CAE Survey

Internal Audit’s Shortcoming

A new Deloitte report finds internal audit functions fall short of stakeholder demands.
By: | September 7, 2016 • 4 min read
Businesspeople in a meeting

The majority of chief audit executives (CAEs) believe that their internal audit functions don’t have the capabilities to meet stakeholder demands, according to a new Deloitte survey.

Advertisement




They also think that their functions lack a strong influence over the board of directors and executive team, the report found.

More than half (57 percent) of CAEs surveyed said that they weren’t convinced their internal audit groups have the skills and expertise to deliver on stakeholder expectations in terms of efficient audits, insightful reports and effective decision support, let alone meeting future demands.

And only 13 percent of respondents said that they were “very satisfied” their functions have the skills to meet the expectations of shareholders.

More worryingly though, 72 percent believe their internal audit functions do not have a strong impact and influence over the board of directors, executive team and other key personnel. A further 16 percent said that their internal audit had little to no impact and influence.

“Internal audit has been scrambling to meet escalating needs in areas such as cyber security, regulatory compliance, corporate governance and third-party risk management.” – Terry Hatherell, global internal audit leader, Deloitte

We believe that this low satisfaction level with the function’s skills is indicative of the increasing complexity of risks facing organizations and the greater need for specialized skills within internal audit to completely assess these risks and the risk management effectiveness over these risks,” said Terry Hatherell, Deloitte’s global internal audit leader.

DeloitteTerryHatherell-WEB

Terry Hatherell, global internal audit leader, Deloitte

“Internal audit has been scrambling to meet escalating needs in areas such as cyber security, regulatory compliance, corporate governance and third-party risk management. These findings are concerning and indicate a need for internal audit groups to substantially increase their relevance within their organizations,” he said.

The inaugural survey of more than 1,200 CAEs from 29 countries also found that the biggest skills gaps among their function were cyber, cloud computing and other specialized IT skills (42 percent).

That was closely followed by data analytics (41 percent), risk modeling (27 percent), innovation (26 percent) and fraud detection (24 percent).

Hatherell said that such skills were in high demand and short supply, forcing CAEs to turn to alternative resource models, particularly co-sourcing with third parties and the adoption of rotation and guest auditor programs.

Tied in with this, CAEs view talent gaps and access to quality data as key barriers to the greater adoption of analytics.

According to the report, they cited risk anticipation (39 percent) and data analytics (34 percent) as the two innovations most likely to impact their internal audit function in the next three to five years.

Currently 86 percent of those surveyed use analytics, however only 24 percent use them at an intermediate level and 7 percent at an advanced level.

A little over half (58 percent) of respondents expect to be using analytics in at least half of their audits over the next three to five years, with 37 percent anticipating they will employ it in at least 75 percent of their audits.

“While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe internal audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks to stakeholders.” – Neil White, Advisory partner and internal audit analytics leader, Deloitte

Neil White, an Advisory partner and internal audit analytics leader at Deloitte, said that the need to enhance analytics tools and techniques was a top priority.

DeloitteDougAnderson-WEB

Doug Anderson, managing director – CAE Solutions, Institute of Internal Auditors

“While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe internal audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks to stakeholders.”

Doug Anderson, the Institute of Internal Auditors’ (IIA) managing director – CAE Solutions, said that Deloitte’s findings affirmed what the IIA had been telling its members for some time.

Increasingly, he said that CAEs were looking for different skills sets when hiring, including analytical/critical thinking, communication and data mining and analytics.

He added that it was also important for internal audit to provide assurance on how data is being collected and analyzed within their organization.

“The era of internal audit simply providing hindsight has long past,” he said.

“Modern internal audit functions must offer insight and foresight that help organizations identify and manage risks, build successful business strategies, and nurture cultures that support good governance.

Advertisement




“It is up to internal audit leaders and practitioners to develop the skills to meet those demands and develop trusting and honest relationships with stakeholders that position the organization for success.

“Increasing stakeholder confidence in internal audit requires the profession to step up to meet these new demands.”

Going forward, the survey concluded that CAEs needed to assess the talent and skills gaps within their internal audit function and take the appropriate action. They also needed to embed analytics into all of their processes in order to increase efficiency and value throughout the organization, said the report.

Alex Wright is a U.K.-based business journalist, who previously was deputy business editor at The Royal Gazette in Bermuda. You can reach him at [email protected]
Share this article:

Risk Insider: Ernie Feirer

Rocks, Hard Places Meet Automated Loss Runs

By: | August 22, 2016 • 3 min read
Ernie Feirer, CPCU, is Vice President and General Manager, Commercial Insurance, at LexisNexis Risk Solutions, where he is responsible for developing a suite of solutions for the commercial insurance market. He can be reached at [email protected]

In the world of commercial insurance, I often use the phrase ‘Rock, meet hard place.’ This happens most often when describing how time-and labor-intensive manual processes, such as gathering loss runs, place commercial property and casualty carriers in the position of delaying time to quote or moving ahead with incomplete information.

Think about it this way. As a short-order cook, two orders for scrambled eggs come in. The first requires you to go to a farm, chase after chickens and collect three eggs. The second order directs you to the refrigerator. Which order will you fill first?

On average, manual loss runs add 5 to 10 days to a carrier’s time to quote. It’s not uncommon for underwriters to proceed without loss runs for small business policies, when the premiums don’t justify the time and cost involved.

Despite this, loss runs offer a fuller understanding of the risks, so you can either rate these policies differently, require coverage changes, or reject them all together. The results can equate to millions in potential or actual losses from just a small portion of business.

Would you rather evaluate John Contractor who installs residential flooring, or would you rather be the carrier who knows that John Contractor has a worker’s compensation claim and has been installing exterior siding, not just floors? You’d rather have all the information you can.

How do you get out from between the rock and the hard place? Avoid as much manual work as you can and get trusted information quickly with automated loss runs.

Advertisement




Here’s what I’ve found in studying automated loss runs:

Enhance ease of doing business – automated loss runs mean real-time access to loss history that can be accessed from an agent’s desk. No more request-for-loss-run letters, no more follow-up phone calls or scans. In addition to traditional searching by business name and address, automated loss run technology can search by an individual’s name to uncover business owners, claimants and drivers within a commercial fleet. Or, they might conduct a location search for historic claims history specific to the property location on policies requiring property coverage.

Would you rather evaluate John Contractor who installs residential flooring, or would you rather be the carrier who knows that John Contractor has a worker’s compensation claim and has been installing exterior siding, not just floors? You’d rather have all the information you can.

Think about this scenario – a management company seeks a commercial package policy for a strip mall with several retail occupants. The insurer conducts a location-based search to obtain loss histories. While no losses are found on the company, it shows that several of its tenants have reported fire losses due to maintenance issues.

Improve customer service – with automated loss runs, carriers get a complete understanding of their risk exposure and can quote an accurate price from the start. Like above, knowing there have been fire events are hugely beneficial for underwriting. From an agent’s perspective, it provides reassurance that their ability to deliver exceptional and consistent customer service won’t be compromised at point of renewal.

Attract appropriate business – agents prefer easy-to-work-with carriers. Using automated loss runs, carriers can realize efficiencies and attract more business from agents. The complete risk profile afforded by an automated loss run ensures that underwriters fully understand their risk exposure.

One last example, we found in a real world book of business review more than 700 in prior claims totaling $13M in prior losses that were not disclosed to the carrier. Using automated loss runs, the carrier discovered that 38% of those claims were attributable to only 5 policies (equating to less than 1% of the claims).

Which hurt worse in this scenario – the rock or the hard place?

Share this article:

Sponsored: Liberty Mutual Insurance

Using Data to Get Through Hail and Back

Commercial property owners must take action to mitigate the risk of hail-related damage.
By: | September 14, 2016 • 6 min read

4,600 hailstorms have rained down on the U.S. as of the end of July according to the National Oceanic and Atmospheric Administration. And these storms have left damage behind, cracking unprotected skylights, damaging exterior siding, dimpling rooftops and destroying HVAC systems.

While storm frequency is almost on par with last year’s 5,400, the rest of the picture isn’t quite the same. For example, the hail zone seems to be shifting south. San Antonio, Texas, a “moderate” hazard hail zone area, typically sees four or five hail storms a year, on average.  Year to date, more than 30 storms have been reported. Overall, Texas has suffered nearly 20 percent of all hail storms this year.

Liberty Mutual’s Ralph Tiede discusses the risk hail poses to large commercial property owners.

The resulting damage is different too, with air conditioning (AC) units accounting for more than a third of the insurance industry’s losses, a greater proportion than in previous years.  “In some cases, we’ve seen properties that sustained no roof damage but had heavily damaged AC systems. This may be a result of smaller hail stone size coupled with high winds,” noted Ralph Tiede, Vice President of Commercial Insurance and Manager of Property Risk Engineering at Liberty Mutual.

Despite the shifting trends, however, these losses are largely preventable if commercial property owners understand their exposures and take steps to mitigate them. By partnering with the right insurer, a company can gain access to the industry-leading resources and expertise to make it happen.

Understanding the Risk through Data

A property owner might know that his property is located in an area prone to hail, but could underestimate the extent of damage a storm could cause. Exposed skylights, solar panels, satellite dishes and other roof-mounted equipment can translate to serious losses.

Three trends that have emerged this hail season.

This is where Liberty Mutual’s property loss control engineers offer critical guidance for customers with large property exposures.

“Our property loss control engineers go out and inspect locations to develop loss estimates,” said Tiede. “They’re looking at the age and condition of the roof, the material it’s made of, and whether equipment is exposed or if there are adequate safeguards in place.”

Liberty Mutual can combine this detail with the hail data it has collected for more than 14 years and use this extensive library to help customers understand their exposures. The company’s proprietary hail tool looks at customer-specific factors, such as roof type, age, condition and geocodes, to better identify potential losses from hail. The tool provides a more detailed view of hail exposure on a micro level, as opposed to more traditional macro views based on zip codes.

“This way, we’re not just looking at a location’s exposure, we’re looking at an account’s cumulative hail exposure and providing a better understanding of where the risk is concentrated,” Tiede said.

Having a good understanding of a company’s specific exposure helps the broker, buyer, and insurer develop an effective insurance program. “Two customers may be in the same area, but if one’s building has a hail resistant roof, protected skylights, and hail guards for HVAC equipment and the other’s has unprotected sky lights and no hail guards or screens on rooftop equipment, they are going to have different levels of exposure. In both scenarios, we can design an insurance program that fits the customer’s situation and helps control the total cost of property risk,” said Brent Chambers, Underwriting Consultant for National Insurance Property at Liberty Mutual.

A Liberty Mutual property loss control engineer consults with the customer on ways to reduce or mitigate the exposure from hail so that the customer can make an informed decision as to where to deploy capital. “It’s not just about protecting a building’s roof and rooftop equipment.  Roof damage can lead to extensive water damage inside a building and in some cases disrupt service, both of which can be costly for a business. By focusing on locations with the most exposure, a risk manager is better able to mitigate future losses,” said Tiede.

Actions commercial property owners can take to mitigate the risk of hail-related damage.

Liberty Mutual property loss control engineers also provide recommendations specific to each location. “We know that hail guards work, so we encourage clients to use those to protect HVAC equipment,” said Ronnie Smith, Senior Account Engineer for National Insurance Property at Liberty Mutual. “Condenser coils in air conditioning systems are fragile and easily damaged, and units don’t necessarily come with built-in protection. It’s important for property owners to take this step proactively to prevent a loss.”

The average cost to fix a condenser coil is $500, but replacing a coil can run at least $500 per ton of cooling, a measurement of air conditioning capacity that refers to the amount of heat needed to melt a ton of ice over a 24-hour period. As one ton of cooling typically covers about 250 square feet of interior space, replacement costs can quickly add up.

Replacing an entire AC unit can run more than $1,000 per ton of cooling. In a 250,000 square foot property, the replacement could easily reach $1 million. Given the increase in hail-related AC damage this year, these are numbers worth knowing.

Other risk mitigation recommendations include regular roof maintenance, such as inspections and repairs to small damages like blisters and installing protective screens over skylights.

“If a roof needs replacing, we also suggest using materials that have been tested and approved by an independent certification laboratory and are durable enough to fit the location’s exposures,” Tiede said. “The last thing a commercial property owner wants is to replace a roof again six months after it’s installed. Experience has shown that ballasted-type roofs are the most resistant to hail damage.”

Using Data to Develop Solutions

When a property owner has an understanding of the size of its exposure and potential losses, it is better able to work with its agent or broker and insurer to develop an insurance program to manage and mitigate potential risks.

“The data and advice we provide help clients focus on the largest risks and better mitigate that exposure,” Smith said. “The more data you have, the more you can understand your risk on a granular level and manage it.”

This data-driven approach to preparedness makes Liberty particularly well-suited to serve large commercial properties with multiple locations in high risk areas.

Prices for roof and air conditioning repairs and replacements have risen over last year, Tiede said, and are likely to grow more expensive as older equipment becomes obsolete. Property owners will be forced to buy newer, pricier replacements than perhaps they had originally planned for.

And if this year’s storm trends are any indication, hail is sometimes an unpredictable foe.

Amidst these shifting trends, the value of an insurer’s expertise in identifying, mitigating and managing hail exposure will be immeasurable to large commercial property owners.

For more information about Liberty Mutual’s commercial property coverage, visit https://business.libertymutualgroup.com/business-insurance.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.

Advertisement




Liberty Mutual Insurance offers a wide range of insurance products and services, including general liability, property, commercial automobile, excess casualty, workers compensation and group benefits.
Share this article: