Have we had enough of experts?
Andy Cox highlights the value that experts, like actuaries, can add to diverse internal audit teams
09 MARCH 2017 | ANDY COX
During last year’s Brexit campaign, Michael Gove proclaimed: “People in this country have had enough of experts.” In hindsight, you can’t help question the wisdom of the experts predicting an immediate economic meltdown. To some extent, an insurer’s audit committee has been dependent on expert views where financial projection and modelling is concerned. These views are often being challenged as model risk makes its way up the corporate agenda.
Figure 1: Sample internal audit methodology
Internal audit (IA) functions are now seeking to offer assurance and challenge by using their own experts. In the past IA functions have been comprised of career auditors often with accountancy qualifications. This traditional career profile is of course still very valuable but insurance IA functions are increasingly diversifying their skill sets by employing business experts from the worlds of IT, change, investments and now actuarial.
There’s a well-practiced IA debate; do you really need to be an expert in the subject matter being audited? To answer this, consider a typical IA methodology shown in Figure 1.
IA-trained auditors should be competent at identifying the risks and controls within a process, with the help of process owners, during the audit planning process. In the fieldwork stage the auditor will go on to test whether these controls are well designed and operating effectively.
A business expert brought into an IA function will need some time to get to grips with this audit process, but once they have done so, they have the potential to be more challenging and therefore add more value to the process. They can challenge whether the business has considered all the relevant risks in areas they are familiar with. They can assess the quality and design of the controls using their practical experience to inject an element of benchmarking against best practice into the audit process.
When it comes to formulating the audit findings, a subject matter expert will often have a good sense of the significance of the findings to give them an appropriate priority and rating. Communication between an actuarial auditor and actuarial auditee is likely to be effective and efficient as they ‘speak the same language’. The subject matter expert may also be able to recommend practical and realistic actions for the business.
Figure 2: Percentage change to assets for a given reduction in interest rates
An analytical approach
Data analytics has been a hot topic within IA circles over the last couple of years, and is a key area where experts like actuaries can help with their analytical approach. Data analytics is increasingly being used to provide insight into the risks of the area being audited. A most powerful variant of data analytics can be used to narrow down the sample from which to test controls. Consider the case where IA is auditing the process for producing stressed asset values for calculating solvency capital requirements. The asset valuation team has a number of controls to check the stressed asset values. IA may request evidence that controls have worked on a random sample of calculations. However an alternative approach is to attempt to identify anomalies in the calculation and question whether the team’s controls have been effective in validating these apparent anomalies. Figure 2 shows an example of such analytics, in this case for corporate bonds within a fixed interest portfolio. It shows the percentage stress on each asset due to a reduction in interest rates, plotted against term to redemption. So those familiar with asset valuation would expect an upward sloping line, something a non-expert might not be familiar with. Approximate bounds (as shown by the shaded area in figure 2) can then be drawn to highlight potential outliers. These can then be investigated and questioned with the business and controls checked for this targeted sample. Identifying a control failure where no known issues have resulted can often lack the ‘so what’ question; it is far more powerful if IA can illustrate a control failure with potential flaws in
calculations. We shouldn’t forget however that even if there are no flaws, this type of analytics can help to give some powerful positive assurance over the process. If a control has not been followed but no issues can be shown to have arisen, the audit should question whether this control is really necessary.
Figure 3 (left) : Range of numbers and % of actuarial staff in IA functions. Figure 4 (right): Range of time offices have had actuarial staff in IA functions
Figure 5: Actual and intended areas of work for internal audit actuaries 2015-17
The Internal Audit Actuarial Network (IAAN) carried out a survey of how six UK insurance companies use actuarial resource within their IA functions. Actuaries comprised an average of 9% of the function’s staff and can be up to a quarter of an IA function. Some functions have recruited actuaries only in the last few years but others have had them on-board for a decade – figures 3 and 4 show more detail. Half of those surveyed said their demand for IA actuarial staff would increase, with the remainder saying it would remain at the current levels. Figure 5 shows the type of work actuaries have been, or are intended to get involved in – as you might expect, Solvency II has been a significant area around its launch date but other more BAU areas such as customer servicing and new business also feature.
A spectator can see the game better than the expert player
So, in common with many chief auditors, I think the actuarial skill set is a welcome addition to insurance firms’ IA functions. However perhaps the Brexit experience has highlighted the risk of expert ‘groupthink’. There is a danger that an actuarial auditor may not challenge what they see as traditional actuarial practice. Those with a wider, less expert, view may be better placed to challenge what experts take for granted. My experience has shown the real strength in working in a diverse audit team, using input from differing professional disciplines to reduce the chance of groupthink and bring new insights to the business.
Andy Cox is an audit manager in Internal Audit at Legal & General Group