Internal audit function requirement, amendments to ch 98
ARC 3145C
INSURANCE DIVISION[191]
Adopted and Filed
Pursuant to the authority of Iowa Code section 505.8, the Insurance Division hereby amends Chapter 98, "Annual Financial Reporting Requirements," Iowa Administrative Code.
The rules in Chapter 98 improve the Division's surveillance of the financial condition of insurers by requiring an annual audit of financial statements by certified public accountants, Communication of Internal Control Related Matters Noted in an Audit, and Management's Report of Internal Control Over Financial Reporting. These adopted amendments to Chapter 98 set forth the requirements for the establishment of an internal audit function, including independence and reporting requirements of an insurer or group of insurers, unless otherwise exempt from the requirements of these rules. Several internal cross references are also corrected.
Notice of Intended Action was published in the Iowa Administrative Bulletin on April 26, 2017, as ARC 3033C. A public hearing was held on May 17, 2017, at the offices of the Iowa Insurance Division, Two Ruan Center, 601 Locust Street, Fourth Floor, Des Moines, Iowa, and written comments were accepted through May 17, 2017. The Division received two comments and one written statement at the public hearing in support of the amendments to Chapter 98. These amendments are identical to those published under Notice.
Chapter 98 does not provide for waivers.
After analysis and review of this rule making, no impact on jobs has been found.
These amendments are intended to implement Iowa Code section 505.8.
These amendments will become effective July 26, 2017.
The following amendments are adopted.
Item 1. Amend subrule 98.2(2) as follows:
98.2(2) Foreign or alien insurers filing the audited financial report in another state, pursuant to that state's requirement for filing of audited financial reports, which has been found by the commissioner to be substantially similar to the requirements herein, are exempt from rules 98.4(505) 191—98.4(505) through 98.12(505) 191—98.12(505) and 98.17(505) 191—98.18(505) if:
a. A copy of the audited financial report, Communication of Internal Control Related Matters Noted in an Audit, and the letter to the insurer with the accountant's qualifications that are filed with such other state are filed with the commissioner in accordance with the filing dates specified in rules 98.4(505) 191—98.4(505), 98.11(505) 191—98.11(505), and 98.17(505) 191—98.18(505), respectively (Canadian insurers may submit accountants' reports as filed with the Office of the Superintendent of Financial Institutions Canada).
b. A copy of any Notification of Adverse Financial Condition Report filed with such other state is filed with the commissioner within the time specified in rule 98.10(505) 191—98.10(505).
Item 2. Amend rule 191—98.3(505), definitions of "Audit committee" and "Independent board member," as follows:
"Audit committee" means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or group of insurers , the internal audit function of an insurer or group of insurers (if applicable), and external audits of financial statements of the insurer or group of insurers. The audit committee of any entity that controls a group of insurers may be deemed to be the audit committee for one or more of these controlled insurers solely for the purposes of this chapter at the election of the controlling person. Refer to subrule 98.13(5) 98.13(6) for exercising this election. If an audit committee is not designated by the insurer, the insurer's entire board of directors shall constitute the audit committee.
"Independent board member" has the same meaning as described in subrule 98.13(3) 98.13(4).
Item 3. Adopt the following new definition of "Internal audit function" in rule 191—98.3(505):
"Internal audit function" means a person or persons that provide independent, objective and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Item 4. Amend rule 191—98.9(505) as follows:
191—98.9(505) Scope of audit and report of independent certified public accountant. Financial statements furnished pursuant to rule 98.5(505) 191—98.5(505) shall be examined by the independent certified public accountant. The audit of the insurer's financial statements shall be conducted in accordance with generally accepted auditing standards. In accordance with AU Section 319 of the Professional Standards of the AICPA, Consideration of Internal Control in a Financial Statement Audit, the independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent required by AU Section 319, for those insurers required to file a Management's Report of Internal Control Over Financial Reporting pursuant to rule 98.15(505) 191—98.16(505), the independent certified public accountant should consider (as that term is defined in Statement on Auditing Standards (SAS) No. 102, Defining Professional Requirements in Statements on Auditing Standards or its replacement) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration shall be given to the procedures illustrated in the Financial Condition Examiners Handbook promulgated by the National Association of Insurance Commissioners NAIC as the independent certified public accountant deems necessary.
Item 5. Renumber subrules 98.13(2) to 98.13(9) as 98.13(3) to 98.13(10).
Item 6. Adopt the following new subrule 98.13(2):
98.13(2) The audit committee of an insurer or group of insurers shall be responsible for overseeing the insurer's internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by rule 191—98.14(505).
Item 7. Amend renumbered subrule 98.13(3) as follows:
98.13(3) Each member of the audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to subrule 98.13(5) 98.13(6).
Item 8. Amend renumbered subrule 98.13(8) as follows:
98.13(8) If an insurer is a member of an insurance holding company system, the reports required by subrule 98.13(6) 98.13(7) may be provided to the audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the audit committee.
Item 9. Renumber rules 191—98.14(505) to 191—98.20(505) as 191—98.15(505) to 191—98.21(505).
Item 10. Adopt the following new rule 191—98.14(505):
191—98.14(505) Internal audit function requirements.
98.14(1) An insurer is exempt from the requirements of this rule if:
a. The insurer has annual direct written and unaffiliated assumed premiums, including international direct and assumed premiums but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $500 million; and
b. If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premiums, including international direct and assumed premiums but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $1 billion.
98.14(2) The insurer or group of insurers shall establish an internal audit function providing independent, objective and reasonable assurance to the audit committee and insurer management regarding the insurer's governance, risk management and internal controls. This assurance shall be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and rules.
98.14(3) In order to ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function will not defer ultimate judgment on audit matters to others and shall appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
98.14(4) The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.
98.14(5) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this rule at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level.
Item 11. Amend renumbered subrule 98.15(3) as follows:
98.15(3) For purposes of subrule 98.14(2) 98.15(2), actions that, "if successful, could result in rendering the insurer's financial statements materially misleading" include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant:
a. To issue or reissue a report on an insurer's financial statements that is not warranted in the circumstances (due to material violations of statutory accounting principles prescribed by the commissioner, generally accepted auditing standards, or other professional or regulatory standards);
b. Not to perform audit, review or other procedures required by generally accepted auditing standards or other professional standards;
c. Not to withdraw an issued report; or
d. Not to communicate matters to an insurer's audit committee.
Item 12. Amend renumbered subrule 98.16(2) as follows:
98.16(2) Notwithstanding the premium threshold in subrule 98.15(1) 98.16(1), the commissioner may require an insurer to file Management's Report of Internal Control Over Financial Reporting if the insurer is in any RBC level event , or if the insurer meets any one or more of the standards of an insurer deemed to be hazardous to policyholders, creditors or the general public.
Item 13. Amend renumbered subrule 98.16(5) as follows:
98.16(5) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in subrule 98.15(4) 98.16(4), are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.
a. Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost-effective manner and, as such, may include assembly of or reference to existing documentation.
b. Management's Report of Internal Control Over Financial Reporting, required by subrule 98.15(1) 98.16(1), and any documentation provided in support thereof during the course of a financial condition examination, shall be kept confidential by the state insurance department.
Item 14. Amend renumbered rule 191—98.17(505) as follows:
191—98.17(505) Exemptions.
98.17(1) Upon written application of any insurer, the commissioner may grant an exemption from compliance with any and all provisions of this chapter if the commissioner finds, upon review of the application, that compliance with this chapter would constitute a financial or organizational hardship upon the insurer. An exemption may be granted at any time and from time to time for a specified period or periods. Within ten days from a denial of an insurer's written request for an exemption from this chapter, the insurer may request in writing a hearing on its application for an exemption. The hearing shall be held in accordance with 191—Chapter 3.
98.17(2) If an insurer or group of insurers that is exempt from the requirements of rule 191—98.14(505) no longer qualifies for that exemption, the insurer or group of insurers shall have one year after the year the threshold is exceeded to comply with the requirements of this chapter.
Item 15. Amend renumbered rule 191—98.18(505) as follows:
191—98.18(505) Letter to insurer with accountant's qualifications. The accountant shall furnish the insurer, in connection with, and for inclusion in, the filing of the annual audited financial report, a letter stating:
1. to 3. No change.
4.That the accountant consents to the requirements of rule 98.18(505) 191—98.19(505) and that the accountant consents and agrees to make available for review by the commissioner, or a designee or appointed agent, the workpapers, as defined in rule 98.12(505) 191—98.12(505).
5.No change.
6.A representation that the accountant is in compliance with the requirements of rule 98.7(505) 191—98.7(505).
[Filed 6/1/17, effective 7/26/17]
[Published 6/21/17]
Editor's Note: For replacement pages for IAC, see IAC Supplement 6/21/17.
The official published PDF of this document is available from the Iowa General Assembly’s Administrative Rules page.
View the Iowa Administrative Bulletin for 6/21/2017.
The following administrative rule references were added to this document. You may click a reference to view related notices.
Rule 191-98.13(10) Rule 191-98.13(2) Rule 191-98.13(3) Rule 191-98.13(8) Rule 191-98.13(9) Rule 191-98.14 Rule 191-98.15 Rule 191-98.15(3) Rule 191-98.16(2) Rule 191-98.16(5) Rule 191-98.17 Rule 191-98.18 Rule 191-98.2(2) Rule 191-98.20 Rule 191-98.21 Rule 191-98.3 Rule 191-98.9The following keywords and tags were added to this document. You may click a keyword to view related notices.
Exemptions Internal audit function requirements Letter to insurer with accountant’s qualifications© 2024; State of Iowa | Privacy Policy