This is the first in a series of posts focusing on themes and hot topics relevant to Internal Audit functions in organisations in the process of adopting IFRS 17 Insurance Contracts.
IFRS 17 is the most significant change in insurance accounting for a generation. For many insurers, particularly in the Life Insurance industry, understanding and delivering the necessary changes is complex and permeates the entire organisation. With this in mind, it is clear that an effective implementation plan that is well understood by its users is critical to an organisation’s IFRS 17 project running successfully.
Although there will have been iterations, most organisations’ implementation plans will now be close to their final form. A simple first step for Internal Audit is to understand management’s implementation plan in detail from methodology, Proof of Concept, build, dry runs right up to go-live including any regional rollouts and dependencies. Internal Audit should benchmark the status and costing of management’s IFRS 17 programme to similar organisations in the industry, and challenge the reasons for both positive and negative variances to peers.
Internal Audit can consider the above and management’s own risk assessment around project delivery when evaluating the implementation plan. Common areas of focus for auditors reviewing an IFRS 17 implementation plan include:
- Governance – because technical accounting decisions made early in the project will define many subsequent actions in the programme, there should be appropriate governance to challenge and anticipate downstream dependencies stemming from accounting and architecture decisions.
- Phasing – because IFRS 17 impacts so many parts of an organisation, IFRS 17 implementation will involve a number of workstreams that depend on each other. Strong implementation plans will identify interdependencies and the associated risks and seek to manage the sequencing of activities, mitigating the risk of delays to delivery.
- Testing and Dry Runs – the scale of validation of data, technology, financial close processes and other aspects of IFRS 17 implementation will vary by organisation based on the nature of its insurance business and certain accounting policy and methodology decisions made. Internal Audit should understand whether the implementation plan accommodates sufficient testing time.
- Suppliers – IFRS 17 will typically require the involvement of a number of external suppliers. Auditors should check that implementation plans are designed to manage execution risk as it relates to suppliers, including availability, oversight, cost monitoring and more.
- Resourcing – IFRS 17 will demand significant internal resource to ensure a successful implementation, however BAU reporting will continue until 2022. Resourcing plans can make or break a project, so Internal Audit should seek to understand how the business has set itself up for success and performed contingency planning around resourcing.
For individual organisations, there are likely to be a number of other risk factors that might impact delivery of IFRS 17, both internal (such as turnover of key project staff) and external (such as late clarification of requirements by the IASB) that can be layered into audit scopes.
An audit that considers an organisation’s implementation roadmap – whether on its own or as part of a broader scope – is a way to provide timely feedback and insight to the business on potential areas of delivery risk that management may not have identified. As insurers’ implementation plans crystallise, auditors should grasp the opportunity to provide confidence to management that plans are sufficiently accurate and granular to lay the foundations for successful project delivery.