The Individual Insurance Association (IIA) was founded in 1904 as a mutual (owned by policyholders) insurer selling individual life and health policies. Competition was concentrated in a small group of companies selling similar services in the same marketplace, but the association was able to grow at a steady rate by offering competitive services backed by reliable client service.
Building on its success with individual insurance, IIA started offering group life and health insurance in 1935, group pension administration in 1950, and individual pensions (annuities) in 1967. For the last five years, a committee has been studying expansion into auto, homeowners, and other casualty insurance.
Primarily a financial institution, the IIA has installed all the traditional controls to assure the protection of assets and the integrity of financial information. The financial accuracy of all regulatory reports is checked and double-checked before submission.
On December 31, 1982, the IIA valued its assets at $110,000,000 and had $900,000,000 face value of in-force insurance on the books. Of the $10,000,000 of premium income and $8,000,000 of investment income received during the year, $600,000 was added to reserves for future payments.
A Changing Environment
About ten years ago, the IIA decided to decentralize its administrative operations in order to better serve its policyholders and to better market its service. It has since established seven regional service centers at strategic locations across the continental United States. The procedures and the controls installed in the centralized operations have been transported and adapted to the decentralized organization. Corporate activities such as investments, insurance development, and internal auditing have remained centralized in the St. Louis home office. Information on transaction activity is reported daily to the home office.
At the same time, competition has been growing within the insurance industry and with banks and stockbrokers in the larger financial services community. The traditional separation lines between banks, insurance companies, and stockbrokers have started disappearing. Banks are selling insurance; insurance companies are marketing individual pensions as savings accounts; and stockbrokers are offering investment accounts with checking and insurance features.
Escalating interest rates have intensified the concern over return on investments and caused a shift from the traditional long-term corporate bonds and real-estate mortgages to higher yielding common stocks, certificates of deposit, and "short" term corporate bonds.
The marketplace has also changed as potential customers presented with the flood of information on competing financial services have become more sophisticated in their product selection. As customers have become more interested in the risk, expense, and investment components of traditional insurance products, insurance companies have developed new services that allow for individual preference. These new services now permit customers to adjust the mixture of risk and investment and provide "front-end loading" to cover administrative expenses. The result is that administrative expenses have become a matter of marketing concern that has emphasized the need for economical and efficient operations.
This concern, not new to IIA, led to the introduction of computers in 1965. Since then it has upgraded its capabilities with newer, more powerful components. Computer installations in Louisville, Kentucky, and Albuquerque, New Mexico, are now linked to the home office, service offices, and 98 sales offices through direct-satellite communication lines. All of IIA's major operations have highly integrated systems, and almost every aspect of the business is in some way tied to a computer application.
The Audit Committee
Whether it was due to the foresight of the founders or an industry practice, the IIA formed an audit committee of directors not employed by IIA shortly after its founding. The committee first met in 1906 and has been an active, standing committee of the board of directors ever since.
At first the committee was responsible for examining all vouchers and auditing all accounts, bills, and expenses of the IIA - often meeting several times each month. In 1934, when the volume of transactions and frequency of meetings became too great, a Chief Accountant was appointed to examine vouchers and audit accounts, bills, and expenses. The audits were further delegated by the controller to the new internal auditors. The committee had to meet only once a month to review the Chief Accountant's report on the examinations and audits.
In 1951, duties of the audit committee were expanded to include general supervision of internal controls over receipts and disbursements. The controller was responsible for planning and scheduling the control reviews. The internal auditors were assigned the task of preparing transaction-control flowcharts and evaluations. It became necessary for the audit committee to meet a second time each month to review the complete evaluations.
This practice continued until 1964 when a "Big Eight" accounting (BEA) firm was first engaged to review the control evaluations completed by the internal auditors. This review made it possible for the audit committee to again limit its frequency of meetings to monthly at which times it received the Chief Accountant's report on examinations and audits, an annual report on control evaluations from the BEA, and other reports as deemed appropriate by the Chief Accountant.
With the coming of computers, the IIA considered changing the audit committee's charter to specifically include the review of internal controls designed into computer systems and operations, but it decided that computerized controls were already covered under the general supervision duties of the committee. While the internal auditors incorporated the review of new computer systems and operations in their control evaluations, the Chief Accountant directed them to concentrate their review on the input/output controls and to leave the internal operations of the computers to the electronic experts. The audit committee did not challenge this directive.
The Situation
The Chief Accountant has become a powerful member of company management. He is a senior company officer, reporting directly to the audit committee (he sets its agenda and meeting dates and keeps its minutes). He has final approval on all disbursements and directs the activities of the internal auditors. He is also chairman of the budget committee and other committees
The audit committee, in spite of regular assurances from the Chief Accountant, has become increasingly uncomfortable with its position. The New York Stock Exchange (NYSE) has increased the committee's visibility by requiring that companies establish audit committees before they may be listed on the NYSE. The Securities and Exchange Commission (SEC) has been sanctioning officers and directors who fail to properly exercise their oversight duties. Incidents of fraud in large financial institutions appear in the newspapers at frequent intervals. The Foreign Corrupt Practices Act (FCPA) has made failure to maintain adequate systems of internal accounting control a federal crime.
The corporate executive officers have become edgy about the IIA's ability to adjust to changes in markets, technology, laws, regulations, and the economy. They are also concerned that the decentralized organization is getting out of control. They recognize the need for an independent appraisal of economy and efficiency but are not sure where to assign the task. They know that the IIA has internal auditors (they are a significant expense item); but aside from occasional negative reports from the Chief Accountant's office, they are not sure what the auditors do or how they do it. The chief executive officer has decided to establish a separate unit of high potential managers with authority to conduct analyses of key operations. To avoid adding to the Chief Accountant's power base, the new unit is to report directly to him.
The Chief Accountant has just given notice of his intent to retire.
The Audit Committee and Internal Auditing
Effective with the Chief Accountant's retirement, his committee chairmanships were assigned to different officers. The internal audit function was established as a separate department, and its head was assigned responsibility for reporting functionally to the audit committee. An internal audit executive with extensive EDP audit experience and an understanding of modern internal auditing concepts was engaged to head the department as chief auditor. The new chief auditor, with the assistance of a company officer and selected personnel from the data processing department, began upgrading the EDP audit capabilities of the internal audit staff.
Responding to the needs and desires of the audit committee, the chief auditor started defining and responding to their concerns. Meetings were reduced to quarterly and detailed reports and reconciliations were replaced by a statement of assurance from the chief auditor. New reports summarizing audit results and impact were also instituted. The entire audit approach was examined; and additions, deletions, and revisions were made.
To improve communications with management, a matrix organization was put in place. Specific departmental officers were identified as contacts for reporting and responding to corporate executive officers, and a new methodology for control analysis based on management identification of missions and concerns was introduced.
In the interest of cost reduction and improving competitive position, the chief auditor contended that operational analysis was properly a function of internal auditing. Accordingly, the separate unit established by the CEO was transferred to the internal audit department. Steps were taken through formal training and job rotation to broaden the viewpoint of the internal auditors and integrate operational techniques into the auditors' portfolios.
Plans for the internal audit department include a reorganization of audit assignments on a regional basis. It is expected that the regional organization will put internal auditing in a better position to respond to middle management in the current decentralized environment and to adjust for other changes as they occur.
Required
1. How do the actions of the audit committee, impact the scope of the internal audit function?
2. Do you agree with the Chief Accountant's directions on the review of computer operations and applications? Explain why.
3. Briefly discuss the audit committee's involvement in operational analysis, business ethics, financial integrity, non-financial data integrity, and administration of the internal audit function.
4. How does the geographic and organizational dispersion of corporate activities change the role of the audit committee?
5. Do special analyses performed for management compromise internal audit's ability to independently appraise management performance for the audit committee?
6. How can the internal and external auditors conflict and cooperate in their interrelationships with the audit committee?