Model Audit Rule
We Can Help You Achieve ComplianceMODEL AUDIT RULE OVERVIEW
MODEL AUDIT RULE RECENT CHANGES
The purpose of Model Audit Rule is to improve the state insurance departments’ surveillance of the financial condition of insurers. Any individual or stand-alone non-public company, including insurance companies, captive insurance companies, nonprofit insurers or health plans, that files an annual statement with their domiciliary state regulator is affected. The Model Audit Rule modifications enhance provisions in three areas:
Internal Controls Over Financial Reporting – Requires the management of insurers with direct premiums written and assumed in excess of $500 million to file a report with the state insurance department regarding the company’s assessment of internal controls over financial reporting. The report must include the following information:
- A statement that management is responsible for creating and sustaining adequate internal controls over financial reporting.
- A statement that management has created such controls and an assertion that these controls successfully provide reasonable assurance regarding the reliability of the statutory financial statements.
- A statement regarding the process or method utilized by management in this assessment.
- Disclosure of any un-remediated material weaknesses in internal controls over financial reporting.
External Auditor Independence – Prohibits the external audit firm from providing the following “non-audit” services to an external audit client: bookkeeping, financial information systems design and implementation, actuarial services, internal audit outsourcing services, management or human resource services, and/or expert service unrelated to audit.
Corporate and Audit Committee Oversight – Creates requirements on the makeup of the audit committee based on the insurance activity of the company and state. The audit committee is responsible for appointment, compensation and oversight of external auditors; holding company ownership structures requires a separate audit committee for each legal entity, but only at the ultimate controlling person level; and, depending on the size of the company, a percentage of audit committee members must be independent.
HOW ARE MODEL AUDIT RULE REQUIREMENTS DIFFERENT FROM SOX?
The internal control provisions of the Model Audit Rule include several key differences from the requirements of SOX 404:
-
Auditor attestation is not required. As such, management will likely have more flexibility in the nature and timing of their evaluation. However, companies must remain mindful that management’s basis for conclusion will be subject to state regulator reviews.
-
The Model Audit Rule and its related implementation guidance places more emphasis on the identification of material weaknesses, versus less significant internal control deficiencies.
-
In determining the level of documentation needed to complete the assessment, management can (and should) exercise judgment.
MODEL AUDIT RULE EXPERIENCE
- We understand exactly what is required and will help you design a cost effective plan to comply.
- We will work closely with you to develop or review your existing Risk Assessment for compliance.
- Execute an Entity Level Assessment which is the basis of a top down, risk-based approach to completing all other components of compliance.
- Assist with Process Documentation, Control Design and Testing of Key controls utilizing automated tools and leveraging our expert resources which will dramatically reduce the level of compliance effort and cost.
- Work closely with management and functional process owners in remediating areas of deficiency.
For more information on the Model Audit Rule and National Association of Insurance Commissioners, visit NAIC.org.
FOR ASSISTANCE WITH MODEL AUDIT RULE COMPLIANCE, PLEASE COMPLETE THE CONTACT FORM BELOW OR SEND US AN EMAIL AND ONE OF OUR SUBJECT MATTER EXPERTS WILL RESPOND TO YOU SHORTLY.
