[1] Model Audit Rule is a financial reporting regulation applicable to insurance companies, and borrows significantly from the Sarbanes Oxley Act of 2002 (see ‘key sections’ below).
[4] Because the regulation was issued by NAIC, which is not a federal agency with direct regulatory power, its adoption is on a state-by-state basis.
In addition to this, Section 7(L)(1) addresses that a CPA firms senior manager or partner cannot be a part of the insurers leadership for one year prior to the audit.
[1][6]: 9 §7(G)(1) is similar to SOX 201 in the restriction of non-audit services being performed by the CPA firm conducting the audit of the insurers financials.
[1][6] The principles governing non-audit services are that the CPA / CPA firm cannot: Particular non-audit services mentioned include (Section 7(G)(1)) §7(F) provides that state insurance commissioner the authority to, following a hearing on the matter, force an insurer to change the auditor of its financial statements.
60 (SAS 60), Internal Control Related Matters Noted in the Audit [1]: 10 regarding the term material weakness.
Due to the manner in which the data for homeowners policies are captured by the systems used in its Southeastern US regional office, changes in XYZ’s estimate of insurance reserves for certain policies are not reviewed by XYZ’s Actuarial Department prior to being recorded in the company’s accounting records.
“When the officer, director, or person acting under his or her direction knew or should have known that the action, if successful (but regardless of whether the action is in fact successful) could result in rendering the issuers financial statements materially misleading” [1]: 7 §15 is closely related to Rule 13b2-2(b) under the Securities Exchange Act of 1934.
[1]: 7 The standard for violation used here includes fraud (acting with intent to deceive) as well as gross negligence (reckless disregard for the truth).
Therefore, the Model Audit Rule specifically states that this type of insurer “may file its or its parent’s section 404 report and an addendum in satisfaction of this §16 requirement”.
Management of XYZ is responsible for establishing and maintaining adequate internal control over statutory financial reporting.
Projections of any evaluation of effectiveness to future periods are also subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.