Green maze from above

How Internal Audit plays a vital role in IFRS 17 implementation

Due to the complexity of IFRS 17, it is important that Internal Audit has a “seat at the table” throughout implementation programs.

As many insurers are aware, IFRS 17 will have wide-ranging impacts on businesses including financial accounting and actuarial systems, performance measurement, and operating models for financial reporting. So what role does Internal Audit play in IFRS 17 implementation projects?

Due to the complexity involved in an IFRS 17 implementation program, it is important that Internal Audit has a “seat at the table”, providing comfort the program is running effectively and risks are identified and addressed as and when they arise.

Therefore, Internal Audit involvement should span across the whole IFRS 17 lifecycle, including:

  • Governance of the IFRS 17 project
  • Core system changes
  • Training of people
  • Process design and operation

IFRS 17 will represent a major change program for insurers, extending beyond finance and actuarial teams. It will impact insurers’ processes, people, and technology, with many workstreams and responsibilities involved. Given the size of this change, and the risk that an ineffective implementation would present to the business, IFRS 17 programs will likely form part of any Internal Audit risk assessment in upcoming years.

Therefore, ensuring Internal Audit teams are involved in the early stages of IFRS 17 implementation will allow any risks to be addresses and ongoing programs to be developed for monitoring and assurance. Ideally, Internal Audit teams will:

  1. Secure early involvement with first and second Lines of Defense to understand the opportunities and risks IFRS 17 poses across the business
  2. Undertake a health check on how the organization is setting up for IFRS 17 implementation success
  3. Develop an ongoing program of assurance work, focusing on whether the IFRS 17 program is likely to deliver intended outcomes in line with regulatory expectations
  4. Align planned activity to fit pragmatically within an overall organizational “assurance map”
  5. Assess required skills so Internal Audit will be able to provide the necessary assurance at the right time

Once IFRS 17 programs are implemented, Internal Audit’s work is not finished. Internal Audit teams should consider conducting post-implementation audits to provide assurance that new policies, processes and controls, and systems are appropriately embedded and comply with IFRS 17.


Wide-ranging and deep change is required for IFRS 17, and this represents a significant risk to organizations, both in their ability to meet the requirements of IFRS 17 and in delivering a solution that is sustainable and well controlled.

Internal Audit teams are critical to ensuring that IFRS 17 programs enable an effective output that delivers within risk appetite, and without excessive business disruption. Download our "The role of Internal Audit in IFRS 17 (PDF)" report to learn more.