• Insurance: Enterprise Risk Management Audits
  • September 13, 2006 | Authors: Nicholas T. Christakos; Mary Jane Wilson-Bilik
  • Law Firm: Sutherland Asbill & Brennan LLP - Washington Office
  • Insurance providers (financial service companies and subsidiaries that issue insurance) can realize significant benefits in their own insurance coverage through an enterprise risk management audit. Working closely with the insurer’s general counsel, chief risk management officer and chief compliance officer, outside counsel begin the audit process by developing customized questions on regulatory compliance and internal processes, and then interviewing senior executives and business unit heads.


    The questions should cover all aspects of insurance operations, such as type of policies issued, assessment and compliance procedures, and macroeconomic and microeconomic risks. During an enterprise risk management audit, also assess internal compliance controls and investigative procedures. This includes reviewing Sarbanes-Oxley compliance, integrity of data systems and customer privacy assurance.


    Use the audit answers to determine the adequacy of the insurer’s own coverage for fiduciary liability, property and casualty, and all other insurance risks. Audits reveal where existing policies covering insurable risks can be combined for cost saving, demonstrate where coverages should be increased or decreased and identify those risks that cannot be insured.


    Outside counsel find and place coverage for insurable risks and advise the insurer on minimizing uninsurable risk exposure. The process is structured to identify and secure comprehensive and creative coverage that protects insurance providers as insurers. The fresh perspective of outside counsel, working as a team with internal compliance officers, often identifies compartmentalization that keeps the full company from realizing maximum compliance and coverage efficiencies.