Open-access content
Tuesday 28th February 2012
—
updated 5.13pm, Wednesday 29th April 2020
Paul Klumpes asks what actuaries can learn from the accountants perspective on managing risk
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework has recently been endorsed as the basis for reporting and managing risks for most industrial firms. But there remains some ambiguity as to what constitutes an appropriate basis for analysing enterprise risk management (ERM) within insurance firms.
For instance, the UK actuarial profession is keen to endorse international standards on this issue. However, there is evidence that UK insurance firms focusing on accounting rates of return (such as return on equity or ROE) tend to use different approaches to managing risk for performance reporting than for management planning and control.
Since the COSO framework and ERM was originally embedded in financial reporting, one outstanding issue is whether performance measurement or long-term planning and control should be the primary basis for identifying and reporting ERM.
Given that, for accounting, the focus is mostly on performance measurement, whereas actuaries are concerned with long-term planning and control implications related to their accountability for implementing ERM strategy, it should not be surprising that an accountant would want to have a view on this issue.
The main areas that I will touch on concern some missing links in the relationship between accounting and actuarial professionals. In particular, I will look at the interaction between the operation of ERM and internal control and information systems. It is important to recall that the role of ERM and COSO as 'compliance-orientated' internal control frameworks originated from US legislation.
Other key terms within the definition of ERM concern risk appetite and risk tolerance. Sir David Walker's independent review of corporate governance in UK banks suggests that "board-level engagement in the high-level risk process should be materially increased, with particular attention to the monitoring of risk and discussion leading to decisions on the entity's risk appetite and tolerance... above all in monitoring risk and setting risk appetite and relevance parameters, which are at the heart of the strategy of the entity.''
Presumably, both these terms are key to actuarial implementation of ERM in general insurance contexts as defined by the COSO ERM framework. The framework is more commonly associated (outside the FSA) with the risk-assessment work that the FSA carries out in many financial firms. However, although the requirements are now being implemented, there is little transparency.
A similar issue arises for banks with their Basel II and IFRS capital adequacy requirements and reported accounting ratios. It is surprising that there are still no auditing requirements for the monitoring of Basel II or Solvency II, as they are outside the financial statements. Recently, the FSA proposed that this issue be addressed.
It seems also surprising that, given the whole debate about Solvency II, there is little discussion of the relationship between actuarial risk management and accounting (either on-balance sheet or off-balance sheet) risk management. For example, in Australia, from 1 January 2013, a new standard will compel public accounting firms to establish, maintain, monitor and document a risk management framework. There is no such requirement for actuarial consulting firms, either in the UK or other countries.
Table 1 shows how subtle differences in reporting regime affect the nature, scope and scale of risk reporting. It illustrates the key variations in both the objective, basis, and verifiability and focus of alternative accounting, actuarial management and regulatory purposes. For, while the main objective of financial reporting is to provide information to capital providers, meaning that performance management is the key, the regulator is more concerned about capital adequacy and ensuring that there is a minimum level of solvency. The internal view presumably takes a combination of the two, but is primarily directed at long-term planning and control.
The lack of coordination between accounting and regulatory-based reporting is evidenced in reporting practices by banks. These give investors little guidance about the interrelation between regulatory-based capital and accounting-based capital ratios.
One has to review the accounts of Swiss banks to work out that often the 'risk weighted assets' used to evaluate capital do not even have any corresponding item on the balance sheet, such as 'operational risk' or 'market risk'. It turns out that the risk-weighted assets (which are based on true values rather than fair values) vastly overstate the accounting-based assets and therefore result in reported capital that exceeds that based on unweighted accounting statements.
This is particularly the case for banks that have relatively risky portfolios. Much of the recent evolution from Basel II to Basel III concerns dealing with attempts by banks to shift these risks by reclassifying liabilities and equities, and treating 'loss-absorbing capital' as a buffer.
A major criticism of bank reporting is the failure to decompose capital ratios between banking and trading books, since the latter is subject to fair value reporting. If the situation for banks is complicated, presumably similar issues apply to insurance firms and pension funds, regarding the quality of their liabilities and capital.
In particular, there are different stakeholders (shareholders versus policyholders, and employee versus employer participants). Whereas the accounting perspective tends to take the position of the shareholder and employer, the actuarial (regulatory) perspective tends to take the position of the policyholder and the employee. What is the position for insurance firms that similarly have to evaluate the quality of their liabilities under Solvency II?
There is still ambiguity as to how the Committee of European Insurance and Occupational Pensions Supervisors (CEIOPS) will implement a particular basis for risk reporting. Similarly, there are still many unresolved issues that the International Accounting Standards Board (IASB) is grappling with in terms of resolving apparent dilemmas in income and revenue recognition. Perhaps greater clarification on the key elements and objectives, and the different stakeholders affected, would help.
The controversies surrounding accounting manipulation and creative accounting (for example, AIG, Enron) has focused on the scope for banking and insurance entities to place undesirable exposures off balance sheet. Much of this concerns the role of functional versus institutional or legal interpretation of accounts.
An important development in International Financial Reporting Standards (IFRS) has been the move away from literalist towards functional views of hedge accounting (Financial Times, 10 December 2010). However, there is little evidence that such positions are also evolving for insurance contracts. It is surprising, therefore, that the insurance industry and the actuarial profession has not made more effort to enhance transparency in these areas.
While efforts to classify risks are to be applauded, the interrelationship between strategy risk, ERM practices and capital management and reporting remain obscure. The ARROW audits of the FSA on many firms require those risks to be clarified, yet there is little disclosure on these issues in annual reports. Should not the failure or inadequacy of risk management practices be disclosed to enhance transparency in reporting?
More research is needed to clarify regulatory solvency versus IFRS-based capital statements, so that the investor and user can better appreciate the link between risk management practices, capital management and performance in the sector.
After all, COSO and ERM frameworks were intended to enhance corporate governance. Increasing the scope and depth of cooperation between accountants and actuaries will be the key to successful implementation.
Since the COSO framework and ERM was originally embedded in financial reporting, one outstanding issue is whether performance measurement or long-term planning and control should be the primary basis for identifying and reporting ERM.
Given that, for accounting, the focus is mostly on performance measurement, whereas actuaries are concerned with long-term planning and control implications related to their accountability for implementing ERM strategy, it should not be surprising that an accountant would want to have a view on this issue.
The main areas that I will touch on concern some missing links in the relationship between accounting and actuarial professionals. In particular, I will look at the interaction between the operation of ERM and internal control and information systems. It is important to recall that the role of ERM and COSO as 'compliance-orientated' internal control frameworks originated from US legislation.
Other key terms within the definition of ERM concern risk appetite and risk tolerance. Sir David Walker's independent review of corporate governance in UK banks suggests that "board-level engagement in the high-level risk process should be materially increased, with particular attention to the monitoring of risk and discussion leading to decisions on the entity's risk appetite and tolerance... above all in monitoring risk and setting risk appetite and relevance parameters, which are at the heart of the strategy of the entity.''
Presumably, both these terms are key to actuarial implementation of ERM in general insurance contexts as defined by the COSO ERM framework. The framework is more commonly associated (outside the FSA) with the risk-assessment work that the FSA carries out in many financial firms. However, although the requirements are now being implemented, there is little transparency.
A similar issue arises for banks with their Basel II and IFRS capital adequacy requirements and reported accounting ratios. It is surprising that there are still no auditing requirements for the monitoring of Basel II or Solvency II, as they are outside the financial statements. Recently, the FSA proposed that this issue be addressed.
It seems also surprising that, given the whole debate about Solvency II, there is little discussion of the relationship between actuarial risk management and accounting (either on-balance sheet or off-balance sheet) risk management. For example, in Australia, from 1 January 2013, a new standard will compel public accounting firms to establish, maintain, monitor and document a risk management framework. There is no such requirement for actuarial consulting firms, either in the UK or other countries.
Table 1 shows how subtle differences in reporting regime affect the nature, scope and scale of risk reporting. It illustrates the key variations in both the objective, basis, and verifiability and focus of alternative accounting, actuarial management and regulatory purposes. For, while the main objective of financial reporting is to provide information to capital providers, meaning that performance management is the key, the regulator is more concerned about capital adequacy and ensuring that there is a minimum level of solvency. The internal view presumably takes a combination of the two, but is primarily directed at long-term planning and control.
| Shareholder reporting | Regulatory reporting | Own business reporting | |
|---|---|---|---|
| Key reference | IFRS IAS 32, IFRS 7, 9 | FSA, US SEC, Solvency II CEIOPS | Professional guidelines and actuary practice |
| Scope | Annual report | Reporting filing FSA, Basel Pillar III | Actuarial risk classification |
| Main focus | Market risk | Solvency risk | Strategy risk |
| Verifiability | Auditor | Regulator | None |
| Assumed valuation basis | Historic cost - fair value | Risk weighted (prudent)? | Cash flow |
| Risk basis | Earnings at risk | Value at risk | Cash flow at risk |
| Primary objective | Performance measurement | Capital adequacy | Sustainability of long-term business model |
| Main users | Shareholders | Policyholders | Management |
| | | | |
The lack of coordination between accounting and regulatory-based reporting is evidenced in reporting practices by banks. These give investors little guidance about the interrelation between regulatory-based capital and accounting-based capital ratios.
One has to review the accounts of Swiss banks to work out that often the 'risk weighted assets' used to evaluate capital do not even have any corresponding item on the balance sheet, such as 'operational risk' or 'market risk'. It turns out that the risk-weighted assets (which are based on true values rather than fair values) vastly overstate the accounting-based assets and therefore result in reported capital that exceeds that based on unweighted accounting statements.
This is particularly the case for banks that have relatively risky portfolios. Much of the recent evolution from Basel II to Basel III concerns dealing with attempts by banks to shift these risks by reclassifying liabilities and equities, and treating 'loss-absorbing capital' as a buffer.
A major criticism of bank reporting is the failure to decompose capital ratios between banking and trading books, since the latter is subject to fair value reporting. If the situation for banks is complicated, presumably similar issues apply to insurance firms and pension funds, regarding the quality of their liabilities and capital.
In particular, there are different stakeholders (shareholders versus policyholders, and employee versus employer participants). Whereas the accounting perspective tends to take the position of the shareholder and employer, the actuarial (regulatory) perspective tends to take the position of the policyholder and the employee. What is the position for insurance firms that similarly have to evaluate the quality of their liabilities under Solvency II?
There is still ambiguity as to how the Committee of European Insurance and Occupational Pensions Supervisors (CEIOPS) will implement a particular basis for risk reporting. Similarly, there are still many unresolved issues that the International Accounting Standards Board (IASB) is grappling with in terms of resolving apparent dilemmas in income and revenue recognition. Perhaps greater clarification on the key elements and objectives, and the different stakeholders affected, would help.
The controversies surrounding accounting manipulation and creative accounting (for example, AIG, Enron) has focused on the scope for banking and insurance entities to place undesirable exposures off balance sheet. Much of this concerns the role of functional versus institutional or legal interpretation of accounts.
An important development in International Financial Reporting Standards (IFRS) has been the move away from literalist towards functional views of hedge accounting (Financial Times, 10 December 2010). However, there is little evidence that such positions are also evolving for insurance contracts. It is surprising, therefore, that the insurance industry and the actuarial profession has not made more effort to enhance transparency in these areas.
While efforts to classify risks are to be applauded, the interrelationship between strategy risk, ERM practices and capital management and reporting remain obscure. The ARROW audits of the FSA on many firms require those risks to be clarified, yet there is little disclosure on these issues in annual reports. Should not the failure or inadequacy of risk management practices be disclosed to enhance transparency in reporting?
More research is needed to clarify regulatory solvency versus IFRS-based capital statements, so that the investor and user can better appreciate the link between risk management practices, capital management and performance in the sector.
After all, COSO and ERM frameworks were intended to enhance corporate governance. Increasing the scope and depth of cooperation between accountants and actuaries will be the key to successful implementation.
