The European Confederation of Institutes of Internal Auditing (ECIIA) released a position paper on the oversight of outsourcing in insurance undertakings.
The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from (re)insurance undertakings to third parties. It is crucial that key stakeholders, including management, the board and the (re)insurance undertaking’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.
This paper sets out the view of the ECIIA Insurance Committee (the Committee). It is based on the position paper on Internal Audit Oversight of external outsourcing issued by the ECIIA Banking Committee, on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services. This paper was adapted to the specifics of the (re)insurance undertakings, in particular the regulatory requirements of Solvency II.
This paper does not consider:
- Outsourcing of internal audit as a function
- Internal outsourcing (from one legal entity to another within the same group), albeit many of the same concepts, could be applied
The press release is available here.