Skip Links
Baker Tilly
United Kingdom
Follow us on Twitter Follow us on LinkedIn

Pensions - Internal Controls

Ian Bell
Head of Pensions

Contact me

T: 0845 057 0700
F: 01293 532695

Related links

Risk management and the monitoring of internal controls has never been a one off exercise and regular review ensures that the risk management process remains relevant and effective. 

Now is a particularly good time to review your overall approach to risk management, whatever the size of your scheme as the Pensions Regulator (‘tPR’) has raised the profile of risk management by issuing revised guidance to support Code of Practice 9 'Internal controls'. 

In issuing the revised guidance ‘tPR’ acknowledges that there have been improvements in risk management over the last five years and that is consistent with our own experiences. However, tPR believes that more can still be done, especially by, although not limited to, smaller schemes.

Principles

The guidance identifies principles for developing an adequate internal control framework. These are:

  • Understanding the importance of internal controls – trustees must recognise their responsibilities and how internal control relates to good governance
  • Identify risk – the assessment of internal and external risks is a continual process
  • Evaluation of risk – assessing impact – consider the significance of risks on the operation of the scheme
  • Managing risk – internal controls need to be introduced, but it must be recognised that these mitigate risk, not eliminate risk
  • Effective monitoring of controls – controls must be assessed regularly to ensure that they are operating correctly and still relevant to the scheme.

These are sound principles and are consistent with most risk management exercises that we are aware of. A important change of emphasis is, however, in the need for the process to be continual and that trustees should be incorporating review processes into their business plans and agendas.

An important benefit of continual review is that trustees should be able to identify and respond to new risks quicker and more effectively. The recent ‘difficult’ investment market has demonstrated how important timely decision making can be.

Disclosure to members

Included in the principles is the comment:

‘consider disclosing to members a statement on their (‘the trustees’) assessment of key risks and internal control procedures, e.g. in their (‘the trustees’) annual report and accounts’

This sentiment also features in the on-going Department for Work and Pensions consultation on the disclosure of information to scheme members. 

Trustees should, therefore, view such disclosure as best practice. This is probably better as a short overview of the actions taken by the trustees and not an overly detailed explanation of controls and procedures.

Seven key risk areas

The guidance does, overall, provide far more detail than that previously issued, and explains seven key risk areas that trustees should consider. 

These are:

  • A lack of knowledge and understanding – this challenges the trustees’ overall capability and the ability to identify skills gaps.
  • Conflicts of interest – tPR sees this as a risk both in terms of individuals that are trustees and in terms of their advisers.
  • Ineffective relations with advisers – trustees need to manage the appointment of advisers and the on-going communication and reporting.
  • Poor record-keeping (including financial risk) – a major issue for tPR, but clearly good member records are essential to the on-going operation of the scheme. The definition of record-keeping also extends to financial records.
  • Deterioration of the employer covenant – an area where circumstances can change quickly, so trustees need to be alert to major changes as they happen.
  • Investment risk (including financial risk) – controls in this area are regarded as a vital function by tPR.
  • Ineffective retirement processes – communication to enable timely and effective decisions by individuals is essential and will potentially result in better pensions for members.

There are other areas that need to be considered as part of a full assessment of the risks faced by trustees. However, the seven areas above do enable trustees to establish if their own processes address the risks recognised by tPR.

Practical guidance

For each of the seven key risk areas, the guidance provides practical suggestions and examples using the headings
 
‘Why is this important?’

 ‘What behaviours do we expect to see?’ and

‘What control procedures do we expect to see and what are the benefits?’.

Overall, this is a useful approach, although care must be taken to avoid it becoming a template or a list of standard actions. Key to any risk management exercise is that it is specific to an individual scheme and that it involves the trustees. This ensures that the process is driven by the trustees and that they are able to establish effective monitoring procedures.

Conclusion

We are pleased to have helped many trustee boards with their risk management programmes and we recognise that many schemes have robust and well monitored processes in place. Trustees should, however, consider the guidance issued by tPR and establish if there are any areas that have not been addressed or where circumstances have changed.

For trustees that have not formally assessed the risks that they face, now is the time to undertake a formal risk management exercise that is specific to their scheme.