Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Internal control over financial

ICFR and PCAOB updates: What leaders need to be aware of

Download PDF
Share
Insurance
Read more

With changes in internal control over financial reporting (ICFR), insurance organizations must stay current with emerging and developing issues that may impact their control environment and program. The approach regarding some emerging issues – noncompliance with laws and regulations (NOCLAR); completeness and accuracy of data; automation; and environmental, social, and governance (ESG) and cybersecurity reporting — remains critical.

NOCLAR proposal expands auditor requirements

The Public Company Accounting Oversight Board’s (PCAOB) NOCLAR proposal aims to expand auditor requirements for public companies to evaluate potential noncompliance with laws and regulations. The amendments, proposed in early 2023, were open for a two-month comment period that closed in early August.

The proposal essentially expands the requirement of auditors for public companies to identify any noncompliance with laws and regulations with likely material impact on the financial statements. This will involve a judgment call by the auditors as to what is in fact material to the financial statements.

The proposed NOCLAR amendments received substantial feedback and spurred conversations on long-term impact on organizations and internal control processes. There is also the question of conflicts between the proposal and existing rules and regulations by the Securities and Exchange Commission (SEC). If the proposal is issued as a final standard by the PCAOB, then the SEC will also review the broadened scope for auditors and will need to approve the standard before it is effective.

If the proposal is finalized, then one significant effect will likely be additional time and effort on the part of auditors to examine material impacts and potential noncompliance with laws and regulations.

Additionally, it is presumed that management will need to provide information that could encompass documentation of processes, documentation, flowcharts, risk identification, and control/monitoring evidence, which will be subject to audit. This will ultimately increase both auditing fees and internal control and compliance efforts for companies.

Currently, the PCAOB is reviewing feedback received during the comment period, and the timeline and subsequent steps for implementing NOCLAR are unclear. However, likely impact, developments, and conversations need to be on the radar.

Meeting the NOCLAR requirement is assumed to be a pretty significant effort, including by management. As auditors, it is presumed we will need additional subject matter professional involvement to comply.

Scott Stein

Partner, Audit, KPMG LLP

How leaders can respond: Enable greater collaboration between functions

Due to the differences in laws and regulations across jurisdictions where business is conducted, NOCLAR may make it necessary for lawyers to assist auditors and companies in effectively evaluating compliance. This will involve close interplay between the chief financial officer, chief compliance officer, finance controllership, compliance, and the legal function. Leaders will have a critical role in setting the tone and facilitating the process.

This is also expected to add complexity to the audit process. The substantial increase in auditing and internal control efforts could also raise questions regarding the cost-benefit balance of the proposal. 

Continued challenges with completeness and accuracy of data

Observations from ICOFR testing programs and monitoring of comments from external auditors highlight that completeness and accuracy of data used in internal controls continue to be a challenge. In fact, the PCAOB in its annual inspection reports has indicated that the deficiency rate in terms of completeness and accuracy of data is increasing up to an average of 40 percent over the last few years.

This topic takes on even more importance as insurance companies continue to update and transform their legacy processes and systems. So, companies must consider data governance with a focus on the downstream impact, including data feeds, data warehouses/repositories, queries, scripts, and report writers, among other potential impacts.

An organization should enhance its efforts in validating completeness and accuracy of data used in financial reporting and internal controls. I would challenge that a similar effort should be focused in areas outside of financial reporting, including planning, capital management, and other decision-influencing areas. Automation can help enable effectiveness in this area.

Jason Freund

Partner, Internal Audit & Enterprise Risk, KPMG LLP

How leaders can respond: Understand the opportunity from transformation

System transformations are creating opportunities for management to harness data and review or assess information in different ways. Leveraging the enhanced data governance required by these initiatives, control owners, ICFR programs, and auditors makes it possible to demonstrate completeness and accuracy and enable more continuous monitoring or testing activities, resulting in more timely and enhanced assurance versus a traditional sample-based approach.

Further, the creation of dashboards and reports to identify outliers or exceptions as indicators of the condition of the control environment is emerging.

Providing observations at points in the project lifecycle and giving various stakeholders an opportunity to address risks and consider the redesign of controls prior to implementation, enables effectiveness and efficiency.

Shivakumar Rajam

Managing Director, Tech Assurance Audit , KPMG US

ESG and cybersecurity reporting

ESG reporting requirements continue to evolve and leading organizations are focused on documenting their processes and enhancing their internal controls, including evidence operation effectiveness at an appropriate level of precision.

New rules are also putting the spotlight on cybersecurity and required disclosures. The rules can be classified into three broad categories—cyber incident and reporting, cyber risk management, and cybersecurity, governance, and oversight. With several organizational functions linked to cybersecurity, the onus does not lie on IT alone. Strong emphasis should be placed on both quantitative and qualitative analyses in determining the materiality of cybersecurity breaches or events in an organization's public filings. All internal stakeholders need to be made a part of the transformation journey, so that risks and controls can be better addressed.

How leaders can respond: Integrate key risk-related processes

Leaders must take a proactive stance in integrating these requirements into their financial reporting and risk management processes. This will involve facilitating a collaborative approach between finance, internal audit, IT professionals, and other governance areas (e.g., Disclosure Committee) to assess and address potential ESG and cybersecurity risks.

Navigating the way forward

With the scale of change and compliance, open, transparent communication between external auditors, management, legal experts, and regulators will remain crucial. Assessing likely impacts, breaking functioning siloes, implementing leading practices, and implementing technologies with robust controls can help ensure effective internal controls and financial reporting compliance.

This information was originally presented at the KPMG 35th Annual Insurance Industry Conference.

Dive into our thinking:

Internal control over financial

ICFR and PCAOB updates: What leaders need to be aware of

Download PDF

Leading through uncertainty: Shaping the future of Insurance

Dive in to the insights shared at our 35th Annual Insurance Industry Conference. 

Read more

Explore more

Event
Webcast Replay Webcast Upcoming Listen Now

36th Annual Insurance Industry Conference

Embrace today. Elevate tomorrow.

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

New ways of working and the evolving talent landscape

Embracing the future of work

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

Future of insurance distribution and services

Reshaping the insurance distribution landscape

Read more

Meet our team

Image of Jason Freund
Jason Freund
Partner, Internal Audit & Enterprise Risk, KPMG US
Read bio
Image of Scott Stein
Scott Stein
Partner, Audit , KPMG LLP
Read bio
Image of Shivakumar Rajam
Shivakumar Rajam
Managing Director, Tech Assurance Audit , KPMG US
Read bio
Image of Jason Freund
Jason Freund
Partner, Internal Audit & Enterprise Risk, KPMG US
Read bio
Image of Scott Stein
Scott Stein
Partner, Audit , KPMG LLP
Read bio
Image of Shivakumar Rajam
Shivakumar Rajam
Managing Director, Tech Assurance Audit , KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline