Texas Mutual White Paper
Texas Mutual Insurance Company
Founded in 1991, Texas Mutual Insurance Company is the state’s leading provider of workers’ compensation insurance. The company’s mission is to provide a stable, competitive source of workers’ compensation insurance for Texas employers, act as insurer of last resort, and help prevent on-the-job injuries and illnesses and minimize their consequences.
Recognizing a Need for Change
Like other internal audit departments, Texas Mutual’s Internal Audit (IA) used a traditional auditing process: IA would set objectives with each business unit; independently create and rank controls, and then secure buy-in from the business unit managers; and discuss and address issues as they arose, often focusing on irrelevant processes and sending information out to uninvolved parties.
In early 2010, Elise Teeter, then lead internal auditor, wanted to learn more about risk based auditing. She registered for the Risk Based Integrated AuditingTM (RBIA) seminar led by Liz Meyers.
The Solution: Risk Based Integrated AuditingTM (RBIA)
Teeter shared what she learned from RBIA with Bill Huckaby, then manager of IA and urged him to go attend the next seminar. Huckaby did attend later that same year. Recognizing the value of a more strategic, risk-focused approach, Huckaby asked Teeter to contact Meyers, CEO of Focus on Risk Enterprises.
Meyers met with Huckaby, Teeter, and other key players to discuss their concerns. She then developed a plan based on the company’s needs and objectives, and delivered a series of training sessions in January of 2011. Shortly thereafter, Texas Mutual Insurance Company began implementing its new RBIA processes.
Areas of Improvement
Stronger Relationships with Business Units: While IA team members have always attended business unit staff meetings, they are now included in special project meetings, as well. As a result, IA members are better informed about the company and the industry, and they use that knowledge to provide valued direction and insight. Additionally, the general auditor meets with each business unit executive quarterly to discuss progress, risks, and concerns. Thanks to RBIA, IA has evolved into a trusted advisor, as the department is able to deliver output valued by process owners.
Evolved Audit Planning Process: IA continues to use an annual audit plan, but now evaluates it quarterly to ensure projects meet the company’s needs. According to Teeter, “An audit or (consulting) project must be relevant, timely, and add value; otherwise, it may be stopped, and IA moves on to the next one.”
In addition to saving time and money, this approach also strengthens interdepartmental relationships, noted Huckaby. “IA’s willingness to step up and state that there is limited value in continuing an audit or project builds rapport and trust with business owners.”
Simplified Auditing Processes: IA learned how to streamline their processes by identifying risks and linking those risks to business objectives. This makes audit concerns relevant when discussing findings and exceptions. The department also uses the RBIA hypotheses approach for assessing results. The hypotheses adds value by keeping the testing focused. Teeter said, “Based on the information gathered, we state what we think will happen, which makes it much easier to conduct tests, capture data, evaluate results, and move forward.”
Management’s Control Structure and Risk Tolerance: Before moving to RBIA, said Huckaby, IA would independently identify, document, and evaluate the entire internal control structures (ICS). With RBIA, managers and process owners determine the adequacy of their own ICSs and own the risk evaluation of their respective structures.
“Because IA has developed trust and rapport with the business owners,” he said, “we can challenge their rating. If we conclude that management is accepting too much risk, we can follow the organizational structure and take the issues to the next level, including all the way to the board, if necessary. However, in each step of the way, IA requests that business owners be present, so it is a transparent process. This, once again, enhances trust, even in areas where professional differences exist.”
IA also changed the way it determines risk tolerance. Before, IA would identify and rank audit controls, thereby setting each business unit leaders’ risk tolerance. Huckaby shared that he was forced to acknowledge that for more than 25 years he had been setting the company’s risk appetite.
Audit Reports that the Customers Value: RBIA’s focus on providing value to the audit customer also impacted our audit reports. Huckaby shared “We learned how to stop trying to substantiate IA’s value with reports that documented all that we had done in the audit. Instead our reports now focus on what the customer sees as valuable.”
The IA now assesses it reports to provide only what is necessary to be reported, how it should be reported and at what depth which leads to a more concise product. Additionally, Huckaby meets with the Audit Committee to verify the IA reports are meeting their needs. The changes to the reports have had a very positive impact for the department.
RBIA Delivers a Win-Win Solution
According to Huckaby and Teeter, RBIA radically improves the way Texas Mutual Insurance Company conducts internal audits.
“The business unit managers love RBIA,” said Teeter, “because it allows IA and the business units to focus on high risk areas, to collaborate to achieve objectives, and to conduct audits more efficiently and effectively. It’s a win-win for everyone.”
As general auditor, Huckaby is delighted that RBIA delivers on the risk-based theories that IA has been promoting for years. “It’s allowed us to align IA resources to management concerns, so it makes IA relevant and valued.”
In 2013, Bill Huckaby was promoted to vice president and general auditor. Elise Teeter was promoted to senior manager of IA.
RBIA Makes IA Relevant
As evidenced by Texas Mutual’s experience, RBIA delivers on the risk-based theories that the company’s IA promoted for years. If you, too, are passionate about following the risk of your organization, you should consider RBIA. It will enable you to align your IA resources with management concerns by focusing your efforts on what is presently happening within your company. As a result, IA is relevant and valued, proactively involved in what is happening now as opposed to looking at processes that have not changes in recent years.
About Focus on Risk Enterprises, LLC
Liz Meyers, CEO of Focus on Risk Enterprises, continues to work with Texas Mutual Insurance Company on its RBIA processes.
In the summer of 2012, Texas Mutual’s IA team asked Meyers to help audit a critical IT project. “I assisted the IA team, working with company executives to identify and manage five major risk areas that would keep the project from being successful,” she said. With Meyers’ guidance, IA provided value to the high-profile project by assuring all major risk areas were addressed. Texas Mutual successfully implemented the new technology in January 2014. Bill McLellan, CIO, stated “we have seen such a difference in internal audit’s approach to activities under Bill Huckaby’s leadership. Bill (Huckaby) has provided valued independent counsel that has been insightful and actionable.” Bill Huckaby commented, “RBIA has helped me to me make the difference in how my internal audit team is perceived by the business. We are truly seen as a valued business partner.”
Find out how Focus on Risk can help you better understand and manage risk as it relates to your business objectives. Visit focusonrisknow.com or contact Liz at liz@focusonrisknow for more information.
Host a Public Seminar & Receive Discounts for your Entire Team!
Contact Liz at firstname.lastname@example.org for more information.