Special Investigating Units and Special Tribunals Act, 1996
R 385
Long Term Insurance Act, 1998 (Act No. 52 of 1998)Board NoticesNotice on Governance and Risk Management Framework for Insurers, 2014Part 5 : Internal Control System22. Internal control system |
(1) | An insurer must establish, maintain and operate within an adequate and effective internal control system, comprising the totality of strategies, policies, procedures and controls to provide the board of directors and managing executives with reasonable assurance from a control perspective that the insurance business is operated consistently with— |
(a) | the strategy determined by the board of directors; |
(b) | the business objectives of the insurer; |
(c) | the key business, information technology and financial policies and processes, and related risk management policies and procedures, determined by the board of directors; and |
(d) | the legislation that applies to the insurer. |
(2) | The internal control system must be appropriate to the nature, scale and complexity of the insurer's business and risks and must, at least, provide for— |
(a) | appropriate controls to provide reasonable assurance over the fairness, accuracy, and completeness of the insurer's financial and non-financial information; |
(b) | appropriate segregation of duties, and controls to ensure that such segregation is observed; |
(c) | appropriate controls for other key business procedures and policies; |
(d) | a delegation of authority, approved by the Board of Directors, regularly reviewed by the Board of Directors; |
(e) | controls at the appropriate levels so as to be effective, including at the procedure or transactional level, and at the legal entity or business area level; |
(f) | regular monitoring of all controls to ensure that— |
(i) | the totality of controls forms an integrated system; and |
(ii) | the internal control system— |
(aa) | functions as intended; |
(bb) | fits within the overall governance framework; and |
(cc) | complements the risk identification, risk assessment, and risk management activities of the insurer; |
(g) | regular independent testing and assessments (carried out by objective parties such as an internal or external auditor) to determine the adequacy, completeness and effectiveness of the internal control system; |
(h) | a written inventory of key procedures and policies insurer-wide, and of the controls in place in respect of such procedures and policies; and |
(i) | training in respect of relevant components of the internal control system, particularly for employees in positions of trust or responsibility, or carrying out activities that have significant risk. |