Sarbanes-Oxley:
           Implications for Insurers
           and Actuaries


           SOA Annual Meeting
           O...
Where Sarbanes fits in

Addresses financial reporting/disclosure risk
Impacts:
  Issuers
  External auditors
  Investment ...
PCAOB Objective


“…to oversee the audit of public companies…in
  order to protect the interests of investors and
  furthe...
SEC 404 Rule: Summary

“Internal Controls and Procedures for Financial Reporting”
  Purpose is to ensure that companies ha...
Required Elements: Assessment
             Process I
 To support the assertion, the Company’s process
 must:
   Determine ...
Required Elements: Documentation

Importance of Documentation
  Documentation of the design of significant controls;
  e.g...
Sarbanes Oxley 404 Overview
                                                    Auditor’s              Company A’s
       ...
Financial Services and Sarbanes

  Good news: Risk management is a key aspect of
  the business and, in most cases, cultur...
Top-Down Actuarial Control Structure

 Methods and assumptions
    Meet applicable guidance
    Reflect policy characteris...
Practical Considerations (Cont’d)

Interaction with other functions/business units
Testing/validation
Documentation
Start ...
Documentation-Characteristics


Formal
Up-to-date
Clearly described
Owned by business unit
Linked to Sarbanes 404 complian...
Benefits

You get to stay listed
Create key measures/dashboard for CEO’s/CFO’s to see
how well controls are working
Create...
Ethics in Financial
              Reporting
                         Neville S. Henderson
                Session 1330F - ...
Insurance Company’s Act

    • All Federally licensed companies must comply
    • Roles and responsibilities of Actuary an...
CIA

    • Sets standards of practice
       – Code of professional conduct
       – General standards of practice
       ...
Background to formalizing the External
     Review Process
•Several insolvencies in 80’s and 90’s
•Range of practice a con...
Terms of Engagement - CIA

     •Reviewer recommended by 1st actuary (AA)
     •Engaged by AA’s firm
     •Same competence...
Objectives of the external review process
     - OSFI
     • Strengthen confidence by public, management directors and
   ...
Review to confirm - OSFI

     •Work of AA within range of accepted actuarial practice
     •Appropriateness of assumption...
Report - OSFI

     •Available to:
        – audit committee of BoD
        – OSFI on a confidential basis
     • Should d...
Reaction to the new process

     • Some feel it provides a second opinion and sense of comfort to
       AA
     • Others...
Peer Review
       Joint CIA-SOA Meeting
           October 29, 2003


                             Josephine Robinson



...
Sun Life

                           International Company with
                           Operations in:
                ...
Sun Life Structure

 Asset liability management
 • Done at the national operation level
 • Asset cash flows often prepared...
What is reviewed?

             Canadian statement policy
             liabilities
              • Appointed Actuary’s Rep...
Scope of External Review

 Ascertain that work is within range of accepted
 actuarial practice
 Review appropriateness of ...
External Review

 First review conducted for 2002 year-end
 • Individual Insurance in all Operations
 • Established materi...
What did we learn?

 Educational value of more significance to Operations
 outside of Canada
 Business units frustrated wi...
What were the benefits?

 Benefit included creation of documents and
 Corporate review of the documentation
 Disciplined a...
Internal Review

 Not mandated
 Goal to review line of business prior to external
 review
 Internal review more extensive ...
Corporate Actuarial – Assumption &
Methodology Change Process


                                   National Operations    ...
Valuation Review &
Sarbanes-Oxley

 External review and internal review provides
 process support and documentation to dem...
Does Organizational
Structure Support Strategy?

                       With decentralized valuation
                     ...
Conclusion

             Valuation actuaries and other
             users of actuarial information
             should hav...
Upcoming SlideShare
Loading in …5
×

Orlando - Ethics in Financial Reporting

513 views
439 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
513
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Orlando - Ethics in Financial Reporting

  1. 1. Sarbanes-Oxley: Implications for Insurers and Actuaries SOA Annual Meeting October 29, 2003 Agenda Where Sarbanes fits in Scope of Sarbanes Section 404 Financial Services and Sarbanes Practical Considerations Value from Sarbanes 1
  2. 2. Where Sarbanes fits in Addresses financial reporting/disclosure risk Impacts: Issuers External auditors Investment analysts Objectives: financial reports that are: Informative Accurate Independently audited Scope of SOA Public Company Accounting Oversight Board (PCAOB) Auditor Independence Corporate Responsibility Enhanced Financial Disclosures Analyst Conflicts of Interest Comission Resources and Authority Studies and Reports Corporate and Criminal Fraud Accountability White-Collar Crime Penalty Enhancements Corporate Tax Returns Corporate Fraud and Accountability 2
  3. 3. PCAOB Objective “…to oversee the audit of public companies…in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports for companies the securities of which are sold to , and held by and for, public investors.” SOA 404 Requirements a) …each annual report…contain an internal control report, which shall: 1. State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and 2. Contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. b) The auditor shall attest to, and report on, the assessment made by the management of the issuer. 3
  4. 4. SEC 404 Rule: Summary “Internal Controls and Procedures for Financial Reporting” Purpose is to ensure that companies have processes designed to provide reasonable assurance that: The company’s transactions are properly authorized The company’s assets are safeguarded against unauthorized or improper use The company’s transactions are properly recorded and reported to permit the preparations of the financial statements in accordance with GAAP Relates to the audited financial statements and notes thereto Safeguarding of assets Effective for years ending on or after 6/15/04 Management Assertion EXAMPLE LANGUAGE FOR ILLUSTRATION PURPOSES ONLY Management assessed the Company’s internal control over financial reporting as of December 31, 200X. Based on this assessment, management believes that, as of December 31, 200X, the Company maintained effective internal control over financial reporting, including maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the Company, and policies and procedures that provide reasonable assurance that (a) transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America and (b) receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company, based on the criteria for effective internal control over financial reporting established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. 4
  5. 5. Required Elements: Assessment Process I To support the assertion, the Company’s process must: Determine which controls are significant Determine which locations or business units should be included in the evaluation Document and evaluate the design of significant controls Evaluate the operating effectiveness of controls Required Elements: Assessment Process II To support the assertion, the Company’s process must: Identify significant deficiencies or material weaknesses Document the results of the evaluation Communicate findings (e.g., significant deficiencies and materials weaknesses) to the independent auditor Absence of sufficient evidence to support the company’s evaluation constitutes a material weakness that results in a report qualification. 5
  6. 6. Required Elements: Documentation Importance of Documentation Documentation of the design of significant controls; e.g. policies and procedures, provides evidence that controls have been identified and are capable of being monitored by the company Inadequate documentation of the design of controls may result in a significant deficiency or a material weakness and may constitute a limitation on the scope of the engagement Key Considerations (Continued) Formalizing the process and controls for risk areas; e.g.: Non-routine transactions and balances Estimates Consideration and documentation of GAAP (transactions, contracts and agreements) Fraud risk areas; e.g. Consideration of management override Monitoring- unusual and significant journal entries Other specific risk areas Audit adjustments 6
  7. 7. Sarbanes Oxley 404 Overview Auditor’s Company A’s Company A’s 12/31/03 Assertion Financial Statements Attestation Report Determine Obtain / Scope – Identify Identify Identify Identify Complete Test Entity Applicable Control Control & Fin’l. Risks Document- Effectiveness Cycles Objectives Activities Stmt. Lines ation Premiums An Integrated Premiums Test In-force Recorded Application Document File Maint. Individual Recorded on Valid Policies, Allows Rules & Premiums / Procedures, Life – on Valued Accurately Bills To Be Processes over including a Deposits Recorded Timely Processed Only In-force file Premiums Lapsed Sample of & Processed For In-Force Maintenance Policies Completely Lapsed Polices Policies y Process to Sustain the Effectiveness of Controls and Documentation Timeline Plan & Scope Document, Assess & Remediate Report/Sustain Stage I Stage II Stage III • Develop a plan For each location/process: • Update assessment • Design framework • Tailor control objectives • Prepare assertion • Scope company • Tailor control activities • Prepare report • Assess risk • Identify documentation • Develop sustainable • Starter control sets • Test operating effectiveness 302/404 process • Set project roles • Assess gaps • Remediate Board Review Board Review Auditor Readiness Assessment and Planning Auditor Attest Procedures 7
  8. 8. Financial Services and Sarbanes Good news: Risk management is a key aspect of the business and, in most cases, culture Opportunities: Alignment of “tone at the top” and process Documentation Consistency Metrics Disclosure controls Insurers and Sarbanes “…the unique nature of insurance risk (the quantification of which is often inherently difficult and judgemental) is leading many insurers’ disclosure committees to involve claims, underwriting, and actuarial personnel-groups that traditionally have not been a core part of a financial disclosure team.” 8
  9. 9. Top-Down Actuarial Control Structure Methods and assumptions Meet applicable guidance Reflect policy characteristics Data integrity Input items Movement among systems Accuracy of calculations Seriatim accuracy/reasonableness Manual adjustments Disclosure Translation to financial statements Aggregate reasonableness Practical Considerations Top-down vs bottom-up Corporate actuarial vs lines of business Practical vs comprehensive Process owners Granularity Lines of business Product Owner Systems Financial statement lines 9
  10. 10. Practical Considerations (Cont’d) Interaction with other functions/business units Testing/validation Documentation Start at the end (ie financial statements) Leverage existing documentation (eg internal audit reviews) Address known weaknesses early Work in the context of 404 technology Documentation-Content Specific control being documented Risks mitigated by the control When (how often) and where control occurs Who performs the control Information produced by control, and to whom Who monitors the effectiveness of the control 10
  11. 11. Documentation-Characteristics Formal Up-to-date Clearly described Owned by business unit Linked to Sarbanes 404 compliance program Centralized Common format What You Can Do Dialogue with: CFO/Corporate controller Internal and external auditors Other actuarial areas Participate in the process Document (ASOP 21) Keep the goal in mind: Accurate and informative financial statements 11
  12. 12. Benefits You get to stay listed Create key measures/dashboard for CEO’s/CFO’s to see how well controls are working Create an internal control change function for the organization Reduce surprises More orderly implementations/organizational changes Restore confidence to the public markets that, in the end, we all report to Contact Details Darryl Wagner 1-860-725-3165 dawagner@deloitte.com 12
  13. 13. Ethics in Financial Reporting Neville S. Henderson Session 1330F - SoA Annual Meeting October 29, 2003 PricewaterhouseCoopers Sources of governance in Canada • Insurance Company’s Act (“ICA”) • Office of the Superintendent of Financial Institutions (“OSFI”) • Provincial Insurance Regulators • Canadian Institute of Actuaries (“CIA”) • SEC 2 1
  14. 14. Insurance Company’s Act • All Federally licensed companies must comply • Roles and responsibilities of Actuary and Auditor defined • Protection for Actuary in complying with Act • Allows OSFI to require an external review of the actuaries work if there are concerns about quality or financial integrity 3 OSFI • Administers ICA • Power to order a complete review of the actuary’s work • Issues annual memorandum to the appointed actuary with any additional requirements • Influences the CIA in developing standards 4 2
  15. 15. CIA • Sets standards of practice – Code of professional conduct – General standards of practice – Practice specific standards of practice • Enforces compliance – Discipline process – Previously compliance questionnaires – Currently peer review 5 SEC • Exerts direct control over all companies registered on the US stock exchanges • Audit committees of Non-SEC registrants may use SEC requirements as a guide in establishing internal procedures • Audit committees may be more rigid than SEC requires 6 3
  16. 16. Background to formalizing the External Review Process •Several insolvencies in 80’s and 90’s •Range of practice a concern to regulators – Discipline process formalized – compliance questionnaires introduced •OSFI unilaterally implemented a triennial review process in late 90’s – Encouraged CIA to establish peer review process •Consolidated Standards of Practice introduced by the CIA in 2002 – Increased the range of practice – Compliance questionnaires inadequate •Formal introduction of External Review of the Actuary’s Work by CIA and OSFI 7 Background and Objectives of the External Review Process - CIA • Improve quality of work actuaries provide to clients • Strengthen the position of the profession and members • Maintain and strengthen confidence of users in the work • Education for both actuaries involved and should be collegial • Minimize risk of errors that might jeopardize the reputation of actuaries • Expected to narrow range of results • Preferable to occur prior to release but within 3 months after is acceptable 8 4
  17. 17. Terms of Engagement - CIA •Reviewer recommended by 1st actuary (AA) •Engaged by AA’s firm •Same competence tests applied as for AA – If FCIA required to do work, reviewer must be an FCIA – Expertise and experience requirements • Objectivity • Limited engagement for 2 or 3 cycles before change • Sample engagement letter provided 9 Conduct of review - CIA •1st actuary and reviewer to cooperate fully •Confidentiality to be maintained •Review in adequate depth to supply written opinion but not as onerous review as work itself – Not necessary to reproduce calculations – Not required to do in-depth research of contracts • 1st actuary to provide – relevant documentation – Logic behind conclusions – Thorough controls of processes 10 5
  18. 18. Objectives of the external review process - OSFI • Strengthen confidence by public, management directors and regulators • Narrow the range of practice • Improve quality of the AA’s work • Provide professional education to the AA 11 Work to be reviewed - OSFI •Valuation of actuarial and policy liabilities and preparation of AAR •For federally regulated companies, AA’s oversight of regulatory capital requirement •For Canadian life insurance companies, allocations of investment income, expenses, and taxes to par accounts and actuarial opinions relating to the dividends paid to par policyholders •Future financial condition report 12 6
  19. 19. Review to confirm - OSFI •Work of AA within range of accepted actuarial practice •Appropriateness of assumptions and methods •Whether AAR accurately describes assumptions and methodology employed •Review adequacy of procedures, systems, work of others relied on by AA •Produce a written report 13 Timing - OSFI •All work should be reviewed at least triennially •Could subdivide the work over the 3 year cycle •Prefer to have review prior to releasing the pertinent report •Should be submitted no later than 3 months after release by AA •If completed by the audit firm, review must be completed prior to issuing audit opinion 14 7
  20. 20. Report - OSFI •Available to: – audit committee of BoD – OSFI on a confidential basis • Should describe: – Extent of work done by reviewer – Conclusions with respect to compliance with accepted actuarial practice – Conclusions with respect to other objectives or requirements established by OSFI – Changes to previously employed methods/assumptions – Any remaining differences between AA and reviewer 15 Selection of Reviewer - OSFI •Qualifications include: – Same as to be an AA – Experience requirements including exposure to 2 or more companies to acquire sense for range of practice • Should be objective: – No prior relationship that would impair objectivity – May not be employee or served as AA within 3 years – No financial interest in company – If AA is a consultant, reviewer can not be from same firm – Should not provide advice with respect to recommended changes • Change every 2 cycles 16 8
  21. 21. Reaction to the new process • Some feel it provides a second opinion and sense of comfort to AA • Others feel SoP’s are adequate • Expense, especially to small companies • Difficult for sole practitioners • Reviewer bound by Rule 13 of Rules of Professional Conduct of CIA 17 9
  22. 22. Peer Review Joint CIA-SOA Meeting October 29, 2003 Josephine Robinson Peer Review Practice at Sun Life for: • External Review • Internal Review 1
  23. 23. Sun Life International Company with Operations in: • Canada • US • UK • Asia • Hong Kong, Philippines, Indonesia, China, & India Sun Life Structure Corporate Actuarial – Toronto • Valuation is decentralized National Operation Corporate Actuarial area • Chief Actuary in each operation worldwide Business Units • Actuary whose responsibility includes valuation • Business Units perform the valuation 2
  24. 24. Sun Life Structure Asset liability management • Done at the national operation level • Asset cash flows often prepared by national operation corporate area or a corporate area of Investments • Liability cash flows prepared by business unit • CALM testing generally done by the business unit Goals of Review Narrow the range of actuarial practice across the Company (depending on necessity for consistency) Improve quality of the work Provide education for the business units, national operation, corporate Better understanding of what everyone is doing and ensure practices meet with the Appointed Actuary’s approval 3
  25. 25. What is reviewed? Canadian statement policy liabilities • Appointed Actuary’s Report Financial Condition Reports - Dynamic Capital Adequacy Testing (DCAT) Actuarial opinions regarding capital requirements - Minimum Continuing Capital and Surplus Requirements (MCCSR) What is reviewed? Allocation of investment income, expenses & taxes - Compliance to the Insurance Companies Act (ICA) Actuarial opinions relating to policyholder dividends (ICA) 4
  26. 26. Scope of External Review Ascertain that work is within range of accepted actuarial practice Review appropriateness of assumptions made and methods employed Review adequacy of procedures, systems and work of others that AA relies on Produce a written report documenting findings and recommendations • Management responses included Requirements It does not mean reproducing the work or doing any detailed recalculations 5
  27. 27. External Review First review conducted for 2002 year-end • Individual Insurance in all Operations • Established materiality limits i.e. did not review small blocks of business Started summer of 2002 with review of 2001 AA Report • Documentation regarding assumptions, experience studies External Review Post-release review – report completed early April Summarized report submitted to Board in July • Focus on what is important to them A number of recommendations made some of which have already been implemented Others postponed until Operation can develop plan 6
  28. 28. What did we learn? Educational value of more significance to Operations outside of Canada Business units frustrated with amount of scrutiny, questions • Some people more open to suggestions than others • Some differences of opinion as to interpretation What did we learn? Suggested changes were practical and for most not difficult to implement Some recommendations supported changes that we wanted to make – appeal to a 3rd party expert Compared to other reviews conducted in the past by other consultants this review was not excessive and yet produced a number of recommendations for improvement 7
  29. 29. What were the benefits? Benefit included creation of documents and Corporate review of the documentation Disciplined approach Responding to questions provides opportunity to learn more about the business Provides opportunity for sharing best practices Process this year Second review for 2003 started • Schedule created with input from national operations and business units to obtain buy-in for timeframe and work effort Schedule frequent question & answer sessions between business units, national operation coordinator, Corporate Office actuarial coordinator and Consultant 8
  30. 30. Internal Review Not mandated Goal to review line of business prior to external review Internal review more extensive and needs to involve review of systems, data, and policy liability testing at a more detailed level Internal Review Ideally it should be done a year in advance to allow for time to make the changes necessary Assumptions and method changes reviewed at least quarterly System checks and associated detailed policy data checks may be completed say once every 3-5 years • Also when program changes made a review of the changes is necessary 9
  31. 31. Corporate Actuarial – Assumption & Methodology Change Process National Operations Corporate Actuarial Nat’l Operations Appointed Actuary submit assumption & reviews and questions methodology changes assumptions & methodology Run valuation and review valuation test Submit changes where irregularities are noted Note: Best estimate assumptions and margin for adverse deviation − mortality Appointed Actuary Yes Issues − morbidity discusses with Chief ? − lapse Actuary No − expenses − inflation − asset default Appointed Actuary − reinvestment No Resolved Yes approves the − tax ? assumptions & − interest rate where applicable methodologyy Plus − policyholder dividends − tax reserve Internal Review Developed a peer review tracking system • ensure that management responses to recommended changes are completed The reviews support each other 10
  32. 32. Valuation Review & Sarbanes-Oxley External review and internal review provides process support and documentation to demonstrate compliance to Sarbanes-Oxley Ensures quality assurance Documentation database to include supporting documents Are we overdoing it? Internal reviews allow us to investigate work more thoroughly • It can reduce work effort of consultant Good practice to ensure one’s own work is appropriate • Important for risk management • Feeds nicely to Sarbanes-Oxley 11
  33. 33. Does Organizational Structure Support Strategy? With decentralized valuation need to have different controls For centralized valuation benefit of lower costs and fewer people having to be familiar with standards Structure we had prior to demutualization Valuation Review & Sarbanes-Oxley Valuation actuary should now have improved data integrity Previously administrative or claims areas accuracy on some data items was viewed as only important to actuaries (e.g. coding of sex, age or standard, sub-standard) Demonstrate controls are in place 12
  34. 34. Conclusion Valuation actuaries and other users of actuarial information should have more confidence in the results Review should provide opportunity to introduce continuous improvement 13

×