طراحی الگوی سنجش بلوغ مدیریت ریسک در صنعت بیمه ایران با تأکید بر نقش حسابرسی داخلی

نوع مقاله : مقاله علمی پژوهشی

نویسندگان

1 استادیار، گروه حسابداری و مالی، دانشکده مدیریت و حسابداری، دانشکدگان فارابی دانشگاه تهران، قم، ایران.

2 استادیار، گروه حسابداری، دانشکده مدیریت و مالی، دانشگاه خاتم، تهران، ایران.

3 دانشجوی دکتری تخصصی، گروه حسابداری، دانشکده مدیریت و حسابداری، دانشکدگان فارابی دانشگاه تهران، قم، ایران.

چکیده

هدف: هدف اصلی این پژوهش طراحی الگویی برای سنجش بلوغ مدیریت ریسک در صنعت بیمه ایران با تأکید بر نقش حسابرسی داخلی است.
روش: ابتدا با تحلیل محتوای کیفیِ مبانی نظری و تجربی موجود، شاخص‌های بلوغ مدیریت ریسک شناسایی، استخراج و در قالب ابعاد و مؤلفه‌های اصلی بلوغ مدیریت ریسک طبقه‌بندی شد. سپس به‌منظور اطمینان از روایی الگوی به‌دست آمده، از روش دلفی برای بررسی نظرهای خبرگان مدیریت ریسک و حسابرسی داخلی استفاده شد.
یافته‌ها: پس از شناسایی و طبقه‌بندی گزاره‌های کلیدی و پرتکرار، ۶۵ شاخص بلوغ مدیریت ریسک در قالب نه مؤلفه و سه بعد اصلی شناسایی شد تا برای تأیید روایی محتوا، در قالب پرسش‌نامه در اختیار صاحب‌نظران قرار گیرد. در این مرحله۵۰ شاخص مورد توافق و اجماع نظر خبرگان قرار گرفت و مابقی از الگوی نهایی حذف شدند. این الگو سه بُعد اصلی راهبری شرکتی، سیاست و استراتژی؛ فرایند مدیریت ریسک و نقش و وظایف حسابرسی داخلی را شامل می‌شود و با الگوی «سه خط دفاعی در برابر ریسک» مطرح‌شده در انجمن بین‌المللی حسابرسان داخلی هم‌سو است.
نتیجه‌گیری: الگوی طراحی شده در این پژوهش شامل ۵۰ شاخص برگرفته از استانداردها، پژوهش‌های پیشین و نظرهای خبرگان صنعت بیمه است که حالت بهینه مدیریت ریسک در صنعت بیمه را تشریح می‌کند. شرکت‌های بیمه ایرانی می‌توانند وضعیت بلوغ مدیریت ریسک خود را با شناسایی میزان انطباق با شاخص‌های این الگو بسنجند.

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

Designing a Risk Management Maturity Assessment Model in Iran's Insurance Industry with an Emphasis on the Role of Internal Audit

نویسندگان [English]

  • Mohammadreza Mehrabanpour 1
  • Nezamoddin Rahimian 2
  • Ali Souri 3
1 Assistant Prof., Department of Accounting and Finance, Faculty of Financial Management and Accounting, College of Farabi, Tehran University, Qom, Iran.
2 Assistant Prof., Department of Accounting, Faculty of Management and Finance, Khatam University, Tehran, Iran.
3 PhD. Candidate, Department of Accounting, Faculty of Financial Management and Accounting, College of Farabi, Tehran University, Qom, Iran.
چکیده [English]

Objective: The main purpose of this research is to design a model to measure the maturity of risk management in Iran's insurance industry, emphasizing the role of internal audit.
Methods: To achieve the objective of the research, first, the existing theoretical and empirical literature was studied by using the qualitative content analysis method. The key propositions indicating the maturity of risk management and the role of internal audit in risk management were also identified. Next, the propositions were classified based on similarity, semantic connection, and also by referring to risk management frameworks and standards in the form of dimensions, components, and main indicators of risk management maturity. Then, to ensure the validity of the obtained model, the Delphi method was used to examine and apply the opinions of risk management and internal audit experts in the insurance industry. At this stage, a questionnaire was used to collect data. The reliability of the questionnaire was confirmed with the help of Cronbach's alpha statistic.
Results: By employing qualitative content analysis, the process of identifying and categorizing significant and recurring propositions led to the identification of 68 indicators of risk management maturity. These indicators were organized into nine components, forming three primary dimensions of risk management maturity within Iran's insurance sector, with a specific emphasis on the role of internal audit. Subsequently, the developed model was presented to professionals and academics with substantial experience in the realm of risk management and internal audit. This was carried out through a questionnaire that was distributed to experts in these domains. They announced their agreement, disagreement, or their proposed amendments regarding each of the dimensions, components, and indicators. After gathering their feedback, 50 indicators were agreed upon by experts, and the rest were removed from the final model. The model put forth encompasses three primary dimensions: corporate governance, policy and strategy, and the risk management process, along with the roles and responsibilities of internal audit. The result is in line with the "three lines of defense against risk" model proposed by the International Association of Internal Auditors. Therefore, all operational units of the organization under good corporate governance and strategy form the first layer of defense against risk. Risk management is the second layer of defense by implementing the processes of identification, evaluation, response to risk and reporting. The internal audit, by monitoring and evaluating the risk management process, forms the third layer of defense against risk.
Conclusion: The model developed within this study comprises 50 indicators sourced from risk management standards, existing research, and insights from experts in the Iranian insurance industry. These indicators delineate the ideal condition of risk management, organized into three primary dimensions and nine crucial components. Iranian insurance firms have the capability to assess the maturity level of their risk management practices by gauging their alignment with the indicators outlined in this model. This assessment aids in recognizing both their strengths and areas that require improvement. Also, unlike previous risk management maturity models, this model could successfully address the roles and duties of internal audit. Therefore, The internal auditors within the insurance industry can incorporate the indicators outlined in this model while devising and executing assurance and consulting services related to the organization's risk management procedures.

کلیدواژه‌ها [English]

  • Risk management maturity
  • Internal audit
  • Insurance industry
  • Qualitative content analysis method
آیین‌نامه شماره 88 بیمه مرکزی (1393). گزارشگری و افشای اطلاعات شرکت‌های بیمه. مصوب شورای‌عالی بیمه به استناد ماده ۱۷ و در اجرای مواد ۵، ۴۳، ۵۵ ، ۵۹ و ۶۳ قانون تأسیس بیمه مرکزی ایران و بیمه‌گری.
آیین‌نامه شماره 90 بیمه مرکزی (1394). احراز صلاحیت مدیران و معاونان کلیدی شرکت‌های بیمه. مصوب شورای عالی بیمه در جلسه مورخ 26/۰3/۱۳۹4 به استناد ماده ۱۷ و در اجرای مواد ۳۸ و ۶۴ قانون تأسیس بیمه مرکزی ایران و بیمه‌گری.
آیین‌نامه شماره 93 بیمه مرکزی (1396). اصول حاکمیت شرکتی شرکت های بیمه و راهنمای تشکیل کمیته‌های موضوع این آیین‌نامه. مصوب شورای عالی بیمه در جلسه مورخ ۱۰/۰۲/۱۳۹۶ به استناد بند ۵ ماده ۱۷ قانون تأسیس بیمه مرکزی ایران و بیمه‌گری.
باباجانی، جعفر و خدارحمی، بهروز (١393). مدلی برای استقرار نظام بودجه‌‌بندی عملیاتی در دولت جمهوری اسلامی ایران .مطالعات تجربی حسابداری مالی، 11(41)، 1-36.
بیگ پناه، بهزاد؛ اثنی عشری؛ حمیده، هشی، عباس، و اسدی، غلامحسین. (1401). پاسخ‌گویی مؤسسه‌های حسابرسی: رویکرد تحلیل محتوا. بررسی‏‌های حسابداری و حسابرسی، 29(2)، 213-241.
دستورالعمل حاکمیت شرکتی ناشران پذیرفته شده در بورس اوراق بهادار تهران و فرابورس ایران (1397). مصوب هیئت‌مدیره سازمان بورس و اوراق بهادار.
رحمانی، علی؛ ملانظری، مهناز؛ فعال قیومی، علی؛ محمودخانی، مهناز؛ بهبهانی نیا، پریسا سادات؛ پارسایی، منا؛ قدیریان‌آرانی، محمدحسین و خدیور، آمنه (1401). طراحی مدل بلوغ مدیریت مالی و حسابداری واحدهای گزارشگر بخش عمومی. بررسی‏‌های حسابداری و حسابرسی، 29(2)، 287-310.
طرح پژوهشی شماره 63 پژوهشکده بیمه به سفارش بیمه مرکزی (1395). اصول حاکمیت شرکتی در شرکت‌های بیمه. https://civilica.comdoc/1047677/
طرح پژوهشی شماره 80 پژوهشکده بیمه به سفارش بیمه مرکزی (1396).  بررسی ضرورت و الزامات حسابرسی داخلی در شرکت‌های بیمه. https://civilica.com/doc/1047691/
طرح پژوهشی شماره 87 پژوهشکده بیمه به سفارش بیمه مرکزی (1396). الگوی پیشنهادی مدیریت ریسک برای شرکت‌های بیمه. https://civilica.com/doc/836015/
گل محمدی، مریم؛ رحمانی، علی (1397). شناسایی چالش‌های فنی به‌کارگیری ارزش منصفانه در گزارشگری مالی ایران: با تأکید بر الزامات 13IFRS. بررسی‌های حسابداری و حسابرسی، (25)3، 387-414.
مشایخی، بیتا؛ یزدانیان، عالمه (1397). شناسایی عناصر کلیدی حسابرسی داخلی. بررسی‌های حسابداری و حسابرسی، (25)1، 135- 158.  
 
References
Aon (2017). Risk Maturity Index Insight Report. Retrieved from: https://www.aon.com/risk-services/thought-leadership/report-rmi-insight-nov-2017.jsp
Babajani, J. & Khodarahmi, B. (2013). A Performance Budgeting Implementation Model for Islamic Republic of Iran's Government. Financial accounting empirical studies, 11, (41), 1-36. (in Persian)
Beygpanah, B., Asnaashari, H., Hoshi, A. & Assadi, GH. (2022). Accountability of audit firms: Content analysis method. Accounting and Auditing Review, 29(2), 213- 241. (in Persian)
Chapman, R.J. (2006). Simple Tools and Techniques for Enterprise Risk Management. New Jersey, John wiley & son’s ltd.
COSO. (2017). Enterprise Risk Management Integrated Framework Executive Summary. Committee of sponsoring organizations of the treadway commission.
Davari, A. & Rezazadeh, A. (2017). Structural equation modeling with PLS software. Tehran. Academic Jihad Publications. Second edition. (in Persian)
Deloitte. (2018). Internal Audit 3.0 The future of Internal Audit is now. Retrieved from: https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Audit/gx-internal-audit-3.0-the-future-of-internal-audit-is-now.pdf
European Foundation for Quality Management. (2013). An overview of the EFQM excellence model. Retrieved from: http://www.efqm.org/sites/default/files/overview_efqm_2013_ v1.pdf
European Parliament and council (2016). Solvency II. Retrieved from: http://eur- lex.europa.eu/LexUriServ/LexUriServ.do? Uri=COM: 2007:0361: FIN: EN: HTML.
Federation of European Risk Management Associations. (2003). A risk management standard. Retrieved from: http://www.ferma.eu/app/uploads/2011/11/a-risk-management-standard-english-version.pdf
Golmohammadi, M. & Rahmani, A. (2018). Technical Challenges of Implementing Fair Values in Financial Reporting of Iran: Emphasizing on IFRS13 Requirements. Journal of Accounting and Auditing Review, 25(3), 387-414. (in Persian)
Guidelines for corporate governance of publishers accepted in Tehran Stock Exchange and Iran OTC (2017). Approved by the Board of Directors of the Securities and Exchange Organization. Retrieved from: https://www.seo.ir/LoadFile.ashx?Id=faZ4CPkhl_ 6DWbhwQHk7Gw= (in Persian)
Hillson, D. A. (1997). Towards a risk maturity model. International Journal of Project and Business Risk Management, 1(1), 35-45.
Hopkinson, M. M. (2012(. The Project Risk Maturity Model: Measuring and Improving Risk Management Capability. Farnham, UK: Gower Publishing, Ltd. 23-25.
Hoseini, E., Hertogh, M., & Bosch-Rekveldt, M. (2021). Developing a generic risk maturity model (GRMM) for evaluating risk management in construction projects. Journal of Risk Research, 24(7), 889-908.
IIA Position Paper (2009). The Three Lines of Deffence in Effective Risk Managment and Control. Retrieved from: https://theiia.fi/wp-content/uploads/2017/01/pp-the-three-lines-of-defense-in-effective-risk-management-and-control.pdf
Institute of Internal Auditors. (2013). The three lines of defense in effective risk management and control. Retrieved from: https://www.theiia.org/globalassets/site/about-us/advocacy/three-lines-model-updated.pdf
International Association for Contract and Commercial Management. (2003). Organisational maturity in business risk management. Retrieved from: http://theriskdoctor.com.au/wp-content/uploads/../Final-TRD-Disc-Gp-PPs-for-3-7-12.pdf
International Association of Insurance Supervisors. (2022). Insurance core principles. Retrieved from: https://www.iaisweb.org/page/supervisory-material/insurance-core-principles. 35-45.
International Organization for Standardization. (2009). ISO31000 Risk management Principles and guidelines. Retrieved from: https://www.finance.gov.au/sites/default/files/COV 216905 Risk Management Fact Sheet FA3 230820100.pdf
Jia, G. S., Ni, X. C.,  Chen, Z., Hong, B. N., Chen, Y. T., Yang, F. J. & Lin, C. (2013). Measuring the Maturity of Risk Management in Large-Scale Construction Projects. Automation in Construction, (34), 56–66.
KPMG. (2018). Shaping ERM Maturity: Insurance ERM maturity assessment thought leadership report. Retrieved from: https://assets.kpmg/content/dam/kpmg/ke/pdf/rc/frm/Shaping%20ERM %20 Maturity.pdf
Kwak, Y. H., Sadatsafavi, H., Walewski, J. & Williams, N. L. (2015). Evolution of Project Based Organization: A Case Study. International Journal of Project Management, 33(8), 1652–1664.
Lloyd’s (2016). Risk Management Tool Kit. Retrieved from http://ub.com.vn/attachments/ lloydsrmtoolkit - pdf.
Loosemore, M., Raftery, J., Reilly, C., and Higgon, D. (2006). Risk management in projects, (2th ed.), New York. Taylor and Francis.
Mashayekhi, B., & Yazdanian, A. (2018). A Survey on Key Components of Internal Audit. Journal of Accounting and Auditing Review, 25(1), 135-158.
Monda, B. & Giorgino, M. (2013). an ERM Maturity Model. ERM Symposium 2013 Monograph, http://dx.doi.org/10.2139/ssrn.2198944, 35-45.
National Association of Insurance Commissionaires (NAIC). (2012). Risk Management and Own Risk and Solvency Assessment Model Act. Retrieved from: https://content.naic.org/sites/default/files/MO505.pdf.
Ngwenya, M. & Ngwenya, S. (2021). Enterprise Risk Management Maturity Levels of the Insurance Industry in Botswana. East African Journal of Education and Social Sciences EAJESS, 2 (1), 23-32.
OECD. (2021). Enterprise Risk Management Maturity Model Maturity Model. OECD Tax Administration Maturity Model Series, OECD, Paris. Retrieved from: https://www.oecd.org/tax/forum-on-tax-administration/publications-and-products/enterprise-risk-management-maturity-model.htm
Oliva, F. L. (2016). A Maturity Model for Enterprise Risk Management. International Journal of Production Economics, 173(3), 66–79.
Öngel, B. (2009). Assessing risk management maturity: a framework for the construction companies (Master's thesis, Middle East Technical University).
Proenca, D., Estevens, J., Vieira, R. & Borbinha, J. (2017, July). Risk management: a maturity model based on ISO 31000. In 2017 IEEE 19th Conference on Business Informatics (CBI) 25(1), 99-108
Rahmani, A, Molanazari, M, Qayyumi, A, Mahmoudkhani, M, Behbahaninia, P. (1401). Designing the maturity model of financial and accounting management of reporting units of the public sector. Accounting and Auditing Reviews, 29(2), 287-310. (in Persian)
Regulation No. 88 of Central Insurance. (2013). Reporting and information disclosure of insurance companies. Retrieved from: http://sbi.ir/fa/309 (in Persian)
Regulation No. 90 of Central Insurance. (2014). Qualifying managers and key assistants of insurance companies. Retrieved from: http://sbi.ir/fa/311 (in Persian)
Regulation No. 93 of Central Insurance. (2016). Principles of corporate governance of insurance companies and guidelines for the formation of committees’ subject to this regulation. Retrieved from: http://sbi.ir/fa/314. (in Persian)
Ren, Y. T., and Yeo, K. T. (2004). Risk management capability maturity model for complex product system CoPS projects. Proc., Int. Engineering Conf. 2004, 807–811.
Research Project No. 63 of Insurance Research Institute commissioned by Central Insurance of Iran. (2015). Principles of corporate governance in insurance companies. Retrieved from: https://civilica.comdoc/1047677/ (in Persian)
Research Project No. 80 of the Insurance Research Institute commissioned by the Central Insurance of Iran. (2016) Examining the necessity and requirements of internal audit in insurance companies. Retrieved from: https://civilica.com/doc/1047691/ (in Persian)
Research project No. 87 of Insurance Research Institute commissioned by Central Insurance of Iran. (2016) Suggested model of risk management for insurance companies. Retrieved from: https://civilica.com/doc/836015/ (in Persian)
RIMS (Risk and Insurance Management Society). (2011). An overview of widely used risk management standards and guidelines. Retrieved from: http://www.logicmanager.com/pdf/rims_rmm_executive_summary.pdf
Schiller, F., and G. Prpich. (2014). Learning to Organise Risk Management in Organisations: What Future for Enterprise Risk Management? Journal of Risk Research, 17(8), 999–1017.
Schreier, M. (2014). Qualitative content analysis. The SAGE Handbook of Qualitative Data Analysis, 170–183. Thousand Oaks, CA: Sage Publications.
Strutt, J. E., J. V. Sharp, E. Terry, and R. Miles. (2006). Capability Maturity Models for Offshore Organisational Management. Environment International, 32(8),1094–1105.
Tarhan, A., O. Turetken, and H. A. Reijers. (2016). Business Process Maturity Models: A Systematic Literature Review. Information and Software Technology, 75(2), 122–134.
Wendler, R. (2012). The Maturity of Maturity Model Research: A Systematic Mapping Study. Information and Software Technology, 54(12), 1317–1339.
Westerveld, E. (2003). The Project Excellence ModelVR: Linking Success Criteria and Critical Success Factors. International Journal of Project Management, 21(6), 411–418
Wieczorek-Kosmala, M. (2014). Risk management practices from risk maturity models perspective. The Journal of East European Management Studies, 19(2), 133–159.
Yeo, K. T., & Ren, Y. (2009). Risk management capability maturity model for complex product systems (CoPS) projects. Systems Engineering, 12(4), 275-294.
Zou, P. X. W., Y. Chen, and T.-Y. Chan. (2010). Understanding and Improving Your Risk Management Capability: Assessment Model for Construction Organizations. Journal of Construction Engineering and Management 136(8), 854–863.