Due to the complexity of IFRS 17, it is important that Internal Audit has a “seat at the table” throughout implementation programs.
As many insurers are aware, IFRS 17 will have wide-ranging impacts on businesses including financial accounting and actuarial systems, performance measurement, and operating models for financial reporting. So what role does Internal Audit play in IFRS 17 implementation projects?
Due to the complexity involved in an IFRS 17 implementation program, it is important that Internal Audit has a “seat at the table”, providing comfort the program is running effectively and risks are identified and addressed as and when they arise.
Therefore, Internal Audit involvement should span across the whole IFRS 17 lifecycle, including:
- Governance of the IFRS 17 project
- Core system changes
- Training of people
- Process design and operation
IFRS 17 will represent a major change program for insurers, extending beyond finance and actuarial teams. It will impact insurers’ processes, people, and technology, with many workstreams and responsibilities involved. Given the size of this change, and the risk that an ineffective implementation would present to the business, IFRS 17 programs will likely form part of any Internal Audit risk assessment in upcoming years.
Therefore, ensuring Internal Audit teams are involved in the early stages of IFRS 17 implementation will allow any risks to be addresses and ongoing programs to be developed for monitoring and assurance. Ideally, Internal Audit teams will:
- Secure early involvement with first and second Lines of Defense to understand the opportunities and risks IFRS 17 poses across the business
- Undertake a health check on how the organization is setting up for IFRS 17 implementation success
- Develop an ongoing program of assurance work, focusing on whether the IFRS 17 program is likely to deliver intended outcomes in line with regulatory expectations
- Align planned activity to fit pragmatically within an overall organizational “assurance map”
- Assess required skills so Internal Audit will be able to provide the necessary assurance at the right time
Once IFRS 17 programs are implemented, Internal Audit’s work is not finished. Internal Audit teams should consider conducting post-implementation audits to provide assurance that new policies, processes and controls, and systems are appropriately embedded and comply with IFRS 17.