IFRS 17 for Internal Audit – IFRS 17 Assurance Timeline

Internal Audit functions in the UK are at different stages with regard to IFRS 17 assurance planning. Many have completed audits of programme readiness during 2019, with some also auditing implementation milestones achieved by the business. However, a minority of organisations have stood back and built an end-to-end IFRS 17 Assurance Timeline that tracks the business journey from development to implementation and into business as usual.

Assurance Timelines are a powerful way for IA to clearly set out its view of the topics within IFRS 17 where assurance is most needed, define the critical path to delivering an effective assurance, and demonstrate appropriate coverage of the programme as a whole.

The Audit Universe

Developing an organisation-specific audit universe for IFRS 17 is the first step towards building an effective IFRS 17 Assurance Timeline. Some of the areas impacted by IFRS 17 implementation may not be obvious, such as remuneration, binding authorities (and other contracts which may refer to IFRS 4 insurance accounting definitions), management information, Key Performance Indicators, SoX documentation, GDPR and more. Internal Audit teams should engage with internal IFRS 17 specialists, the project implementation team, Finance, Operations, actuarial staff and senior management to obtain in-depth insight into the organisation’s IFRS 17 objectives and the expected impacts on business processes, and to identify new risks that may arise as a result.

Obtaining additional information from external sources such as IASB interpretations, IFRS 17 publications, external technical accounting forums and working groups would greatly help Internal Audit teams to develop a comprehensive audit universe for its IFRS 17 Assurance Timeline.

The following  set outs the areas and processes that would typically be expected to be impacted by IFRS 17.

Policies and Methodology - Accounting Policies (transitional and ongoing, including IFRS 9 for deferring organisations), actuarial methodology, financial reporting (statutory and Group), management of accounting mismatches, financial controls and related documentation. 

People - Training, project resources, budgets, conflict management, cross functional knowledge, technical knowledge and availability of actuarial resources.

Operating Model - Reserving Committees, Assumption Change and reserving processes, operational readiness, models and model governance, the collaboration of Finance and Actuarial teams, internal and external reporting, and external stakeholder management.

Data - New data requirements, data quality, data transformation, transition plans and data protection. 

System Technology - Data availability, new systems and significant change to existing ones, and the structure of the general ledger and chart of accounts.

Performance Management - Key Performance Indicators, management information, business planning and forecasting, and profit/premium income-based remuneration. 

Assurance Timeline

Our one-page guide to the IFRS 17 Assurance Timeline provides over 20 questions that Internal Auditors can ask themselves to develop an effective Internal Audit Assurance Timeline, satisfying the assurance needs of the business associated with IFRS 17 implementation. The questions cover the areas set out below.

Significant assurance areas

Within the IFRS 17 audit universe there will be certain elements that Internal Audit and stakeholders feel are critical to the success of the programme, and therefore are areas where assurance is most needed. These should form the spine of the Assurance Timeline and be protected from scope creep or slippages. Avoid the pitfall of failing to engage with stakeholders when doing this, as this can result in conflicting opinions on the objectives of Internal Audit’s work on IFRS 17.

Alignment to implementation programme

One of the major benefits of creating an Assurance Timeline is that it can serve as a straw man to challenge and refine planned audit timings with the business, and the overall schedule of planned audit activities. This will also enable Internal Audit to confirm lead times to bring in or develop the right skills within the function to effectively challenge the business in significant assurance areas, and to discuss and agree with the business where auditors can and cannot flex timings to match changes in the IFRS 17 programme.

Key stakeholder buy-in

While having an IFRS 17 Assurance Timeline is valuable to Internal Audit in its own right, the real value comes from having agreement with key stakeholders on the end-to-end assurance areas and identifying where stakeholder objectives are at cross purposes at the beginning, rather than the end, of the project. Internal Audit may also build in IFRS 17 continuous monitoring inputs and define ‘audit triggers’ that can be agreed with the business in advance.

Holistic assurance

As well as ensuring significant assurance areas are covered, Internal Audit can use its IFRS 17 Assurance Timeline to illustrate to stakeholders which aspects of the programme will and won’t be covered. This can help to re-define audit scopes to better meet the needs of the business. It also presents an opportunity to explore where Internal Audit can seek to rely on second line assurance, if applicable, and to pinpoint where ongoing initiatives such as the use of data analytics or data science can be embedded into the plan.

Critical path for assurance

One of the threats to both IFRS 17 core implementation plans and the corresponding IFRS 17 Assurance Timeline is from unidentified interdependencies between stages of the programme that lead to re-work or hinder future progress. When finalising the Assurance Timeline, Internal Audit should confirm that the phasing of audit activities is appropriate both to the business and the function itself, including allowing time to remediate audit findings. Internal Audit should remain alert to emerging changes to the programme, whether driven by internal or external factors.

Developing an IFRS 17 Assurance Timeline is paramount to spark discussion with stakeholders, confirm the rules of engagement and record agreement of the input and insight expected from Internal Audit at the outset. In some cases it can also bring into sharper focus the organisation-wide impacts IFRS 17 has on an insurer, leading to increased demands on Internal Audit and its people. Being proactive and tackling the matter early is therefore critical to ensure effective and insightful assurance is delivered, both during IFRS 17 implementation and beyond.

Download the summary here

Link to our previous publication.

Check out our webpage to know more and to get updates on IFRS 17, subscribe to our newsletter.