By Sara Cook, Barnett Waddingham
What is TPR's guidance on the Directive?
The Directive identifies details for consideration under the heading of internal controls as including the custody and control of assets, internal audit and reporting lines. Internal controls are not a new concept for trustees of UK occupational pension schemes. TPR’s expectations are already enshrined in ‘Code of Practice 9’, which came into force in November 2006. TPR will review its code of practice and set out how trustees can meet the requirements of the new Directive; guidance is expected later in 2019.
What does the Directive say about internal audit?
One of the key new aspects of governance on its way, is internal audit. So what does the Directive mean by ‘internal audit’? Firstly, internal audit should not be confused with the statutory external audit, where a scheme’s auditor provides an independent opinion on the statutory financial statements of the pension scheme. It is important for trustees to understand the extent and scope of the statutory audit, which does not automatically extend to include confirmation that benefits paid are correct. Auditors may offer to extend the scope of the statutory audit to provide some assurances on calculations.
An internal audit of the type envisaged by the Directive has a far wider scope and includes non-financial processes and controls such as member communication and trustee governance. Trustees will need to decide on the scope of their internal audit and identify a suitable audit provider, taking into account conflicts of interest, independence, knowledge of pensions and professional and technical experience in undertaking audits. It is likely that areas of review will be tackled over more than one scheme year, the trustees having prioritised the risks to the scheme.
Who would provide an internal audit review?
The internal audit review could be provided by an ‘in-house’ function provided by the scheme sponsor or independently by an external third party giving assurance, e.g. an audit firm. The Institute of Chartered Accountants in England a Wales (ICAEW), suggests that trustees establish an internal audit charter with its internal audit function in order to describe what activities will be carried out and the value this adds to the scheme.
What can trustees do to prepare for TPR guidance?
Annually review their providers’ independent audit reports? For example, many third party administrators and investment managers produce AAF 01/06 reports, which include an independent assurance report from an audit firm
Ensure their risk register covers key risks and mitigations. These should be reviewed frequently and given sufficient management time as risks can change
Actions flowing out of risk register reviews must be recorded, responsibility allocated, followed up and completed
Identify the priority areas to be reviewed, consider budgets and investigate sources of independent audit assurance.
|