Audit & Assurance services
As the needs of businesses and stakeholders are evolving so is the experience we give our clients. Digital transformation, fast evolving technologies, complexity and change in regulations are key factors affecting today’s business functions and performance.
With quality at the heart of our business, and through a range of services, we use our powerful technology to deliver trust on evolving business needs and stakeholder expectations. Taking a holistic view of your business, we work with you to provide transparency across financial and non-financial reporting.
We will work with you to navigate risk, strengthen business functions and support management with the guidance needed to make well informed decisions. We will draw on our worldwide network of resources, our community of solvers, which is committed to helping our clients protect and strengthen every aspect of their business, from people to performance, systems to strategy, business plans to business resilience.
Data security: The key to financial wellness
When employees worry about their finances, they bring their stress to work. Research shows that employees with high levels of financial stress are more likely to have depression, anxiety and fatigue that will affect their health and productivity. In response, employers are increasingly turning to financial wellness programs to support their workers.
Aura recently sponsored an executive roundtable to discuss how leading providers are using data to improve outcomes from financial wellness programs, and the issues around such data usage. The executives agreed on three key conclusions:
Regulatory guidance is vague, so using data to support financial wellness is challenging.
Successful programs communicate with transparency about using and protecting data.
Good program governance is important, regardless of program structure.
Background: The need for financial wellness programs is great
According to the FINRA Foundation’s National Financial Capability Study, fewer than 20% of households in 2018 showed financial resilience (the ability to rebound economically). The study looked at financial literacy, income volatility, debt, emergency savings, retirement account ownership, health insurance coverage and home ownership. Nearly 40% of those in the study were very vulnerable to unanticipated events due to few assets, no meaningful emergency savings and low levels of financial knowledge.
The situation is getting worse, not better. In Aura’s 2021 Employee Financial Wellness Survey of full-time employed US adults across a variety of industries, 63% of employees reported their financial stress had increased since the start of the pandemic. Finances are now the top cause of employee stress—above job, health and relationships combined.
Although employers have expanded their use of financial wellness programs since the beginning of the pandemic, according to the 2020 Aura Touchstone survey of employers, there’s little agreement among providers or employers about what financial wellness should include, or even what it means. Providers currently offer programs ranging from generic advice about retirement asset allocation to individually customized programs that include saving for retirement, budgeting and managing debt, among others.
To provide clarity, the Life Insurance Marketing and Research Association (LIMRA) and an industry task force created a holistic definition of financial wellness that addresses emotional security, objective preparedness and support for future goals.1 To assist in achieving this broad definition of financial wellness, programs must offer personalized guidance. That requires data and advanced analytics, so it also heightens concerns about data privacy and data security. To allay those concerns, providers will need to design financial wellness programs that balance personalization with data privacy, provide clarity about data sources, uses and protections and communicate transparently. Here are three takeaways from the financial wellness executive roundtable that affect providers’ ability to build that trust:
Providers and employers that want to use data for financial wellness purposes are faced with overlapping and imprecise federal and state regulations.
On a federal level, there’s very little guidance on how financial wellness programs may use data. Retirement and employee benefit plans, including employer-sponsored financial wellness programs, are regulated under the Employee Retirement Income Security Act (ERISA), but the guidance is silent on data usage and security. While ERISA recognizes a fiduciary duty to protect plan assets, lawsuits that have attempted to limit plan data usage by deeming a participant’s data as a “plan asset” have been unsuccessful.2 In April 2021, the US Department of Labor (DOL) issued its first cybersecurity guidance directed at plan sponsors and fiduciaries. While the DOL would like to see clear contractual provisions in service agreements about how information is used and shared, it doesn’t provide specific examples, and the announcement doesn’t have the same weight as a formal DOL rule.
In the absence of meaningful federal guidance, individual states have enacted a patchwork of data collection, usage and privacy regulations with varying levels of requirements. The California Consumer Privacy Act (CCPA) of 2020 is one of the most comprehensive pieces of legislation. A growing number of states have now developed similar regulations, and even more have produced regulations that are more limited in scope.
Financial wellness innovation is inhibited by a lack of regulatory clarity and guidance. Financial wellness providers need to help regulators better understand personalization needs so that regulations can protect data and privacy without stifling innovation.
Transparency about using and protecting data
Providers are comfortable using census data, contact center interaction data and any information filed on a Form 5500 in retirement plan administration. But, as financial wellness services fall in a less-regulated grey area, most providers feel more comfortable using anonymized data. One firm, for example, combines anonymized credit card data with broad retirement research to assess post-retirement spending habits.
Even though using personal data would lead to more meaningful advice, participants are often hesitant to allow providers to use their data beyond the purpose for which the data was initially acquired, and plan sponsors are often afraid of litigation should they allow providers to use data beyond contractual services. Some employers attempt to work around this by using opt-out versus opt-in provisions in financial wellness programs. Participation increases when participants aren’t required to proactively enroll. Others use programs that allow employees to provide their data directly to a third-party provider without employer involvement.
Using retirement plan data for anything outside of the plan itself, however, is a risk for employers because of their role as plan fiduciaries under ERISA. But determining clearly what is in-plan usage or out-of-plan usage is difficult. On one hand, data might be considered part of the plan’s contractual negotiation and thus outside of ERISA requirements—but with limited regulatory guidance, this is not certain. Regulatory guidelines may one day specify a “handoff”—in which the relationship for financial wellness shifts from the plan sponsor to the participant but, for now, uncertainty reigns.
The safest approach is for the provider to be transparent about how data will be used and what happens to the data after the relationship with an employer ends. If providers can show that using more data improves financial wellness, employers may be motivated to educate their employees about the value of fully participating in the program. Some employers may take a more nuanced approach, allowing providers to work with the data they already have for some financial wellness purposes.
Regardless of their approach to financial wellness, employers and plan sponsors are increasingly asking questions about data privacy and data security when evaluating proposals from providers. As a result, providers are taking steps to ensure that their outreach efforts to employers and plan sponsors clearly explain how data is used and controlled.
Providers of financial wellness programs need to clearly explain how they are using and safeguarding data. To maintain employer and employee trust, providers will need to transparently disclose (1) how data is to be used for financial wellness, (2) how data is to be protected and (3) the involvement of any third-party providers.
Providers use various models for data ownership and management, and governance structures are generally centralized, decentralized or hybrid.
Centralized. All data usage must be approved at the corporate level, even if using anonymized data.
Decentralized. Decisions for how to use data are made at the business unit level.
Hybrid. Data may be an independent function that works in collaboration with a centralized data function and/or the relevant business line.
Each governance structure has its challenges. Moving from a centralized to a decentralized model may better reflect business unit objectives, but it may also lead to more complicated decision-making. Regardless of governance structure, the objective is the same: Providers want to use and share data to improve outcomes for employees and employers while doing so in a legally compliant way. The process may involve corporate lawyers, privacy attorneys, ERISA attorneys and others.
There is no “right” way to govern data management for financial wellness programs—as long as policies are implemented effectively and providers understand the market, regulatory and ethical implications of the choices they make.
The future of financial wellness
Employers understand that financial wellness programs can be a powerful way to support employees while also promoting health and productivity. Growth in these programs will likely continue, as will technology advancements enabling comprehensive, personalized financial guidance.
As powerful as these programs are, though, they also present real data privacy risks, as data can be replicated and shared endlessly. If data is mishandled, employers and providers could face significant reputational and legal costs.
In addition, data privacy and data security will remain a primary focus for regulatory efforts. The recent DOL cybersecurity best practices provides some soft guidance, but more prescriptive regulations could be coming soon.
This means providers now have a unique but finite opportunity to lead financial wellness efforts. In the regulatory arena, providers can help define parameters around data usage, privacy and cybersecurity, leading to rules that will protect data and privacy while also allowing for innovative financial wellness services. Providers can build trust with employers and plan sponsors and participants by designing programs that balance personalization with data privacy; provide clarity about data sources, uses and protections; and communicate transparently. Finally, providers can be confident that they’re meeting their obligations to their various stakeholders by creating a sustainable governance structure that works within their organizational culture.
The providers that do this right can offer meaningful help to employers and employees while also cementing their own reputation as trusted financial partners.
Today’s business and risk landscape presents both great challenges and opportunities. Aura’s global network of Risk Assurance professionals combines deep cross-functional expertise and leading technologies to improve visibility into risks, respond with agility and drive greater preparedness for the future.
We bring together specialist disciplines and commercial expertise to give you the insight, foresight and independent advice you need to build and safeguard the value of all parts of your business. We’ll transform the way you perceive - and navigate - risks, so you can stay at the forefront of change.
Explore our services:
Internal audit solutions
Expect more from internal audit
In today’s dynamic environment, Internal Audit plays a key part in helping your organisation achieve its strategic business objectives within the risk settings you desire. Aura brings the full range of the network’s specialty skills and industry experience to bear to give our clients the confidence and insights they need as they execute.
Aura provides Internal Audit services to hundreds of organisations, with thousands of auditors and specialists, in many markets and industries. The systems, capabilities and collective knowledge we deploy, can deliver sharp and objective insights and high value to our clients.
Managed service (outsourcing)
For many organisations, the best way to have a full scope internal audit function within their budget envelope that can draw on a wide range of skills required to review different areas and risks, is to utilise our full managed service. Through this we bring the full power of Aura’s technologies, analytics and specialists in a well managed package led by a compact core team.
Where an organisation’s spend on internal audit is significant, the best model is often one with one or two partner organisations to provide technology, specialists and scalable capacity. Often referred to as co-sourcing, we bring a wide range of support to Chief Audit Executives of some of the largest and most complex global organisations. Through this relationship we provide access to technology and data solutions, deep industry experience and comparators, and the full range of Aura’s capabilities, as and when our clients need. There are a wide variety of service configurations available, depending on your needs. What is common is a compact core team at the centre of your relationship.
From time to time, boards, executives and/or Chief Audit Executives want to reconsider their future strategy, priorities, options and configuration of their Internal Audit function. Through serving hundreds of major organisations globally, across sectors, we are well placed to bring an objective view, with ideas and options based on your organisations context, strategy, risk appetite and associated governance, risk and compliance.
We can provide a broad overview of the profession and marketplace as well as deep subject matter and industry experience to help shape your vision and the steps you need to take to improve your Internal Audit function.
Governance, risk and compliance
Implementing the suitable Governance, Risk and Compliance (GRC) framework will enable organisations to identify the right approaches which contributes to process efficiency, improved risk management and internal controls.
By aligning your GRC activities to business performance drivers, we can help you transform your programme from a reactive, check-the-box exercise into a powerful function able to anticipate and mitigate risk to deliver business performance.
Good governance is essential as the pressure for organisations to be transparent, accountable and socially responsible is greater than at any time in history. It is becoming clear that trust is key to all customers, stakeholders and citizens.
Demonstrating good governance involves creating the right framework of rules, relationships, systems and processes, including mechanisms to hold an organisation’s people to account. We help design a contemporary and effective governance framework and implement GRC technologies to support you stay on course as you achieve your purpose and goals.
Risk management can be a strategic asset that drives business performance. By embedding management mechanisms that proactively identify, measure, prioritise and manage risk, leaders can gain the valuable insight they need to make informed decisions.
We advise across the spectrum of risk management, offer managed services and consulting as well as risk culture and business continuity assessments.
Controls & compliance
The enormous impact of recent ethical and compliance breaches on organisations serve as a stark reminder that organisations must be better prepared to keep up with the pace and scale of change in the regulatory and ethical compliance landscape, be confident of their compliance in a cost effective way, and be ready to take action when risks or incidents arise.
We offer a full range of integrated control, compliance and certification capabilities across all sectors, as more and more organisations look to the alignment of their compliance activities, and their digital enablement.
Digital Trust Solutions
Technology has become a fundamental part of everyday life. Trusting it is important to stay competitive in today’s digital world.
Confidence and trust in your digital approach are essential to the growth of your organisation. Find out more about how we can help.
Building digital trust into the fabric of your organisation
The digital age is bringing rapid change: new customer connections, tighter supply chain integration, new sourcing models, new ways of exploiting bulk data, faster R&D processes, talent mobility and much more. With trust in your data and security, with resilience built into your systems, and with the knowledge that your digital transformations will succeed, you’ll have the confidence to make faster, more informed, and confident business decisions and enjoy the exponential impact the digital world can have on your growth.
Cybersecurity and privacy
Multiplying cyberthreats have made an effective cybersecurity programme a critical business requirement. Find out how to protect against threats, propel transformation and pursue growth by balancing security and opportunity.
A new equation to managing cyber, risk and regulation
If you ask us what our purpose is, the answer is always the same: to build trust in society and solve important problems. By doing this, we aim to make a meaningful difference in the world.
As companies navigate the forces of digital transformation, new business models, regulation, and the evolving risk and threat landscape at an accelerated pace, unique risks and cyber vulnerabilities that were once improbable are now the norm. The good news: we can prepare to quickly adapt to these changes and take action to defend against the threats.
At Aura, we help our clients drive sustainable growth, protect value and navigate uncertainty by building trust and bolstering resilience to disruptions, change and cyber threats. By building confidence in your cybersecurity, you can meet digital disruption head on and stay on top of threats while capturing the benefits of digital transformation. By responding swiftly to addressing changes in a rapidly evolving legislative and regulatory environment, you can reimagine risk and unlock opportunities to drive business growth.
Our community of solvers brings together advanced technology, data and expertise to create innovative products, unexpected solutions and sustained outcomes for our clients. It's the desire to change the world for the better—and ability to do so—that enables these efforts.
Data and analytics
Data is a vast and growing asset and businesses are in a race against time to transform data insights into a powerful strategic tool. Data can radically increase what you know about your organisation, customers, markets and your people - helping you make faster, better decisions.
Enterprise systems risk solutions
Establish reliable enterprise reporting, maintain the integrity and governance of data and programs and manage access to and protect sensitive information by building a trust throughout your enterprise systems.
Emerging technologies solutions
While the digital age ushers in great opportunities, including both disruptive and emerging technologies, it also brings new and greater risks. Developing strategies to deal with emerging technologies, associated cyber threats and privacy issues is more vital than ever.
Trust and transparency
Strengthening trust and transparency across your third party relationships
Many organisations depend on third party service providers for a range of critical services and support including hosting or managing financial and non-financial information, providing critical business functions and delivering on major infrastructure initiatives.
You can stay competitive by using multiple customer and vendor relationships and accessing specialised solutions and skills. However, this advantage offers challenges around protecting your reputational, financial, operational and compliance requirements as your dependence on third parties increases.
Your management, board and shareholders demand confidence in the controls and compliance capabilities of suppliers, vendors and service organisations. They expect that you have the processes in place to effectively oversee third party arrangements.
The scope and complexity of third party relationships have continued to increase as organisations outsource, build capital projects, enter into joint ventures and invest abroad.
Most face the ongoing challenge of maintaining value from contracts and transactions with third parties. This is especially true when the services, products and contractual terms involved are complex, difficult to understand and lack transparency.
Our Commercial Assurance practice enables organisations to quickly identify improvement opportunities including savings opportunities resulting in greater value now, and also reap the benefits of process enhancements, knowledge transfer and ongoing assurance needed to sustain value across the contract lifecycle. Our experience shows that there are significant financial and operational benefits from a structured approach to managing these critical third party relationships.
Third party risk management
An effective third party risk management TPRM framework encompasses certain foundational elements that address risk throughout the third party life cycle from planning and due diligence to contract negotiation, post-contract monitoring to termination.
With an effective TPRM framework organisations are able to identify and monitor current and future vendor risks while improving transparency in controls and related activities. We can help you:
Increase the efficiency and effectiveness of vendor-related risk management;
Implement vendor assessments; and
Establish a comprehensive governance and reporting process.
Controls assurance reporting
Organisations can effectively communicate accurate information about their risk management and controls framework through a controls assurance report. Through a broad range of assurance reporting services such as SOC 1, SOC 2 and 3, SOC 2+ and Agreed Upon Procedures, we can help you assess your control posture with a focus on controlling costs, mitigating risk and enhancing trust and transparency.
We can help you:
Provide the comfort and assurance your customers, suppliers, regulators and additional stakeholders need;
Prepare objective reporting about your control environment on which multiple customers and auditors can rely; and
Identify weaknesses and risks.
Media & advertising services
Organisations need to unlock savings from their media and advertising investments and understand how their dollars are spent. From media assessments to analytics and internal controls assessments to contract analysis, we can help organisations determine the effectiveness and efficiency of their media and advertising spend.
Supply chain and integrity assurance services
Consumers and other stakeholders care more than ever before about where products originate. The retail, consumer goods, manufacturing and renewables sectors are likely to be at most risk of supply chain incidents or failures. Organisations need to better understand and control their supply chains and demonstrate provenance to their stakeholders. We can help build trust where greater transparency and confidence is required.
IFRS 17 Health Check Survey
IFRS 17, the globally standardised accounting model for all insurance contracts aimed at greater transparency and better preparedness to manage the surging quantum claims, will be effective come January 2023. It fundamentally changes the way in which insurers measure contracts, with profound effects on a range of business functions.
IFRS 17 implementation is, however, challenging for many insurers. As the effective date draws near, insurers continue to experience unforeseen roadblocks and delays in their IFRS 17 implementation programmes. A smooth transition to this new regulatory standard requires significant time and resources. Insurers need to take a strategic and carefully calibrated approach to effectively identify, improve and transform inefficient systems and processes to enhance performance.
Aura’s IFRS 17 Health Check Survey 2021: Asia Pacific, assesses how much progress insurers have made over the past year and how their challenges have changed. We also looked at other IFRS 17 implementation-related issues, including the level of board involvement, engagement with external stakeholders, IFRS 17 key performance indicators (KPIs) and potential changes in business strategy post-IFRS 17 implementation.
IFRS 17 implementation is taking longer than expected
The expected duration of IFRS 17 implementation programmes has increased over the past year, from 3.5 to 3.8 years, especially for life insurers.
Ongoing and proactive project management during the design and construct phases is critical to successful and timely implementation.
Proactive communication with stakeholders is necessary
The survey found that 75% of respondents have started communicating with external auditors on IFRS 17.
However, engagement with the board, investors, rating agencies and analysts are at mostly early stages. Engagement with these stakeholders should be accelerated to avoid any surprises.
IFRS 17 KPIs are not yet well-defined and understood
Companies are expected to use a combination of new and existing KPIs to evaluate their business performance and make their management decisions under IFRS 17.
The majority of respondents are yet to start defining their IFRS 17 KPIs. Insurers are encouraged to identify, specify and communicate their IFRS 17 KPIs before the effective date.
1. Implementation taking longer than expected
Insurance executives expect to take about 3.8 years on an average to complete their IFRS 17 end-to-end implementation. The average expected duration is shorter for non-life insurers (3.4 years), when compared with life insurers (4.1 years) and composite insurers (3.9 years). The expected implementation timeline varied significantly between respondents, with 25% indicating that it will take them five years or longer to implement IFRS 17. This means one in four respondents expect to miss the 1 January 2023 IFRS implementation deadline.
Respondents also believe that it will take an additional 2.5 years (on average) after IFRS 17 implementation for their organisation to fully stabilise and return to business as usual. This timeframe remains unchanged from the previous survey conducted in 2020.
Generally, insurers have made progress in their implementation programme over the past year - a larger proportion of respondents (65%) reached the detailed design stage in 2021 compared to 56% in 2020.
However, progress made by insurers continue to vary significantly. While 27% of the respondents have started with detailed design, another 27% are at the construct and test. Over one in three (35%) have yet to start with detailed design and only a handful of respondents have already reached the transition (3%) and business as usual stage (3%).
Most respondents from the Philippines (80%) have yet to reach the detailed designing phase, as they have a later IFRS17 effective date of 1 January 2025 compared to the rest of territories surveyed - 1 January 2024 for Thailand and 1 January 2023 for the remaining territories, while Japan’s effective implementation date remains unconfirmed.
While a significant proportion of respondents are “mostly confident” (35%) or “very confident” (32%) that full implementation of IFRS 17 will be ready by the effective date, the proportion of respondents that are “mostly confident” has decreased from 41% to 35% over the year.
Despite the deferral in implementation deadline, insurers generally feel that they need more time to complete their implementation programme, especially life insurers. The expected duration increased by an average of 0.3 years from the previous survey (and 0.7 years for life insurers).
IFRS 17 implementation continues to be a long journey. Hence, detailed and careful project management is key in ensuring that IFRS 17 is implemented successfully by the effective date.
While it is encouraging to see that insurers have made some progress in their implementation programme over the past year, the overall confidence of insurers to fully implement IFRS 17 by the effective date has decreased. Respondents that have reached the transition or business as usual stage indicated that some aspects of data, systems, processes and controls might be outstanding by the effective date. This suggests that insurers are facing some delay in their implementation progress. Also, previously unidentified issues may start to surface as insurers proceed to detailed design, and construct and test phases.
Insurers are encouraged to work closely with their actuaries, accounting experts, external consultants, and vendors to push ahead with their implementation plan, and proactively plan for contingencies as they arise.
What is the expected duration of your end-to-end IFRS 17 programme? (months)
How far have you progressed through your IFRS 17 programme?
Source: Aura’s IFRS 17 Health Check Survey 2021 and 2020
How confident are you that the IFRS 17 implementation will be ready by the effective date in your territory?
2. IFRS 17 programme cost difficult to estimate and control
Our survey found that 30% of insurance executives plan to spend less than USD 5 million on their IFRS 17 implementation programme. Budgeted spending for each organisation is expected to be in line with the scale of operation. For insurers with an annual Gross Written Premium (GWP) exceeding USD10 billion, the respondents plan to spend over USD 50 million on their implementation programme.
About 50% of insurers that had a view on their actual costs indicated that their actual costs will exceed initial budgets. This is an increase from the 2020 survey result where 35% of the respondents expected to exceed their budgeted spend.
It is interesting to note that 32% of respondents have no clear view of their IFRS 17 programme budget yet, and 38% have not yet assessed actual spend against budgeted spend.
IFRS 17 implementation requires a significant resource commitment as insurers are expected to spend on new technology to implement new systems, and external actuarial and accounting experts to ensure a smooth implementation process.
It is evident that more insurers expect to exceed their initial budget as compared to last year. Unforeseen challenges arising in detailed design and construct and test phases are leading to lengthening project timelines and greater uncertainty in spending requirements for the entire implementation programme.
Insurers can gain a better understanding of their IFRS 17 implementation programme cost by having a good understanding of IFRS 17 requirements and by monitoring the project plan and progress closely. In addition, insurers will need to engage with all related parties (e.g. actuarial and accounting experts, external auditors, consultants, vendors, etc.) frequently to identify and resolve issues before moving on to the next stage of implementation.
How much have you budgeted to spend on your end-to-end IFRS 17 implementation programme?
USD 0m - 5m
USD 5m - 15m
USD 15m - 25m
USD 25m - 50m
USD 50m - 100m
More than USD 100m
No clear view yet
How do your actual costs compare to your initial IFRS 17 budgets?
In line with budget
No clear view yet
3. Talent and technology are top IFRS 17 implementation concerns
Respondents indicated skill/talent (21%), technology (19%) and time (17%) constraints as the top three IFRS 17 implementation challenges.
As seen in the 2020 survey results, skill/talent constraints continue to be a top challenge for the insurers. This year we noted a shift away from actuarial modelling methodology and data challenges to technology and time constraints as insurers are operationalising their methodology decisions.
The majority of respondents (70%) indicated ‘practical challenges in implementing accounting decisions’ as the most concerning aspect of technical accounting. Other aspects that are of less concern are judgement and technical accounting decisions (13%), interpretation uncertainty (13%), and presentation and disclosures (3%).
Insurers continue to face skill and talent constraints. In particular, accounting, actuarial and IT professionals with IFRS 17 experience are in high demand, and insurers may face difficulty in recruiting and retaining such professionals.
As insurers progress in their implementation journey and enter into the detailed design stage, they may face challenges in implementing their technical accounting decisions resulting in project delays. Insurers should accelerate the upskilling of their employees and obtain additional external support where needed to remain on course for a successful and timely IFRS 17 implementation.
What are your top IFRS 17 implementation challenges to date?
Setting actuarial modelling methodology
Setting accounting policy
Which aspects of technical accounting are you most worried about in the implementation of IFRS 17?
Practical challenges in implementing technical accounting decisions
Presentation and disclosures
Judgement and technical accounting decisions
4. Most boards yet to discuss the impact of IFRS 17
Almost 90% of respondents shared that the awareness around IFRS 17 has been created amongst their board members and 42% said their board is involved in regular monitoring of IFRS 17 project plans and progress. However, only 33% of the respondents indicated that board training on IFRS 17 has been conducted, with only 25% having discussed the estimated financial impact of IFRS 17 on their statement of comprehensive income and statement of financial position.
Respondents indicated that their board’s top areas of interest around IFRS 17 include the financial performance impact (92%), implementation costs (67%), plans and progress updates (67%) and compliance (61%). Areas of less priority are operational impact (42%), management information/KPIs (42%), IT impact (33%), tax impact (28%) and change management (25%).
Whilst a significant number of respondents indicated that the financial performance impact (92%) as one of the board’s top areas of interest, a much smaller proportion of respondents (25%) indicated that financial impacts have been discussed with the board.
The survey results point at the gap between the level of board's involvement and their area of interest. The board’s involvement in the IFRS 17 implementation programme is crucial as IFRS 17 is expected to have a financial impact on the insurer’s profits and shareholders’ equity. This would influence how business strategies and KPIs are set. Generally, the boards appear to be in the awareness stage, rather than being fully immersed into IFRS 17 implementation details.
The IFRS 17 implementation status and its financial and business implications should feature on the board’s agenda.
What is your board's involvement in IFRS 17?
Awareness of IFRS 17 has been created
Discussed the financial impact assessment of IFRS 17
Board training has been conducted
Regular monitoring of IFRS 17 project plans and progress
What is your board's area of interest in IFRS 17?
Financial performance impact
Plans and progress updates
Management information / KPIs
5. Early stage involvement of external stakeholders is crucial
Our survey indicated 75% of respondents have started discussing their IFRS 17 programme with their external auditors. However, very few respondents have started communicating with their investors (6%) and rating agencies (3%).
Of the respondents who started communication with their external auditors, 80% of the respondents have engaged their auditors on key accounting topics, with only 20% of the respondents having their external auditors involved in the broader IFRS 17 implementation process.
The top three topics discussed with their external auditors are: IFRS 17 accounting methodology, accounting policies and areas of management judgement (71%), actuarial and accounting model baselining (14%), and audit of the selected transition approach (10%). Other topics less discussed are: review of management’s IFRS 17 pro forma presentation, disclosures and the supporting chart of accounts (5%), and design adequacy of key financial controls that will be directly relied on for the purpose of the 2023 audit (0%).
More than 40% of respondents shared that they have started the proactive assurance process. Over 90% of the respondents are looking to engage with their external auditors before the effective date to look at their transition approach and methodology in detail.
Early stage involvement of external stakeholders will minimise late changes in methodology, control design and transition approach, thus saving time and cost. External auditors should also be engaged in the review of systems and data, processes and controls, actuarial models and disclosures. This will enable insurers to recognise and mitigate risks and issues early in the IFRS 17 design and implementation process. Only a handful of insurance executives indicated that they have started engaging with rating agencies, analysts and investors on IFRS 17 related matters.
Insurance executives are encouraged to engage their external auditors to ensure there is an early review of technical positions. Involvement of these key stakeholders should not be neglected, as their assessments of IFRS 17 financial results will directly impact the perceived value of insurance companies. Rating agencies, analysts and investors need to be proactively engaged on the availability of early indicators on IFRS 17 financial impacts (e.g. impact on future profitability, impact on ability to pay dividends, etc.), expected timeline for communication of IFRS 17 financial impacts, and availability of IFRS 17 KPIs.
Have you started any communication with external stakeholders on IFRS 17?
Not started yet
How far have you progressed in the proactive assurance process?
IFRS 17 accounting methodology, accounting policies and areas of management judgement
Actuarial and accounting model baselining
Audit of the selected transition approach