SlideShare a Scribd company logo

2018 Val Act: Session 22 - Material weakness

Download as PPTX, PDF
A
Alex Hovi

Avoiding the material weakness: Case studies in developing effective controls. Originally presented by Melanie Dunn and Mark Spong at the 2018 Valuation Actuary Symposium.

Presentations & Public Speaking
1 of 15
Session 22PD: Avoiding the material weakness: Case studies in developing effective controls MELANIE DUNN, FSA, MAAA MARK SPONG, FSA, CERA, MAAA August 27, 2018
What do we mean by deficiencies and weaknesses? A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis A significant deficiency is a single weakness or a combination of weaknesses in the internal controls associated with financial reporting, that is less severe than a material control weakness and yet is sufficient to merit the scrutiny of those responsible for administering an entity's financial reporting *Source: Auditing Standard No. 5, Public Company Accounting Oversight Board
Material weaknesses may be more common than you think Internet Retail Company Reports Material Weakness: Second Control Deficiency in Three Years Audit Analytics Global Retailer finds ‘material weakness’ in controls over accounting leases Reuters Insurance Company Announces GAAP Restatement Business Insider Leading Life Insurer Discloses Its Second Material Weakness This Year Bloomberg Large Insurer shares fall 10% on ‘material weakness’ warning Financial Times School Districts get financial accountability grades Business Insider A Red Flag on Auto Company New York Times Aerospace company says numbers are unreliable due to control weakness MarketWatch Insurer Stock Tanking Today After Finding ‘Material Weakness’ The Street
Annual assumption review Historical examples of material weakness triggers Discovery of a material financial misstatement often indicates a weakness in underlying controls on financial reporting. Material misstatements For example, in 2015, an insurer reported a material restatement to 2013 financials due to an error in the 2013 annual assumption review. In March of 2018, another insurer disclosed a material weakness after reserves on a VA block were determined to be too high and released. Releasing excess reserves In 2015, a third insurer disclosed insufficient controls on implementation of methodology and assumption changes for LTC claim reserves. Controls on methodology changes
Market Reputation Financial Remediation effort Stock price drop Lack of trust Costs of remediation Strategic priorities must be shifted How would you, your team, and your department be affected by a material weakness? Consequences of a material weakness Morale Positive outlook eroded
Material weakness describes the control environment, not the accuracy of financial statements
Common Pitfalls – Case Studies & Discussion
Spreadsheet SNAFU “This isn’t a model, it just organizes the results. The governance standards for models would be overkill!” • The valuation model works flawlessly with top notch controls • Results are dumped into Excel, transformed into usable form, and aggregated with other products via links and macros • But business day 8 comes along: – A last minute update to the process is not flowing through correctly – New products are not captured – Balances are transposed During the normal course of quarter close, management is not able to prevent misstatements on a timely basis. 1 WHAT • What are the control standards at your company for End User Computing applications, such as Excel? 2 • Models are usually defined as having input, processing and output components. Why does End User Computing tend to fall under the radar? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
Assumption Malfunction “We update lapse and mortality every year and have a clear oversight process. Otherassumptionsstillseemappropriate.” • The assumption inventory for a critical high risk model appears to be complete and annually reviewed • The model is complex and certain assumptions associated with mean reversion are not well understood by the assumption review committee • As a result, there is a lower degree of scrutiny on those assumptions plus lack of scrutiny on implicit assumptions • The result is economic simulations that are not reflective of the prolonged low interest rate environment The assumption review process was not designed to place sufficient scrutiny on technical aspects of modeling design. 1 2 3 • Why might controls around assumption management be challenging to keep up? • How can actuaries structure and design controls to address the underlying issue? WHAT • What do the assumption review and update process look like at your company? WHY HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
Hand-off Hardships “We are the model owners and they are the model users” • A domestic actuary is the “model owner” for a model and operation is outsourced to a “model user” in another country • Hand-offs of model updates and review occur over email, since the model owner and model user don’t work the same hours • While attributing impacts between quarters, the model owner discovers an error from incorrectly mapping new issues during routine updates in Q2 • The model user hadn’t been educated on model governance requirements, and didn’t know what level of review was required for the mapping updates • The model owner didn’t know that the mapping updates had been made, and didn’t review them in Q2 Hand-offs have increased risk, and effective controls execution requires clear standards for communication when processes and data get handed off. 1 WHAT • What does a hand-off look like during quarter end at your company? 2 • Why is just emailing someone a model with quarter close updates a problem? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
Data Disaster “Of course we do reasonability checks on the inforce data, but we don’t have time to completely audit it” • The admin system is dropping a small number of policies each quarter in the inforce data feed • Data controls are focused on quarter over quarter changes of counts and face amounts, so nothing stands out • After 18-24 months reserve balances are significantly off The existing control was operating as designed but still did not meet the objective and reserves are misstated. 1 WHAT • What data quality checks would you realistically expect to routinely run on inforce files? 2 • Big changes from period to period are noticeable. Why might small changes like this still constitute a significant deficiency? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
Modeling Mishap “I’m just relying on what the pricing team provided” • After pricing a new product, the pricing team hands off the pricing model to valuation • Valuation independently defines business requirements for the inforce model and determines whether any features not modeled for pricing need to be modeled • Risk and modeling teams are not involved • The risk team just checks the results at the end • Since pricing decisions are made before valuation, modeling, and risk become involved, those stakeholders do not have input into the decisions This may result in modeling and risk teams that do not have the practical authority to design and perform effective controls. 1 WHEN • How early do the risk, modeling, and valuation teams get involved in the pricing process at your company? 2 • Why might the pricing team have more influence within the organization? WHY 3 • How can actuaries coordinate between teams to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
Error Emergency “We continuously keep track of modeling issues and address them as soon as possible” • An analyst finds a potential coding error in a production model on business day 3, two days before results are booked • There is limited time to thoroughly investigate to confirm the error or to assess its materiality • Multiple team members work late and the root cause appears to be identified and reasonable to address • A fix is implemented just in time and the impact on financials is attributed to a methodology enhancement • After quarter close, it was discovered that the change had unintended consequences for related products No emergency protocol was in place to guide action when an issue was found during quarter close. 1 WHAT • What is the emergency procedure at your company if an issue is found during the quarter close process? Is it a formalized or informal procedure? 2 • Why is it a problem to rely on a judgment call from management when an issue pops up during quarter close? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
End User Computing1 Assumptions2 Recap Model Stakeholders5 Emergency protocol6 Hand-offs3 Data4
2018 Val Act: Session 22 - Material weakness

Recommended

Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireAstalapulosListestos
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Gaiani (CarnCorpAudit)
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better ResultsGlobal Knowledge Training
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Best Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsBest Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsFraudBusters
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artokAndrew Simpson
 

Recommended

Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireAstalapulosListestos
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Gaiani (CarnCorpAudit)
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better ResultsGlobal Knowledge Training
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Best Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsBest Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsFraudBusters
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artokAndrew Simpson
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideAstalapulosListestos
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guideCenapSerdarolu
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-chargeTapas Bhattacharya
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideCenapSerdarolu
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Spend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO SuccessSpend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO SuccessBill Kohnen
 
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...MaryamAlHumam
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireCenapSerdarolu
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guideCenapSerdarolu
 
Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsMarkSpong1
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Reducing DSO
Reducing DSOReducing DSO
Reducing DSOPaul Bartlett MCICM(Grad) FACP(Grad)
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 
Prepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docxPrepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docxChantellPantoja184
 
Managing your insurance portfolio
Managing your insurance portfolioManaging your insurance portfolio
Managing your insurance portfolioAccenture Insurance
 

More Related Content

What's hot

Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideCenapSerdarolu
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Spend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO SuccessSpend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO SuccessBill Kohnen
 
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...MaryamAlHumam
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireCenapSerdarolu
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guideCenapSerdarolu
 
Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsMarkSpong1
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 

What's hot (19)

Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guide
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Spend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO SuccessSpend Analysis Identified as Key to CPO Success
Spend Analysis Identified as Key to CPO Success
 
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
Summarized version of Key Performance Indicators (KPIs) for Security Operatio...
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guide
 
Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common Pitfalls
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Reducing DSO
Reducing DSOReducing DSO
Reducing DSO
 

Similar to 2018 Val Act: Session 22 - Material weakness

2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 
Prepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docxPrepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docxChantellPantoja184
 
Managing your insurance portfolio
Managing your insurance portfolioManaging your insurance portfolio
Managing your insurance portfolioAccenture Insurance
 
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change Building the Tax Team of the Future to Navigate the Storm of Regulatory Change
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change Sovos
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...NAFCU Services Corporation
 
Lecture 7. CONTROL.pptx
Lecture 7. CONTROL.pptxLecture 7. CONTROL.pptx
Lecture 7. CONTROL.pptxAYONELSON
 
Software Quality Dashboard Benchmarking Study
Software Quality Dashboard Benchmarking StudySoftware Quality Dashboard Benchmarking Study
Software Quality Dashboard Benchmarking StudyJohn Carter
 
Slideshare os you are not alone_0818_final_compressed
Slideshare os you are not alone_0818_final_compressedSlideshare os you are not alone_0818_final_compressed
Slideshare os you are not alone_0818_final_compressedMilestone Group
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy LucieColt
 
MonetizingStatistics
MonetizingStatisticsMonetizingStatistics
MonetizingStatisticsAaron Sankey
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
 
Controlling
ControllingControlling
Controllingrmkcet
 
eBook Spreadsheet to WebAPP
eBook Spreadsheet to WebAPPeBook Spreadsheet to WebAPP
eBook Spreadsheet to WebAPPAbhishek Ranjan
 
Deficiency in it controls 2017
Deficiency in it controls 2017Deficiency in it controls 2017
Deficiency in it controls 2017John Gardner, CMC
 
Validating your-model
Validating your-modelValidating your-model
Validating your-modelGuy VdB
 

Similar to 2018 Val Act: Session 22 - Material weakness (20)

2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness
 
Prepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docxPrepare a 350- to 700-word paper in which you explain the ro.docx
Prepare a 350- to 700-word paper in which you explain the ro.docx
 
Managing your insurance portfolio
Managing your insurance portfolioManaging your insurance portfolio
Managing your insurance portfolio
 
Pm chapter 6...
Pm chapter 6...Pm chapter 6...
Pm chapter 6...
 
Pm chapter 6
Pm chapter 6Pm chapter 6
Pm chapter 6
 
Pm chapter 6
Pm chapter 6Pm chapter 6
Pm chapter 6
 
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change Building the Tax Team of the Future to Navigate the Storm of Regulatory Change
Building the Tax Team of the Future to Navigate the Storm of Regulatory Change
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
 
Lecture 7. CONTROL.pptx
Lecture 7. CONTROL.pptxLecture 7. CONTROL.pptx
Lecture 7. CONTROL.pptx
 
Software Quality Dashboard Benchmarking Study
Software Quality Dashboard Benchmarking StudySoftware Quality Dashboard Benchmarking Study
Software Quality Dashboard Benchmarking Study
 
Benchmark webinar presentation
Benchmark webinar presentationBenchmark webinar presentation
Benchmark webinar presentation
 
Slideshare os you are not alone_0818_final_compressed
Slideshare os you are not alone_0818_final_compressedSlideshare os you are not alone_0818_final_compressed
Slideshare os you are not alone_0818_final_compressed
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy
 
MonetizingStatistics
MonetizingStatisticsMonetizingStatistics
MonetizingStatistics
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
 
Benchmark webinar presentation
Benchmark webinar presentation Benchmark webinar presentation
Benchmark webinar presentation
 
Controlling
ControllingControlling
Controlling
 
eBook Spreadsheet to WebAPP
eBook Spreadsheet to WebAPPeBook Spreadsheet to WebAPP
eBook Spreadsheet to WebAPP
 
Deficiency in it controls 2017
Deficiency in it controls 2017Deficiency in it controls 2017
Deficiency in it controls 2017
 
Validating your-model
Validating your-modelValidating your-model
Validating your-model
 

Recently uploaded

CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 

Recently uploaded (20)

CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 

2018 Val Act: Session 22 - Material weakness

  • 1. Session 22PD: Avoiding the material weakness: Case studies in developing effective controls MELANIE DUNN, FSA, MAAA MARK SPONG, FSA, CERA, MAAA August 27, 2018
  • 2. What do we mean by deficiencies and weaknesses? A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis A significant deficiency is a single weakness or a combination of weaknesses in the internal controls associated with financial reporting, that is less severe than a material control weakness and yet is sufficient to merit the scrutiny of those responsible for administering an entity's financial reporting *Source: Auditing Standard No. 5, Public Company Accounting Oversight Board
  • 3. Material weaknesses may be more common than you think Internet Retail Company Reports Material Weakness: Second Control Deficiency in Three Years Audit Analytics Global Retailer finds ‘material weakness’ in controls over accounting leases Reuters Insurance Company Announces GAAP Restatement Business Insider Leading Life Insurer Discloses Its Second Material Weakness This Year Bloomberg Large Insurer shares fall 10% on ‘material weakness’ warning Financial Times School Districts get financial accountability grades Business Insider A Red Flag on Auto Company New York Times Aerospace company says numbers are unreliable due to control weakness MarketWatch Insurer Stock Tanking Today After Finding ‘Material Weakness’ The Street
  • 4. Annual assumption review Historical examples of material weakness triggers Discovery of a material financial misstatement often indicates a weakness in underlying controls on financial reporting. Material misstatements For example, in 2015, an insurer reported a material restatement to 2013 financials due to an error in the 2013 annual assumption review. In March of 2018, another insurer disclosed a material weakness after reserves on a VA block were determined to be too high and released. Releasing excess reserves In 2015, a third insurer disclosed insufficient controls on implementation of methodology and assumption changes for LTC claim reserves. Controls on methodology changes
  • 5. Market Reputation Financial Remediation effort Stock price drop Lack of trust Costs of remediation Strategic priorities must be shifted How would you, your team, and your department be affected by a material weakness? Consequences of a material weakness Morale Positive outlook eroded
  • 6. Material weakness describes the control environment, not the accuracy of financial statements
  • 7. Common Pitfalls – Case Studies & Discussion
  • 8. Spreadsheet SNAFU “This isn’t a model, it just organizes the results. The governance standards for models would be overkill!” • The valuation model works flawlessly with top notch controls • Results are dumped into Excel, transformed into usable form, and aggregated with other products via links and macros • But business day 8 comes along: – A last minute update to the process is not flowing through correctly – New products are not captured – Balances are transposed During the normal course of quarter close, management is not able to prevent misstatements on a timely basis. 1 WHAT • What are the control standards at your company for End User Computing applications, such as Excel? 2 • Models are usually defined as having input, processing and output components. Why does End User Computing tend to fall under the radar? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 9. Assumption Malfunction “We update lapse and mortality every year and have a clear oversight process. Otherassumptionsstillseemappropriate.” • The assumption inventory for a critical high risk model appears to be complete and annually reviewed • The model is complex and certain assumptions associated with mean reversion are not well understood by the assumption review committee • As a result, there is a lower degree of scrutiny on those assumptions plus lack of scrutiny on implicit assumptions • The result is economic simulations that are not reflective of the prolonged low interest rate environment The assumption review process was not designed to place sufficient scrutiny on technical aspects of modeling design. 1 2 3 • Why might controls around assumption management be challenging to keep up? • How can actuaries structure and design controls to address the underlying issue? WHAT • What do the assumption review and update process look like at your company? WHY HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 10. Hand-off Hardships “We are the model owners and they are the model users” • A domestic actuary is the “model owner” for a model and operation is outsourced to a “model user” in another country • Hand-offs of model updates and review occur over email, since the model owner and model user don’t work the same hours • While attributing impacts between quarters, the model owner discovers an error from incorrectly mapping new issues during routine updates in Q2 • The model user hadn’t been educated on model governance requirements, and didn’t know what level of review was required for the mapping updates • The model owner didn’t know that the mapping updates had been made, and didn’t review them in Q2 Hand-offs have increased risk, and effective controls execution requires clear standards for communication when processes and data get handed off. 1 WHAT • What does a hand-off look like during quarter end at your company? 2 • Why is just emailing someone a model with quarter close updates a problem? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 11. Data Disaster “Of course we do reasonability checks on the inforce data, but we don’t have time to completely audit it” • The admin system is dropping a small number of policies each quarter in the inforce data feed • Data controls are focused on quarter over quarter changes of counts and face amounts, so nothing stands out • After 18-24 months reserve balances are significantly off The existing control was operating as designed but still did not meet the objective and reserves are misstated. 1 WHAT • What data quality checks would you realistically expect to routinely run on inforce files? 2 • Big changes from period to period are noticeable. Why might small changes like this still constitute a significant deficiency? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 12. Modeling Mishap “I’m just relying on what the pricing team provided” • After pricing a new product, the pricing team hands off the pricing model to valuation • Valuation independently defines business requirements for the inforce model and determines whether any features not modeled for pricing need to be modeled • Risk and modeling teams are not involved • The risk team just checks the results at the end • Since pricing decisions are made before valuation, modeling, and risk become involved, those stakeholders do not have input into the decisions This may result in modeling and risk teams that do not have the practical authority to design and perform effective controls. 1 WHEN • How early do the risk, modeling, and valuation teams get involved in the pricing process at your company? 2 • Why might the pricing team have more influence within the organization? WHY 3 • How can actuaries coordinate between teams to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 13. Error Emergency “We continuously keep track of modeling issues and address them as soon as possible” • An analyst finds a potential coding error in a production model on business day 3, two days before results are booked • There is limited time to thoroughly investigate to confirm the error or to assess its materiality • Multiple team members work late and the root cause appears to be identified and reasonable to address • A fix is implemented just in time and the impact on financials is attributed to a methodology enhancement • After quarter close, it was discovered that the change had unintended consequences for related products No emergency protocol was in place to guide action when an issue was found during quarter close. 1 WHAT • What is the emergency procedure at your company if an issue is found during the quarter close process? Is it a formalized or informal procedure? 2 • Why is it a problem to rely on a judgment call from management when an issue pops up during quarter close? WHY 3 • How can actuaries structure and design controls to address the underlying issue? HOW End User Computing Hand-offsAssumptions Model StakeholdersData Emergency Protocol
  • 14. End User Computing1 Assumptions2 Recap Model Stakeholders5 Emergency protocol6 Hand-offs3 Data4