Impact on Actuarially Determined Items SEAC Fall Meeting - Atlanta, GA November 19, 2003

Similar documents
Joint Regional Seminar Financial Reporting Development. U.S. GAAP and SOX 404

Reporting on Internal Control in an Integrated Audit

COMPANION POLICY CP TO NATIONAL INSTRUMENT CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS TABLE OF CONTENTS

Report on Inspection of Ernst & Young LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board

Preview of Observations from 2016 Inspections of Auditors of Issuers

Certification of Internal Control: Final Certification Rules

Report on Inspection of Deloitte & Touche LLP. Public Company Accounting Oversight Board

Companion Policy CP to National Instrument Certification of Disclosure in Issuers Annual and Interim Filings.

Report on Inspection of KPMG LLP. Public Company Accounting Oversight Board

Report on Inspection of Grant Thornton LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

Report on Inspection of MaloneBailey, LLP (Headquartered in Houston, Texas) Public Company Accounting Oversight Board

The entity's risk assessment process will assist the auditor in identifying risks of materials misstatement.

) ) ) ) ) ) ) ) ) ) ) ) PCAOB Release No March 9, 2004

FASB Insurance Contracts

APPENDIX D Examples of Significant Deficiencies and Material Weaknesses

Report on Inspection of McGladrey LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

To: Financial Examiners. From: NAIC Examination Unit Staff. Date: January 21, Re: Sound Practices in Documenting Reliance on Audit Workpapers

23 rd Annual Health Sciences Tax Conference

2 4 Generally accepted auditing standards are the Statements on Auditing Standards issued by the Auditing Standards Board.

An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements

Report on Inspection of RSM US LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

ANNUAL REPORT ON THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS AND DEALERS (PCAOB Release No August 20, 2018)

Report on Inspection of RSM US LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

ACCOUNTING AND AUDITING SUPPLEMENT NO

Report on Inspection of KPMG LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

ASB Meeting October 16-19, 2017

Report on Inspection of B F Borgers CPA PC (Headquartered in Lakewood, Colorado) Public Company Accounting Oversight Board

Report on Inspection of Mark Shelley CPA (Headquartered in Mesa, Arizona) Public Company Accounting Oversight Board

TOWN OF WEST BROOKFIELD, MASSACHUSETTS MANAGEMENT LETTER FOR THE YEAR ENDED JUNE 30, 2007

ANNUAL REPORT ON THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS AND DEALERS

Report on Inspection of Zachary Salum Auditors PA (Headquartered in Miami, Florida) Public Company Accounting Oversight Board

Lord & Benoit Report: First Year SOX Results for Small Business

STAFF QUESTIONS AND ANSWERS

Review Questions and Final Exam

Sarbanes-Oxley Act. The U.S. Sarbanes-Oxley Act of 2002: 2004 Update for Non-U.S. Issuers.

ISA 315 (Revised), 1 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Report on Inspection of KPMG Audit Limited (Headquartered in Hamilton, Bermuda) Public Company Accounting Oversight Board

Please refer to Annexure 1 for some examples of Key Audit Matters (KAM) for illustrative purposes.

Conforming Amendments to PCAOB Auditing Standards Resulting from the Adoption of Auditing Standard No. 5

Group Financial Statements

ISAE 3000 Staff Adaptation of Requirements from ISAs 210, 300, 315 and 330

Report on Inspection of PricewaterhouseCoopers Kyoto (Headquartered in Kyoto, Japan) Public Company Accounting Oversight Board

Report on Inspection of Zhang Hongling CPA, P.C. (Headquartered in Flushing, New York) Public Company Accounting Oversight Board

Special Considerations in Auditing Complex Financial Instruments Draft International Auditing Practice Statement 1000

Report on Inspection of Castillo Miranda y Compañía, S.C. (Headquartered in Mexico City, United Mexican States)

Appointed Actuary s Report

Information about 2017 Inspections

Inspection of Freedman & Goldberg, C.P.A.'s, P.C. (Headquartered in Farmington Hills, Michigan) Public Company Accounting Oversight Board

Report on Inspection of BDO Canada LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Report on Inspection of McGladrey LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

) ) ) ) ) ) ) ) ) ) II.

"Observations On Auditors' Implementation Of PCAOB Standards Relating To Auditors' Responsibilities With Respect To Fraud"

Auditing and Assurance Standards Council

1 See Staff Inspection Brief, Preview of Observations from 2015 Inspections of Auditors of Issuers, Vol. 2016/1, issued in April of

Inspection of Pannell Kerr Forster of Texas, P.C. (Headquartered in Houston, Texas) Public Company Accounting Oversight Board

Report on Inspection of ZAO Deloitte & Touche CIS (Headquartered in Moscow, Russian Federation) Public Company Accounting Oversight Board

Report on Inspection of MSPC, Certified Public Accountants and Advisors, A Professional Corporation (Headquartered in Cranford, New Jersey)

Report on Inspection of M&K CPAS, PLLC (Headquartered in Houston, Texas) Public Company Accounting Oversight Board

Report on Inspection of Arnett Carbis Toothman LLP (Headquartered in Charleston, West Virginia) Public Company Accounting Oversight Board

) ) ) ) ) ) ) ) ) ) )

PCAOB RELEASE NO A (Includes portions of Parts II and IV of the full report that were not included in PCAOB Release No.

Welcome to Today s NACUBO Webcast. Our program will begin shortly with a brief introduction on how to use the desktop interface.

Report on Inspection of Saturna Group Chartered Professional Accountants LLP (Headquartered in Vancouver, Canada)

SEC Adopts Rules Regarding Internal Control Over Financial Reporting Updated

Use of Internal Models for Determining Required Capital for Segregated Fund Risks (LICAT)

Gleim CPA Review Updates to Auditing 2011 Edition, 1st Printing June 3, 2011

Bridging the Sarbanes-Oxley Disclosure Control Gap :00:00.0 CDT

EXPOSURE DRAFT PROPOSED STATEMENT ON AUDITING STANDARDS

United States Department of the Interior

Report on Inspection of East West Accounting Services LLC (Headquartered in Miami, Florida) Public Company Accounting Oversight Board

Report on Inspection of Pinaki & Associates LLC (Headquartered in Newark, Delaware) Public Company Accounting Oversight Board

Securities Exchange Act of 1934 Reporting Readiness Considerations

Report on Inspection of KPMG AG (Headquartered in Zurich, Swiss Confederation) Public Company Accounting Oversight Board

Report on Inspection of Albert Wong & Co. LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board

Report on Inspection of RBSM LLP (Headquartered in McLean, Virginia) Public Company Accounting Oversight Board

ASB Meeting July 17-20, 2017

Report on Inspection of Yu Certified Public Accountant, P.C. (Headquartered in New York, New York) Public Company Accounting Oversight Board

ADDRESS: 14F NO. 108, Sec. 1, Tun Hua S. Road, Taipei, Taiwan TELEPHONE :

Private Companies Practice Section. Avoid potholes. for a smooth ride to peer review. i Avoid potholes for a smooth ride to peer review

NORTHERN TRUST CORPORATION AUDIT COMMITTEE CHARTER

Report on Inspection of BDO Auditores, S.L.P. (Headquartered in Madrid, Kingdom of Spain) Public Company Accounting Oversight Board

IAASB CAG REFERENCE PAPER IAASB CAG Agenda (December 2005) Agenda Item I.2 Accounting Estimates October 2005 IAASB Agenda Item 2-B

Sarbanes-Oxley Update: Impact on Public Companies, Management, and Audit Committees. W. Lynn Loden Deloitte & Touche LLP

International Standard on Review Engagements (UK and Ireland) 2410

September audit deficiencies continue to be significant. description of a deficiency. audit deficiency trends. concluding thoughts

Report on Inspection of BDO Visura International AG (Headquartered in Zurich, Swiss Confederation) Public Company Accounting Oversight Board

Report on Inspection of TJS Deemer Dana, LLP (Headquartered in Dublin, Georgia) Public Company Accounting Oversight Board

CERTIFICATION AND INTERNAL CONTROL REGIME FOR CROWN CORPORATIONS

Report on Inspection of Grant Thornton Auditores Independentes (Headquartered in Sao Paulo, Federative Republic of Brazil)

Inspection of Grassi & Co., Certified Public Accountants, P.C. Public Company Accounting Oversight Board

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Assurance. Presentation to audit and reporting committee of Central Puget Sound Regional Transit Authority 2016 Financial statement audit plan

Takeaways from the AICPA s 2018 Conference on Current SEC and PCAOB Developments

Inspection of BDO Hernández Marrón y Cía., S.C. (Headquartered in Mexico City, United Mexican States) Public Company Accounting Oversight Board

Report on Inspection of D. Brooks and Associates CPA's P.A. (Headquartered in Palm Beach Gardens, Florida)

STANDARD FOR AUDITS OF SMALL ENTITIES

Citizens Property Insurance Corporation 2017 Audit Plan December 12, insurance

PBR in the Audit: What to Expect Michael Fruchter, FSA, MAAA Emily Cassidy, ASA, MAAA

American International Reinsurance Company, Ltd. and Subsidiary Audited GAAP Consolidated Financial Statements. December 31, 2017 and 2016

Financial Statements. Contents

Transcription:

Sarbanes-Oxley Act of 2002 Preparing Your Organization for Section 404 Internal Control over Financial Reporting Impact on Actuarially Determined Items SEAC Fall Meeting - Atlanta, GA November 19, 2003

Today s Objectives Share knowledge and lessons learned since inception of the Sarbanes-Oxley legislation Discuss the impact of Sarbanes-Oxley on actuarially determined items. This presentation provides certain information with respect to specific elements of the Sarbanes-Oxley Act of 2002. Consideration of the Act and its various provisions is ultimately a legal matter and the implications of the Act in specific situations should be discussed with legal counsel. NOTHING HEREIN SHOULD BE CONSTRUED AS OFFERING ANY LEGAL OPINION, ADVICE OR GUIDANCE REGARDING LEGAL REQUIREMENTS OR IMPLICATIONS OF THE ACT. 2

Sarbanes-Oxley Section 404 Overview 3

Sarbanes-Oxley Section 404 Overview Management s annual report on Internal Control Over Financial Reporting (ICFR) must: State management s responsibility for establishing and maintaining adequate ICFR; Identify the control framework used by management to evaluate ICFR; Contain management s assessment, as of year-end, of the effectiveness of ICFR, including a statement whether or not ICFR is effective; and Contain a statement that the independent auditor has issued an attestation report on management s assessment of ICFR. 4

Sarbanes-Oxley Section 404 Overview Effective Dates Issuers, other than foreign private issuers, that meet the definition of an accelerated filer in Exchange Act rule 12b-2, will be required to comply for fiscal years ending on or after June 15, 2004. All other issuers, including small-business and foreign-private issuers, will be required to comply with the new rules for their fiscal years ending on or after April 15, 2005. 5

Sarbanes-Oxley Section 404 Overview The SEC defines internal control over financial reporting. The SEC states management must base its evaluation of the effectiveness of internal control over financial reporting on a suitable, recognized control framework. The adopting release recognizes that the COSO Framework satisfies the above criteria, however the use of a particular framework is not mandated. The final rules require management's report to identify the framework used by management. 6

Sarbanes-Oxley Section 404 Overview The final rules do not specify the methodology to be followed or procedures to be performed by management in their assessment of ICFR, however: The adopting release indicates inquiry is not sufficient. Evidential matter obtained should provide reasonable support for management s: Evaluation of whether a control is designed to prevent or detect material misstatements or omissions Conclusion that the tests were adequately planned and performed, and Determination that the results were appropriately considered. 7

COSO Framework Control Environment - The control environment sets the tone of an organization, influencing the control consciousness of its people Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed both at the entity and the activity level Control Activities These policies and procedures help ensure management directives are carried out Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that supports all other control components Monitoring Internal control systems need to be monitored a process that assesses the quality of the system s performance over time 8

PCAOB Update Independent auditor must attest to and report on management s assessment in accordance with standards issued or adopted by the Public Company Accounting Oversight Board (PCAOB). Establishing the attestation standard is a priority of the PCAOB On October 7, 2003, PCAOB voted to release a proposed standard for comment 9

Sarbanes-Oxley Section 404 Overview Management s Assessment Objectives The objectives of management s assessment process are two-fold: To support management s public assertion about the effectiveness of internal control To satisfy a pre-condition of the independent audit of internal control 10

Sarbanes-Oxley Section 404 Overview Supporting the evaluation Identify processes and determine which controls are significant Controls that address significant classes of transactions, account balances, disclosures and related assertions Consider likelihood that control failure could cause misstatements and the potential magnitude Controls over selection of accounting policies Processes identified and significant controls should include: Fraud programs and controls Controls on which other controls are dependent (e.g., general controls, including IT controls) Controls over significant non-routine transactions, journal entries, and account involving judgments and estimates Controls over closing process and preparation of financial statements 11

Sarbanes-Oxley Section 404 Overview Evaluating Design Effectiveness Procedures to determine whether control is suitably designed to prevent or detect material misstatements in financial statement assertions Procedures include: Inquiry Inspection Observation Tracing transactions Procedures will vary depending upon the nature of the control and complexity 12

Sarbanes-Oxley Section 404 Overview Evaluating Operating Effectiveness Procedures must be sufficient to verify operating effectiveness: Testing controls by corporate audit or others under the direction of management Use of service organization reports Self-assessment processes Inquiry alone is not adequate Procedures performed and controls and locations selected are affected by risk assessment and monitoring processes All significant controls and locations must be evaluated annually 13

Sarbanes-Oxley Section 404 Overview Identify Control Deficiencies A deficiency in design or operation may result from: A missing control (design) A control objective is not met by the control (design) A control is not operating as designed (operating) The person performing the control does not have the authority or qualifications needed to perform the control (operating) Inadequate documentation of controls is also considered a deficiency Deficiencies range from deficiency, significant deficiency, or material weakness 14

Sarbanes-Oxley Section 404 Overview Identify Control Deficiencies continued Significant deficiency could result in more than a remote likelihood of a misstatement of the company s annual or interim financial statements that is more than inconsequential in amount. Material weakness a single weakness or a combination of significant deficiencies results in more than a remote likelihood of a material misstatement in the company s annual or interim financial statements. If a material weakness exists as of the end of the company s most recent fiscal year, management and the auditor must conclude that the internal control is ineffective. Please note auditing standards are still in proposal change and the final rules could change. 15

Sarbanes-Oxley Section 404 Overview Independent Audit of the Internal Control Express an opinion on whether management s written assertion about the effectiveness of internal control over financial reporting is fairly stated in all material respects 16

Six Steps for Management to Consider 17

Example Management Internal Control Evaluation Process 1 Plan & Scope the Evaluation Establish internal control evaluation process. Determine significant controls and locations/ business units to be included. Define project approach, milestones, timeline, and resources. Launch project. 2 Document Controls Document design of significant controls for all significant locations and business units. 3 Evaluate Design & Operating Effectiveness Evaluate design and operating effectiveness of internal control over financial reporting and document results of evaluation. 4 Identify & Correct Deficiencies Identify, accumulate and evaluate design and operating control deficiencies; communicate findings and correct deficiencies. 5 Report on Internal Control Prepare management s written assertion on the effectiveness of internal control over financial reporting. 6 Independent Audit of Internal Control Prepare for independent auditor to conduct the internal control audit. 18

Scoping The most important qualitative and quantitative criteria to determine locations to include in project scope are: Financial statement materiality or volume of transactions Potential impact of fraud or misstatement on operations Specific high risk areas (financial or operational) Judgments and estimates When locations are similar product mix, size mix, belief of quality of controls at location All principle business units due to qualitative concerns 19

How Will You Ensure that the Population of Controls is Sufficient? Thorough review and definition during scoping phase Summary of controls for senior management Inclusion of external auditor during process Heavy involvement of internal audit throughout project Continuous review by core team and project steering committee during the project 20

Extent of Documentation Does your documentation include the design of significant controls related to all 5 components of internal control? Control Environment Risk Assessment Control Activities Information and Communication Monitoring Significant controls should also include: Anti-fraud programs and controls Controls on which other controls are dependent (e.g., general controls) 21

Determining Extent and Frequency of Evaluation Management and SOX project team judgment and consensus with external audit input Test plans to be created by management. The number and frequency will be based on the frequency of the control. Evaluate each process and the key control points Frequently evaluate significant controls based on significance of changes All key controls that drive financial statement activity to be tested on an annual basis more often if changes occur to controls 22

Actuarial Documentation 23

Significant Areas of Risk within Life Insurance Companies Areas where control failure could cause misstatements: Policy Reserves often comprise 70-85% of total insurance liabilities reserves calculations reflect actuarial assumptions, estimates, interpretations of regulations and modeling, all of which include significant areas of judgment as part of the process DAC Asset usually represents about 40-70% of GAAP surplus the industry has seen significant DAC effects recently due to the impact of economic markets and underlying assumptions used by variable writers, in particular Claim Reserves may represent a significant percentage of liabilities for companies writing health or disability business VOBA Asset for purchases of a company or a block of business may be a key driver of earnings Reserving/DAC/VOBA Processes and Controls underlying these amounts vary widely by company 24

Financial Reporting Objectives Objectives must Relate to Assertions made by Management: Completeness of Transactions Accuracy of Transactions Timeliness of Posting of Transactions Existence of Assets and Liabilities Valuation of Assets and Liabilities Company has Rights and Obligations to Assets and Liabilities Accounts and Statements are Properly Presented (Disclosed) under GAAP 25

Internal Controls as part of the Five Component Framework The five component framework: Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Four key risk areas: Data - Gathering and Interpreting Actuarial Valuation Systems Compilation Process Management Review Process Evaluating controls for each risk area: Completeness: Is something missing? Accuracy: Is information accurate? Data Actuarial Valuation Systems Judgments: Are judgments appropriate? Compilation Process 26

Project Steps 1 Plan and Scope the Implementation Establish internal control evaluation process. Determine significant controls and locations/ business units to be included. Define project approach, milestones, timeline, and resources. Launch project. 2 Document Controls Document design of significant controls for all significant locations and business units. 3 Evaluate Design, Operating Effectiveness and Gap Analysis Evaluate design and operating effectiveness of internal control over financial reporting and document results of evaluation. Identify, accumulate, and evaluate design and operating control deficiencies; communicate findings and correct deficiencies. 4 Training Conduct training based on needs throughout the project including developing and maintaining documentation, performing regular evaluations of controls and documenting results of self assessment process. 27

Actuarial Processes and Sub-Processes Key processes, sub-processes and objectives are identified based on discussions with actuarial and non-actuarial personnel Process owners and sub-process owners must be clearly identified Processes, sub-processes and objectives are often modified after the documentation process begins First step in documentation should be in the form of a high level process map with key intervention points and control items identified 28

Sample Actuarial Processes and Sub-Processes Business Process: Actuarial Valuation Sample Sub-Processes: Valuation of FAS 60 benefit reserves Valuation of FAS 97 general account benefit reserves Valuation of FAS 97 separate account benefit reserves Reporting of FAS 60 DAC balances Reporting of FAS 97 general account DAC balances Reporting of FAS 97 separate account DAC balances Calculation of experience studies Calculation of loss recognition testing Reinsurance Valuation of tax reserves Sign-off of valuation results by chief/corporate actuary 29

Sample Sub-Process Map Reporting of FAS 97 Separate Account DAC Balances Company A: Products A-B; Company B: Products C-F Admin System 1 Product A Admin System 2 Product B Admin System 3 Product C & Product D Admin System 4 Product E & Product F Manual Feed Electronic (mostly) Feed Manual Feed Manual Feed Manual Coding Modifications & Verify Accuracy Main Admin System Products A-F Electronic Feed Inforce Records and current year EGP Into 4 Systems PC-Based Actuarial Valuation Systems (1) System A (2) System B (3) System C (4) System D Perform Experience Analyses & Obtain Pricing Assumptions Identify Key Assumptions Inforce: prospective NB: new assumptions Runs System Perform Sample Checks Four Output Files Current Year & Prospective DAC Amortiz Streams Rerun Valuation System if Necessary Verify Accuracy & Completeness Electronic Feed System Append Historic DAC Amort Streams Run System Verify Accuracy & Completeness Two New Output Files DAC Balances Company A Company B Perform High Level Checks Electronic Feed Access Database Rerun Valuation System or Database if Necessary Run Database Excel- Based Output File Formatted for Reporting Verify Accuracy & Completeness Electronic Feed Variable annuities DAC process map based on discussions with actuarial personnel on mm/dd/yy Performs High Level Checks Corporate Actuarial Reporting Responsibility 30

Defining Objectives for Key Process/Sub-Process Areas 1. Is the objective or summary task specific enough and has the objective been assigned to our group or specific individuals? 2. Have the affected end-state processes been sufficiently defined to assure that all tasks are identified? 3. Have we considered the three categories of COSO objectives as a completeness check to ensure we have not ignored important objectives? 4. What customer expectation is being addressed by the objective? 5. How does the objective link to the overall organizational objectives? 6. How does the objective affect other parts of the organization? 7. Is the objective clearly understood by all responsible for its implementation? What are you really trying to accomplish? 31

Sample Actuarial Processes and Sub-Processes Objectives Business Process: Actuarial Valuation Sub-Process: Valuation of FAS 60 benefit reserves Objective: FAS 60 benefit reserves are appropriately reflected in the financial statements in a timely manner Sub-Process: FAS 97 separate account DAC balances Objective: FAS 97 separate account DAC balances are appropriately reflected in the financial statements in a timely manner Sub-Process: Calculation of experience studies Objective: Accurate and timely experience studies are available for use in DAC calculations and GAAP benefit reserve valuations 32

Typical Approach to Risk I have never been in an accident of any sort worth speaking about I never saw a wreck, nor was I ever in any predicament that threatened to end in disaster of any sort, Capital Edward J. Smith, RMS Titanic, replied to an interview by the New York press, 1907. On April 15, 1912, RMS Titanic sank with the loss of more than 1,500 lives-including Captain Edward J. Smith s. It has never happened it will never happen 33

Key Considerations Determining Risks 1. What could prevent the objective from being accomplished? Consider specific conditions that must exist or events which must occur for the objective to be met. 2. What other groups must be involved to accomplish this objective? Is there sufficient cross-functional involvement? 3. Does this objective affect the internal/external customers? 4. What are the ramifications to other processes/functions business if the risk occurs? 5. Which risks are most likely to occur? Which would have the most significant impact on your ability to achieve the objective? 6. Is there adequate focus on the critical risks and are they appropriately prioritized for action? 7. Given the risks identified, is it necessary to modify your objective or strategy? What could get in the way of achieving your objective? 34

Business Process: Actuarial Valuation Sub-Process: FAS 97 Separate Account DAC Balances Objective: FAS 97 separate account DAC balances are appropriately reflected in the financial statements in a timely manner Sample Business Risks: Compilation of FAS 97 Separate Accounts DAC balances is too complex and leads to misstatement of results Excessive reliance on key individual for FAS 97 Separate Accounts DAC FAS 97 Separate Accounts DAC balances recorded on the balance sheet are not adequate because they do not accurately reflect the contract obligations or the balances are computed using inappropriate methodologies and assumptions for the underlying contracts Inaccurate approximations used for interim FAS 97 Separate Accounts DAC calculations FAS 97 Separate Accounts DAC calculations may not be performed on a timely basis FAS 97 Separate Accounts DAC balances are not properly classified, described and disclosed in the financial statements, including notes, in conformity with applicable accounting principles 35

Key Considerations Identifying Controls 1. In light of the priority risks, what control mechanisms must be identified or modified to achieve the objective or mitigate the risks? 2. Are any additional control actions necessary to manage the priority risks? 3. Do the actions of other process owners or teams affect the management of these risks? Is there necessary crossfunctional involvement? 4. Have process models been used as a check for completeness and accuracy? 5.Have resources been specifically allocated to implement or manage the risks? 6. Have contingency plans been developed for priority or probable risks? What specific control actions are required to effectively manage the risks? 36

Limitations of Internal Controls Human Errors Human errors may arise from misunderstanding of instructions, mistakes of judgment, and personal carelessness, distractions, or fatigue. Collusion Collusion may circumvent the separation of duties. Management Override Management may override the structure to commit fraud or misstate the financial statements. Changing Conditions Conditions may change, weakening a system that was adequate at a point in time. Segregation of duties An employee is performing conflicting job duties. 37

Business Process: Actuarial Valuation Sub-Process: FAS 97 Separate Account DAC Balances Objective: FAS 97 separate account DAC balances are appropriately reflected in the financial statements in a timely manner Business Risk: FAS 97 Separate Accounts DAC balances recorded on the balance sheet are not adequate because they do not accurately reflect the contract obligations or the balances are computed using inappropriate methodologies and assumptions for the underlying contracts Sample Controls: 1. A formal review process exists to assess that the calculations and resulting FAS 97 Separate Accounts DAC balances produced by application of the methodologies, formulas and assumptions are accurate. 2. A formal review process exists to assess that the FAS 97 Separate Accounts DAC calculation methodologies are appropriate. 3. A formal review process exists to assess that the underlying assumptions utilized in the calculation of the FAS 97 Separate Accounts DAC calculations are reasonable and appropriate in relation to the underlying contracts. 4. Actuarial assumptions for interest, expenses, and mortality and DAC methodologies are formally documented by issue era and by product, including any subsequent revisions, and approved by the appropriate level of management. 5. Studies are conducted of the entity s actual experience for mortality, investment yield, and expenses, and compared to the FAS 97 Separate Accounts DAC assumptions. Comparisons are analyzed and documented. 38

Business Process: Actuarial Valuation Sub-Process: FAS 97 Separate Account DAC Balances Objective: FAS 97 separate account DAC balances are appropriately reflected in the financial statements in a timely manner Business Risk: FAS 97 Separate Accounts DAC balances recorded on the balance sheet are not adequate because they do not accurately reflect the contract obligations or the balances are computed using inappropriate methodologies and assumptions for the underlying contracts Sample Controls (continued) 6. Regular review by management (at least quarterly) of FAS 97 Separate Accounts DAC, changes in actuarial assumptions or calculation methodologies, analysis of gains and losses, any recoverability issues, and relevant comparisons with industry data. 7. Procedures are in place to assure that actuarial assumptions for interest, expenses, and mortality and DAC computation methodologies are in accordance with regulatory guidelines. 8. Any manual calculations or adjustments, in addition to automated calculations of FAS 97 Separate Accounts DAC balances, are reviewed by appropriate personnel. 9. Reconciliations of general ledger and FAS 97 Separate Account DAC balances are performed periodically and differences are followed up on a timely basis. 39

Actuarial Case Studies 40

Example: S404 Review of DAC The following slides are live case examples of situations which may be uncovered as part of a S404 review of internal controls specifically relating to a DAC asset for a variable annuity product Live situations where the internal controls were not appropriate and the potential outcomes which resulted from the lack of controls The live cases are not meant to represent an exhaustive list, they are included as specific examples only In most circumstances, the situations and conclusions outlined for DAC translate just as easily to Reserve determinations 41

Example: S404 Review of DAC DAC for nontraditional products (FAS 97) is a complex actuarial calculation and represents a material item for many life insurers Data such as inforce records, experience studies, economic information and expense studies, comes from multiple sources Calculation of DAC uses a combination of actual historical and projected future data (e.g. amortization stream) for amortizing deferrable costs Amortization streams typically vary by product and by issue year (or groupings of years) one Company may have hundreds of amortization streams Process of updating the amortization streams is called the unlocking process and this occurs at least annually Actuarial assumptions are used to project the future flows in the amortization streams Multiple PC-based actuarial valuation systems are often used in combination Loss recognition testing is performed as a last step to determine if the DAC asset calculated during the normal processes is recoverable Judgment is used throughout to interpret data, set assumptions, allocate data to product/issue year groupings, run and modify actuarial valuation systems, compile and review results 42

Example: S404 Review of DAC Case 1 Case 2 Case 3 Situation Lapse study not updated to reflect recent activity (assumptions stale) New product specifications miscoded in actuarial projection software Manual modifications are made to assumptions to achieve earnings targets Internal Control Involved Controls needed over the frequency and quality of lapse studies performed Peer review on the interpretation of the experience studies Detailed documentation of coding modifications Peer review that documentation is consistent with product Peer review by actuary who understands the software system Modifications are documented with appropriate support highlighted Peer review of modifications by senior company personnel Outcome without Appropriate Controls Inaccurate reflection of lapses could result is a material misstatement of DAC during the unlocking process New product is incorrectly reflected resulting in misstated balances for as long as coding errors persist DAC balance may not be supportable and therefore financial reporting is not reliable 43

Actuarial Self Assessments 44

Control (Self) Assessment The Process Owner identifies and documents their tests for the specific controls to determine effectiveness of the control design and its current operation. Are the risks being managed? The Process Owner is responsible for documenting the results of the tests that are performed and providing this to management. After all controls are tested and assessed, the assessment is complete. Assess The controls and assessment results may be formally documented within a Control Assessment Tool. 45

Documenting the Assessment of Controls Process owner s key steps to assess an identified control: 1. Determine what actions are necessary to conclude on the effectiveness of the pre-identified controls 2. Add and/or modify the test steps for each control as changes are needed 3. Execute the test activities 4. Document the test results; all results must be available for both internal and external audit for independent review 5. Determine and document if compensating controls exist, if the control doesn t exist or is ineffective 6. Prepare Remediation Action Plan and ensure it is executed Note - test evidence will generally be comprised of samples of the evidence showing that the control was and continues to be working over the year 46

Self Assessment Example Control: Reconciliations of general ledger and FAS 97 Separate Account DAC balances are performed periodically and differences are followed up on a timely basis Possible tests of the Control: Select a sample of reconciliations to confirm that they are being prepared, reviews are being evidenced, and reconciling differences are being resolved. Interview individuals responsible for performing and reviewing the reconciliations. 47

Self Assessment Example (cont d) Control: A formal review process exists to assess that the calculations and resulting FAS 97 Separate Accounts DAC balances produced by application of the methodologies, formulas and assumptions are accurate. Possible tests of the Control: Select sample of DAC balances and re-perform work to ensure properly processed and recorded. Interview individuals responsible for performing key process activities. Inspect evidence maintained by person responsible for performing activity. Inspect evidence of the formal review process including issues identified and resolved, key metrics reviewed and testwork performed as part of the review. 48

Self Assessment Example (cont d) Control: Possible tests of the Control: Regular review by management (at least quarterly) of FAS 97 Separate Accounts DAC, changes in actuarial assumptions or calculation methodologies, analysis of gains and losses, any recoverability issues, and relevant comparisons with industry data. Select a sample of DAC balances and verify that they are properly approved. Interview individuals responsible for performing key analysis steps. Inspect evidence maintained by person responsible for performed activity. Inspect evidence of management approval process. 49

Assessing Control Activity Effectiveness Assessment Details Next Step Controls are effective Controls are NOT effective There are no controls Controls are in place and working, reducing the likelihood of the risk event to an acceptable level. The control in place is not effective therefore, not reducing the risk event to an acceptable level. The controls described were not in place. No additional work is required (until next assessment). Indicate the mitigating controls, if any. Establish an action plan as soon as possible. Explain the reason why and establish an action plan. 50

Assessing Control Activity Effectiveness (continued) Here are some additional considerations for assessing control activity effectiveness: Has the control been in operation for the entire period? Is the control operating as designed? Has the control been operating consistently? Has there been any management override of this control? Is the control performed in a timely manner? Is there a mitigating control? 51

Impact of a Failed Control What is the Impact on the Company if a Control Fails? What are the implications? Financial reports are misstated Risk not appropriately mitigated Potential unacceptable exposure to the company Possibility that fraud can occur Inaccurate reporting of results It will take time to investigate the root cause of control failure design flaw, lack of awareness or practicality issue Corrective actions will be required with the development of an action plan Need to monitor the implementation status of corrective action plans to ensure that the risk is appropriately addressed 52

Developing an Action Plan If a control is not in place you will need to develop an action plan. Who needs to prepare a Remediation Action Plan? Process Owners who have identified ineffective or non-existent control activities What should you consider when preparing an action plan? What should an action plan address? The urgency of each issue raised How to address the root cause of the ineffective or missing control The amount of resources needed and whether the resources are available Target dates Most importantly, the action plan must be realistic and practical Establishing the control(s) Consider automated controls Increasing training when necessary 53

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback