Internal auditors' role in confronting cyber and fraud risks related to outsourcing insurance : an exploratory study

Abstract EN

This study investigates how the emergence of the coronavirus (COVID-19) pandemic has raised many concerns in insurers internal controls and fraud confrontation.

Covid-19 required massive shift towards digital transformation in recent years, insurers are finding themselves relying on outsourcing as a way to cope with business model changes and requirements.

This change augmented the risk of cyber-attacks and it is ultimately considered a high risk for insurers of any size because not only will it subject insurers to litigation concerning data breaches, but it will also cause massive harm to the insurer's reputation when an attack happens.

Moreover, due to this digitalization fraud risk is harder to manage, as traditional internal controls are inefficient as the time spent in fraud investigation will delay the payment for hospitalised insurance claims, which would raise concerns about the insurer's reputation.

To resolve this conundrum and manage reputational risk, most insurers seek trade-offs and negotiations with the insured.

Data has been collected using archival research and semi-structured interviews with some chief risk officers (CROs), internal auditors and insurance practitioners.

The authors explain how, following the COVID-19 pandemic, insurers are facing cyber and fraud risks that need specific planning and control by internal auditors as current internal controls fall short in front of these new risks.

Therefore, the authors propose some potential policy solutions that would help internal auditors overcome both cyber and fraud risks.

Through explaining the concurrent risks and proposing potential solutions in this emerging market, this paper provides some practical insights for internal auditing researchers, insurers and CROs who are seeking solutions to pandemic-related risks.