November 2012

Proof that the Independent Risk Audit Is a Great Idea!

by James Ramenda

I’ve written more than once that an independent “risk audit” would be a more useful exercise than the independent accounting audit with which we are all familiar. After all, why limit the basis for financial information to single point estimates when we live in a world of (sometimes wildly) asymmetrical outcomes? And shouldn’t this function be performed by independent experts? The financial meltdowns that make headlines seem to include episodes where the internal risk management experts were ignored, overruled, or even fired.

The recurrence of these unfortunate events may add support to the idea of an independent risk audit. Risk audit requirements could boost the profile for the actuarial profession as well as the CERA designation. Are we getting traction with this idea? Not much, at the moment.

But times might be changing: It has been proposed that the independent risk audit become part of the accounting audit—at least in a step in the right direction. In June of 2012, the Financial Accounting Standards Board (FASB) updated its proposal for Disclosures about Liquidity Risk and Interest Rate Risk (Topic 825). Without getting too far into the details, this proposal would require maturity/repricing disclosure for financial liabilities for all entities, along with an interest rate sensitivity analysis for net income and shareholders’ equity for financial institutions, e.g., parallel shifts, flattening and steepening. The FASB proposal follows the already in-force International Financial Reporting Standard (IFRS) 7 in spirit, though not to the letter.

The bigger picture is that the accounting profession is recognizing the importance of risk, asymmetrical outcomes, stochastic approaches, etc., and making such recognition part of the accounting process—not by doing the calculations, but by bringing the calculations into the scope of their audit responsibility. The audit opinion, of course, is what is seen by management, the board, shareholders and the Securities and Exchange Commission (SEC). This emerging process is somewhat reminiscent of how the accounting function subsumed aspects of corporate governance a few years ago, with a big assist from Sarbanes-Oxley (SOX).

In any case, it’s the start of a risk audit process. Maybe not exactly the start or pace of progress that an actuary/CERA might have wished for, but we live in an accounting-centric world. And in this world, the next best thing to a completely independent role is to have risk management take an established place in the existing audit process.

James Ramenda, FSA, CERA, is senior vice president, Enterprise Risk at SS&C Technologies, Inc. in Windsor, Conn. He can be reached at