Quick Links


Home > Trends & Insights > Model Audit Rules Revised for Insurance Industry



Wednesday, October 6, 2010

Model Audit Rules Revised for Insurance Industry

SOX-inspired regulations now making their way to the insurance industry

The corporate reform boulder that Congress threw into the pool after the collapse of Enron continues to send waves across the U.S. economy. The Sarbanes-Oxley Act of 2002 (SOX) was passed in the wake of several high-profile business scandals. The legislation was designed to improve the quality of financial reporting for publicly traded companies and restore some lost public faith in corporate responsibility.

Since its passage, many industry sectors with non-publicly traded companies — such as healthcare — have been pushed to improve their accounting controls in ways that mirror SOX.

Now, the insurance industry is gearing up to join the movement. The National Association of Insurance Commissioners has reviewed and modified its Model Audit Rules to resemble the requirements of SOX—more transparency, tighter adherence to internal controls, better corporate governance.

And, also similar to SOX, noncompliance is not an option. Regulators will take action and companies could face significant penalties, both financially and operationally, for noncompliance. Regulators even have the ability to take over insurance entities if needed.

What Does it Mean?

The rules aren’t entirely new to the insurance industry. The National Association of Insurance Commissioners first issued a Model Audit Rule in 2001, but since 2002 has been considering revisions in reaction to the Sarbanes-Oxley laws and rules.

The revisions are effective beginning January 1, 2010. Every insurance company that is regulated by a department of insurance has to follow these rules. The pronouncement will essentially affect all insurance entities that have gross premiums written over $500 million, although some sections of the pronouncement affect all insurance entities.

The implications are that certain insurance entities will have to change their board makeup (to create more independent boards), adopt controls over IT and financial applications similar to those made by public companies, as well as adhere to new restrictions around the services that auditors provide and what they will have to file.

For example, similar to SOX Section 404, the Model Audit Rules require a certification for the audit. But, instead of management offering a management attestation letter, the auditors must issue an unremediated material weaknesses letter. The principle is essentially the same.

For a complete review of Model Audit Rule Financial Reporting compared to Sarbanes-Oxley regulations, click here to download a PDF of the data.

Why Now?

Though the regulations don’t take effect until 2010, this year can be a good time to start. First, it can serve as a dry run, helping a company become more efficient and cut the cost of implementation.

Keep in mind that many mistakes were made in the early implementation of SOX: too much testing, too much detail and inflated compliance costs. And similar to SOX, cost will probably be the biggest factor of implementation for Model Audit. Starting early will help auditors take advantage of the mistakes learned in SOX. Plus, the control system used for SOX — Committee of Sponsoring Organizations (COSO) — can easily be used for Model Audit.


comments powered by Disqus