should be altered accordingly.

Policies and procedures

Prior to the audit you are likely to be given an information request and the auditor will want to see your compliance framework comprising of key policies, procedures and registers.  Best practice is for the framework to be reviewed on an annual basis and version control should be in place.  An annual review ensures that the framework keeps pace with regulatory changes and allows you to ensure where individuals are referenced, any changes in personnel have been corrected.

The reality is that a lot of documents are based on templates.  This in itself is fine as the templates are usually of a high standard.  However, by their nature templates are generic and they often need to be tweaked to make them work for a specific business model.   You also need to ensure that the documentation accurately reflects what actually happens on the “shop floor” and remember a simpler process that mirrors reality is much better than a far more complex one that does not.   You also need to avoid the ultimate own goal of submitting a suite of template documents that you have clearly just downloaded and  have absolutely no personalisation to your business.

The final piece of advice is to be open and honest with the auditor.  Few businesses are perfect but a firm with an open culture and a willingness to admit where things have gone wrong will be viewed far more favourably than one that fails to take accountability or tries to cover things up.