There are three perspectives in insurance auditing.
First, on the financial perspective, you have to understand how the policies are sold, premiums collected, records kept, and money transferred to the company from the agency(cheque or sweep) and how the commissions are returned back to the agency(cheque or deposit) and how closely are those premiums and commissions tracked to each policy and transaction within the policy period(new business, endorsements and renewals) within the agency management system and accounting system? Are producers paid by commissions, salary or a mixture? How are these tracked? If a producer collect premium from a client off site, what time frame do they have to turn the money over to the agency and how is that verified and tracked? This is just a small sample of what is necessary for insurance agency financial review.
If you are doing an operational audit, you will need to determine how needs assessments are done for each client. Are personal P&C, Life, Annuity and Commercial Lines all handled by the same staff? Are those staff properly licensed for each line? Are they adequately trained to handle the nuances of each endorsements and inputting of all information in the agency management system? Are their accounts audited by supervisors or other accuracy and proper placement of business with the correct coverages and carrier to meet the consumer's needs?
Compliance reviews cover many of the same topics as financial and operations. Most states require agencies to maintain trust account with absolute separation of operation funds and only the ability to "seed" monies into the account that may be used for premium loans for commercial business, which must be closely tracked and properly accounted for on a client by client bases within the trust account. Additionally, as previously noted, all employees who discuss coverages with consumers typically MUST be licensed, in each state that they may be discussing coverage with consumers in. So if you have branches on a boarder and consumers who may live across state lines, your employees must be licensed in the other state to sell insurance for that state, even though the consumer is coming to the bank in the employees primary state. Additionally, the agency likely has underwritting authority with each company and to maintain that authority, they have to attain proper balance of claims.
Tuesday, August 23, 2011
How can department manage and secure employee mobile devices
IT departments in consumized environments are faced with a series of challenges, mainly around acquiring visibility and some level of control over the plethora of user-liable devices.
- Management of user-liable devices
Management in this case has a dual purpose. First, it is about making the experience for the user a smooth and easy one, in order to maximize his motivation and productivity. Second, it's getting some level of control over user-liable devices to minimize the exposure to security risk. A well-managed device is - in most cases - a safer device.
- Exposure of sensitive corporate data stored on devices
There are several ways for sensitive corporate data to be exposed to unauthorized third parties. Millions of cell phones and laptops are lost or stolen every year. Sensitive data stored on the device must be considered compromised, and depending on the nature of that data, a data breach must be reported to the authorities, resulting in cost of up tp $50,000 per exposed device and a loss of reputation.
- Leakage of sensitive corporate data through consumer applications
As employees use the same device for personal and work-related tasks, sensitive data can easily- with or without malicious intention on the side of the user- be transferred off the device. It can be sent via Webmail, instant messaging or other non-corporate communication channel.
- Management of user-liable devices
Management in this case has a dual purpose. First, it is about making the experience for the user a smooth and easy one, in order to maximize his motivation and productivity. Second, it's getting some level of control over user-liable devices to minimize the exposure to security risk. A well-managed device is - in most cases - a safer device.
- Exposure of sensitive corporate data stored on devices
There are several ways for sensitive corporate data to be exposed to unauthorized third parties. Millions of cell phones and laptops are lost or stolen every year. Sensitive data stored on the device must be considered compromised, and depending on the nature of that data, a data breach must be reported to the authorities, resulting in cost of up tp $50,000 per exposed device and a loss of reputation.
- Leakage of sensitive corporate data through consumer applications
As employees use the same device for personal and work-related tasks, sensitive data can easily- with or without malicious intention on the side of the user- be transferred off the device. It can be sent via Webmail, instant messaging or other non-corporate communication channel.
Subscribe to:
Posts (Atom)