It is IFRS 17 transition audit season. Our clients with December year-ends are by now knee deep, if not up to their noses, in calculations and auditor discussions. Through being involved with our various clients’ transition audits (through both audit and advisory work), we have valuable insights on what auditors are expecting from clients, what is good practice, and what are some of the key areas for insurers to watch out for up front. For insurers making ready to jump into the IFRS 17 transition audit, or just dipping their toes, we share what we wished we knew a year ago. For insurers currently undergoing IFRS 17 transition audits, this article provides useful context.
Given the heavy actuarial component of transition exercises we’ve seen, internal controls and their evidencing seems to be one of a key challenge in actuarial IFRS 17 transition audits. Control evidence is essential in complex audits such as these, where there is heavy reliance on data and the volume of transaction flow is high. In such cases, substantive procedures alone do not provide sufficient and appropriate audit evidence. We have seen examples where controls are seen as either not appropriately designed, not implemented as designed, or not properly evidenced. A spreadsheet with checks by itself is not seen as a control – a control is broader concept speaking to the whole governance around the transition process. Controls are specifically designed to prevent, detect or correct potential misstatements.
Another challenge being experienced is in the area of all fully retrospective cohorts – demonstrating to external audit that the correct historic data, assumption sets and, where relevant, models have been used in the calculations, avoiding the re-audit of these historic components as far as possible. Management sign-off or review of these items is unlikely to meet this requirement. Solid evidence needs to be provided that the IFRS 17 transition data, assumptions and, where relevant, models, are materially in line with what was used and audited in the past.
If it is still feasible, a conversation with your client, whether in an audit or advisory capacity, on these topics well before the transition process is started is really crucial – it provides a much better opportunity for you and the client to get on the same page in terms of what control evidence you would need to see and what checks and reconciliations you would expect them to produce as part of the transition exercise. It is much easier to have this conversation in advance as opposed to asking or advising your client to build all of this in mid-flight.
What we have seen so far across the industry is that the IFRS17 transition exercise is driven heavily or predominantly by insurers’ actuarial teams, with the finance teams largely assisting. One of the consequences of such an actuarially-driven process relates to controls built around the transition calculations. The average actuary, particularly one within a traditional insurer space, is generally not well educated on the accounting and audit understanding/definition of what a control is and what a control is not (which is not unexpected). As a result, we are seeing examples of insurer transition teams running into problems demonstrating a robust control environment to their external auditors around their transition calculations.
As an example, consider the following scenario we frequently come across: After being asked for internal control evidence, the insurer provides the auditor with documentation on the transition process and some spreadsheet checks. The auditor comes back being happy with these but asks for evidence of controls, leaving the insurer somewhat perplexed – “what do you mean? I just showed you my spreadsheets?”
Applying the fully retrospective approach for any line of business, particularly the further back one looks, is not a trivial exercise. An insurer would need to go back and collect historic policyholder data, assumption sets and potential valuation models, some of which have not been used for a number of years. One of the crucial bodies of evidence that an insurer would need to present to its auditors for the fully retrospective calculation is sufficient proof that such historic models, assumptions and results are the ones that are meant to be used, are reflective of the business at that point in time, and have not been damaged or tampered with since their last use. If this cannot be sufficiently proven, in theory, the auditor would need to go and re-audit all such historic artefacts – which is a monumental task…
An ideal solution would be to give the auditors comfort that the items referred to above tie in to some non-IFSR17 metrics that have already been audited. They cannot take the prior year numbers for granted, and evidence such as “product/segment management confirmed these are the right assumption sets to use” is in most cases not accepted as valid audit evidence. Insurers should do what they can to avoid having the auditor re-audit prior years.
The key to having good internal controls is specific and clear documentation. The stronger the controls, the less likely it is that the auditor will need to re-audit all of the numbers. If controls are weak, then auditors will not be able to place reliance on controls and will have to do more substantive work. Discuss with your clients, both in advisory and audit capacities, what is possible in terms of proving that pre-transition numbers used in the transition calculations are in fact, audited numbers. Having proactive discussions and agreeing the approach up front is by far the best strategy.
For assistance, advice, or discussion of the contents in this article, please get in touch with us.