Review of Controls Framework around 3rd party outsource arrangements
The head of audit of leading insurance broker wanted to carry out a full review of the controls framework surrounding the firms 3rdparty outsource arrangements in preparation for SMCR. As the review required highly specialised knowledge, the firm felt that this was an area that required specialist support. We were engaged to undertake the work on behalf of the audit team due to our extensive experience in carrying out these reviews and our robust tool kit.
A sample of three types of outsource were identified, being a ‘Material’ outsource, a large but not material outsource and an intergroup arrangement. Interviews were conducted across risk, compliance and the c-suite and a review of all relevant documents was conducted.
There were significant findings which required remediation and these included lack of clarity around roles and responsibilities, SLAs were inadequate and no formal monitoring was taking place and the onboarding documentation could not be located for several outsource arrangements. In addition to the final report, Rory created a prioritisation list of remediation items and developed a plan that set realistic timescales for them to be closed out.