Underwriters are the "rockstars" of the property and casualty insurance business.
Just as Brokers are in an investment house, Pilots are for an airline, and, to some extent, Buyers in a retail business. They are the folks in the organization with the most in-demand or high-value skill.
"What!" you say, "It isn't the Internal Auditors?"
I'm afraid not. As much as I wish it were otherwise.
Yet, the point is that really top-hat audit functions need the company's rockstars to come work with them. Unfortunately, you need them but, frequently, they can imagine nothing more unpleasant than spending time auditing.
Why do we need them?
1) Where they are is where the risk is. In my time in insurance, I found plenty of claims-related frauds and missteps. But that side of the business has an awfully hard time doing serious damage to the company. On the other hand, the $250 million quasi-scam we uncovered resulting from underwriters (and underwriting leadership) run amok did definitely leave a mark.
2) Credibility with the Audit Client. When you walk into an underwriting office...
By the way, since I'm talking about these guys alot in this post, let me share what an underwriter does. In a property and casualty (P&C) business, these are the dealmakers. They quote the price to insure the building, the business, the fleet of cars, whatever. Then they negotiate and "bind" the insurance company to the risk. The more big-time the risk, the greater the rockstar atmosphere. For example, we insured a portion of the World Trade Center and I was at the responsible underwriting office when the attacks came. Within minutes that team knew that we'd only be on the hook for our $300 million portion *if*, "they had to tear the buildings down to repair them." Uh oh. Big rockstars.
But I digress.
So, when you walk into an underwriting office ready to do the audit and you have an actual certified underwriter on your team, not only are you likely to do a better job auditing, the manager of that unit is likely to give you a slightly better reception. That respect leads to a better business-audit partnership and ultimately to a more effective audit.
3) Credibility with the Audit Committee. At the end of the day, all the audit function has to sell is its opinion, and the reputation that it's built on. When your team tells the Audit Committee about something scary, and you can demonstrate that you have had *your* rockstar(s) look at it fully, then in my experience the impact is greater.
4) Efficient Time and Resource Usage. There are alot of audit teams who feel they must visit an audit client's site at least twice. Sometimes more. The first is usually a familiarization tour and the second is focused on testing. While that might work if you have only a few locations or a campus-style facility, it gets very expensive and time consuming if you have to fly there commercial each time. It is also fairly disruptive to the business.
And, just as importantly, you burn your team out while shrinking the number of audits you can get done in a year.
In my experience, when you have a trained and experienced rockstar on your team, you can diminish significantly the need for the first trip. After all, they should know what to look for.
5) Business-Focus. One of the really big traps in the auditing and consulting environment is having your team fall in love with the fictional world of controls. This is the world of audit recommendations that bear no resemblance to the on-the-ground reality of the business. We begin to make recommendations because they seem to fit beautifully with ISO, CobiT, ITILS, the IIA, ISACA, and/or COSO. Yet, they have no cost-risk-benefit connection.
I have found that rockstars on your team help prevent this. First, they understand the business better than you do. Second, they expect one day to return to it, so they have a stake in keeping things honest.
Of course, the opposite trap exists too. Your auditors could listen too much to the rockstars and forget good control protocols. From my perspective, this is much less likely. The gravitational field of the Treadway Commission (to name one) is usually too strong.
Taken together, these five points present a pretty compelling case for recruiting rockstars to your audit team. The big remaining question is, "how do you attract them?" Hint - it has nothing to do with music videos, recording contracts, or illegal substances.
Next time, what it takes to lure rockstars to audit.
-- Prescott Coleman, CIA, CISA
[Image from
Beagle Productions - Gone by Ten]