Oregon Administrative Rules
Chapter 836 - DEPARTMENT OF CONSUMER AND BUSINESS SERVICES, INSURANCE REGULATION
Division 11 - ANNUAL STATEMENTS AND REPORTS BY INSURERS
Section 836-011-0224 - Internal Audit Function Requirements

Universal Citation: OR Admin Rules 836-011-0224

Current through Register Vol. 63, No. 9, September 1, 2024

(1) An insurer is exempt from these requirements if:

(a) The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and

(b) If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000.

(2) The insurer or group of insurers shall establish an Internal audit function providing independent, objective and reasonable assurance to the Audit committee and insurer management regarding the insurer's governance, risk management and internal controls. This assurance shall be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

(3) In order to ensure that internal auditors remain objective, the Internal audit function must be organizationally independent. Specifically, the Internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.

(4) The head of the Internal audit function shall report to the Audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the Internal audit function's independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.

(5) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the Internal audit function requirements set forth in this rule at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level.

Statutory/Other Authority: ORS 731.244 & ORS 731.488

Statutes/Other Implemented: ORS 731.488

Disclaimer: These regulations may not be the most recent version. Oregon may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.