Optimus Think

Steering Through Uncertainty: The Impact of IFRS 17 on Risk Management and Control Strategies


Insurers embracing IFRS 17 are revolutionizing their operations, embracing cutting-edge technologies, and enhancing data requirements. This entails streamlining processes and unifying teams to generate IFRS 17-compliant financial statements. With a strong emphasis on accuracy and integrity, insurers are also faced with the task of redefining their control environments and governance structures for financial reporting.

Updating the control environment brings a host of important benefits. First and foremost, it ensures proper risk management (accuracy and completeness of data) throughout the entire IFRS 17 solution, guaranteeing auditability and financial statements free of material misstatement. Additionally, the seamless automation of controls significantly shortens the close process, freeing up valuable time for existing staff to focus on analytics and other value-added activities.

  1. Risk Identification: Identify and address risks that can lead to material misstatement.
  2. Control Environment: Establish a robust control environment, implementing the necessary controls to mitigate risks.
  3. Risk Monitoring: Continuously review both new risks and existing controls to ensure effective risk management.

These will be discussed in further detail below:

Risk Identification

Safeguarding an Insurer requires staying ahead of potential risks. With the implementation of new systems and processes mandated by IFRS 17, it’s crucial to be aware of the additional failure points that may arise. To ensure accuracy in financial statements, it’s essential to thoroughly consider all possible events that could lead to material misstatements.

To streamline this process, Insurers must adopt a holistic view of their end-to-end IFRS 17 processes. This comprehensive perspective enables the identification of bottlenecks and failure points, allowing for efficient risk management strategies.

Once risks are identified, the next step is to assess and quantify their impact. Prioritizing risks is key, as urgent and serious risks demand immediate attention. By prioritizing and addressing risks appropriately, Insurers can effectively manage and mitigate potential issues.

Updating the Control Environment

When it comes to the Financial Risk Management process, while risks cannot be eliminated, they can be mitigated by strengthening the control environment. Depending on the nature of the risk, an entity may choose to adopt a combination of the following controls:

  1. Application Controls: These are controls within an application or system that ensure the accuracy, completeness, and validity of data and transactions. Examples of application controls include data validation of transaction from policy admin system through to the GL.
  2. IT General Controls (ITGC’s): These are controls that are designed to ensure the overall integrity of the IT environment. They include controls over system development, change management, access controls, and data center operations.
  3. Business Validation Controls: These are controls that ensure the accuracy and completeness of business transactions. They are typically manual controls that involve reviewing and reconciling data. Examples of business validation controls could include manual bank reconciliations or the review of outstanding receivables etc.
  4. Service Level Agreements: These are contractual agreements between teams that define the level of service that will be provided. Service level agreements (SLAs) typically include metrics such as uptime, response time, and resolution time, and may also specify penalties for noncompliance. Examples include SLAs between finance and actuarial functions, SLAs between Actuaries and managed service providers that assist with CSM calculations etc.
  5. Change Management Controls: These are controls that ensure that changes to IT systems and applications are made in a controlled and systematic manner. Change management controls typically involve a formal process for requesting, reviewing, approving, and implementing changes, and may also include testing and roll-back procedures. The goal of change management controls is to minimize the risk of system downtime, data loss, or other negative impacts caused by changes to IT

To gauge the strength of a control environment, the examination of the financial close process, especially the time spent verifying the completeness and accuracy of financial data, serves as the key indicator. Insurers with a weak control environment may spend days manually reconciling data or fixing errors. In contrast, a robust control environment fosters efficiency through the automation of manual controls, the elimination of unnecessary or duplicative steps, and the cost-effective consolidation of certain functions.

Risk Monitoring

The financial control environment should be continuously monitored since new risks may arise as the business evolves. While the basics include regular review of internal controls and monitoring KPIs that track the Insurer’s control environment, the businesses seeking true transformation invest in leading cloud software that automates and controls critical financial close management processes. Common features included in this software include:

  • Streamlined Workflows: Workflows that automatically track the review process and automatically delegate specific business units to provide required explanations and control certifications.
  • Centralized Documentation: Store all supporting documentation and aggregate explanations in one location. Utilize reports and dashboards that were specifically designed to track status, incomplete items, and other KPIs.
  • Realtime Exception Reporting: Remove the need for spreadsheets or emails by automatically calculating deviations, setting thresholds and tolerances, and flagging unusual items for investigation. These types of automation create real-time tangible benefits to give time back to your finance team for supporting further analytics.

Risk monitoring should be an integral part of an Insurer’s continuous improvement efforts. Actively seeking out and mitigating new risks through effective controls establishes a proactive approach to risk management. Additionally, continuously evaluating the operational effectiveness of your controls allows you to fine-tune your control environment, ensuring it serves its purpose effectively.

A Final Thought

As Insurers navigate the transition to IFRS 17, it’s clear that significant resources are being dedicated to validating results. Insurers are advised to stop wasting time on reactive processes that are prone to errors, and instead, embrace proactive measures that improve critical controls and expedite reporting. Rather than treating it as a burden, Insurers should focus on addressing the biggest pain point right away, ensuring greater confidence in their Financial Statements and reducing the time and effort spent on this critical task.

Optimus SBR’s IFRS 17 BAU Acceleration Services

Our IFRS 17 BAU Acceleration services help organizations fully leverage their IFRS 17 infrastructure to optimize their investment. Our team is one of the most experienced in the industry, having already supported 24 organizations, both in Canada and globally, through their implementation journey. We have the proven strategic and tactical expertise to help insurers get the most out of this new standard.

Contact Us for more information on how we can assist your team.

Evan Farlinger, CPA, CA – Principal, Financial Services Practice

Farshid Buhariwalla, CPA, CA – Principal, Financial Services Practice

Optimus Think