6. Pensions Process Actuaries -Are they considered a 3rd party? 2299

Pensions Process Actuaries -Are they considered a 3rd party? 2299

  • K

    Actuaries are considered experts and do not require SAS70 coverage.
    You should ensure that you have controls over information provided to the actuary (complete, accurate), assumptions used and information recorded in your financial statements.

    0
  • W

    Not according to my External Auditors.
    But as per above, our liabilties are material and sensitive therefore they probably feel greater assurance is required than just relying on the expertise of the model maker.

    0
  • K

    The guidance is clear that SAS 70 reports are not required from subject matter experts, only from service providers and then only if we are placing any reliance on their processing controls.

    0
  • D

    100% agree with kymike%0AThe only additional controls that the company would need to have are around how those experts are engaged and how their results are used, however the independent conclusion of a 3rd party expert do not require a SAS70.

    0
  • W

    OK I follow your point but why why classify actuaries as subject matter experts?
    An actuary provides a service where they use complex models based on various assumptions to value assets and liabilities. This is not a simple stick a figure in the start of the process and the answer is spewed out of the end no matter who does the calculation. That is a subjective ‘science’ that has high risk where the incorrect application of an assumption or even misuse of an assumption could throw everything off. We’ve even seen cases where final salary pension schemes have been seriously impacted by incorrect and inappropriate valuations.
    I will accept your statement that actuaries are explicity defined as subject matter experts however just for the record providing complete and accurate data to the actuaries does not confirm you have complete and accurate movements in the P-and-L nor properly valued assets in your BS irrespective of whatever assumptions you report using.
    Of course I should clarify that you are refering to actuarial functions for a company pension scheme and not for large financial institutions.

    0
  • G

    100% agree with kymike%0AThe only additional controls that the company would need to have are around how those experts are engaged and how their results are used, however the independent conclusion of a 3rd party expert do not require a SAS70. %0AI agree that a SAS70 is not required, partly because GAAS generally include a description of the mutual responsibilities between actuary and auditor, including the requirement for the external attest auditor to gain assurance about the completness and accuracy of data provided by the client to the actuary. The CICA Assurance handbook used to have a long section on that.%0AHowever I don’t think the external auditor is off the hook ‘so to speak’ just by checking the data to prevent the ‘garbage in garbage out’ scenario. It seems to me that the external auditor must also assess the reasonability of the key assumptions used by the actuary, whether the actuarial report is for pension plan financial statement purposes, determining funding requirements and/or pension expense on the employer financial statements.%0AThere is simply too much room to manage the resulting numbers by tweaking the assumptions. The way I see things, the external auditor needs to compare the employer’s (i.e. actuary’s) assumptions to those used in other plans and evidence an assessment of why the assumptions are within the zone of reasonability; and also assess the reasonability of resulting sensitivity analysis which is typically required.%0ASo in brief, I’m thinking that the auditor should validate the data going in, assess the reasonability of the results based on the reasonability of the assumptions used, and quite frankly leave the accuracy of the actuarial calculations to the actuary. It’s up to the actuary (a SME / specialist) to choose an appropriate method and validate their own calculations.%0ATo put this in the context of a sox enagement (ICFR work), management likewise needs to validate the data going ito the actuary, evidence the reasonability of the assumptions used, and evidence that any disclosure concerning sensitivity of results is reasonable. Just another case where financial management with strong ICFR pretty much does 90% of the external auditors actual work:> 😉

    0
  • K

    I agree with graybeard. The external auditor generally cannot rely on the valuations provided by the actuary (or any other subject matter expert) like the public client can. Our external auditors have their internal specialists review the valuation by our external actuary for reasonableness.
    For SOX purposes, the public company client does not need to have a SAS 70 from the actuary and can rely on the valuation provided by the actuary. The public company, however, needs to ensure that controls exist over the completeness and acuracy of the data sent to the actuary and over recording values on the ledger based on the actuarial report.

    0
  • D

    %0AI agree that a SAS70 is not required, partly because GAAS generally include a description of the mutual responsibilities between actuary and auditor, including the requirement for the external attest auditor to gain assurance about the completness and accuracy of data provided by the client to the actuary. The CICA Assurance handbook used to have a long section on that.%0AHowever I don’t think the external auditor is off the hook ‘so to speak’ just by checking the data to prevent the ‘garbage in garbage out’ scenario. It seems to me that the external auditor must also assess the reasonability of the key assumptions used by the actuary, whether the actuarial report is for pension plan financial statement purposes, determining funding requirements and/or pension expense on the employer financial statements.%0AThere is simply too much room to manage the resulting numbers by tweaking the assumptions. The way I see things, the external auditor needs to compare the employer’s (i.e. actuary’s) assumptions to those used in other plans and evidence an assessment of why the assumptions are within the zone of reasonability; and also assess the reasonability of resulting sensitivity analysis which is typically required.%0ASo in brief, I’m thinking that the auditor should validate the data going in, assess the reasonability of the results based on the reasonability of the assumptions used, and quite frankly leave the accuracy of the actuarial calculations to the actuary. It’s up to the actuary (a SME / specialist) to choose an appropriate method and validate their own calculations.%0ATo put this in the context of a sox enagement (ICFR work), management likewise needs to validate the data going ito the actuary, evidence the reasonability of the assumptions used, and evidence that any disclosure concerning sensitivity of results is reasonable. Just another case where financial management with strong ICFR pretty much does 90% of the external auditors actual work:> 😉 %0AI agree with you here. My responses come from a client rather than auditor perspective, but you are right to say that there are additional checks the auditor should follow. Certainly in my own Big 4 days we used to, sometimes, have the actuarial work checked by our own specialists.

    0
  • W

    I agree with these responses. I realise that in my case we do more work becuase firstly we rely on actuarial services a lot more than just for a pension scheme so for us it is very high risk but also because we work in partnership with our external auditors and undertake a lot of the work ourselves to aid fee reduction. Clearly this has meant that we have gone beyond our own SOX needs and we are undertaking work that our auditor requires but in the longer term this a more efficient and economic solution.

    0
  • R

    Conclusions:
    (a) Big 4 companies has their own specialists (why public company does not??);
    (b) SAS70 is not required (since it’s a well knowing firm in the market);
    © SOX control should be based on some internal review by someone in the public company (not only in those information provided for the actuary, but also on the reasonably of the P-and-L accounted each year);

    0
  • K

    Conclusions:
    (a) Big 4 companies has their own specialists (why public company does not??);
    (b) SAS70 is not required (since it’s a well knowing firm in the market);
    © SOX control should be based on some internal review by someone in the public company (not only in those information provided for the actuary, but also on the reasonably of the P-and-L accounted each year);
    Auditors can leverage their specialist over many clients. It generally does not make financial sense to have an acturary within a public company if all there was to value was the pension liability.

    0
  • B

    Some service providers have SAS70’s. Just ask them. Once some of their clients paid for it, they might want to offer it to you as well.
    No try no gain. 😉

    0
Log in to reply