Current through Bulletin 2024-06, March 15, 2024
(1) An insurer is exempt from the
requirements of this section if:
(a) the
insurer has annual direct written and unaffiliated assumed premium, including
international direct and assumed premium but excluding premiums reinsured with
the Federal Crop Insurance Corporation and Federal Flood Program, of less than
$500,000,000; and
(b) if the
insurer is a member of a group of insurers, the group has annual direct written
and unaffiliated assumed premium, including international direct and assumed
premium but excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, of less than $1,000,000,000.
(2)
(a) The insurer or group of insurers shall
establish an internal audit function providing independent, objective, and
reasonable assurance to the audit committee and insurer management regarding
the insurer's governance, risk management, and internal controls.
(b) The assurance required by Subsection
(2)(a) shall be provided by:
(i) performing
general and specific audits, reviews, and tests; and
(ii) employing other techniques deemed
necessary to:
(A) protect assets;
(B) evaluate control, effectiveness, and
efficiency; and
(C) evaluate
compliance with policies and regulations.
(3) The internal audit function
shall be organizationally independent.
(4) The internal audit function may not defer
ultimate judgment on audit matters to others.
(5) An individual shall be appointed to head
the internal audit function with direct and unrestricted access to the board of
directors.
(6) Nothing in Section
R590-254-15 precludes
dual-reporting relationships.
(7)
The head of the internal audit function shall report to the audit committee at
least annually on:
(a) the periodic audit
plan;
(b) factors that may
adversely impact the internal audit function's independence or
effectiveness;
(c) material
findings from completed audits; and
(d) the appropriateness of corrective actions
implemented by management as a result of audit findings.
(8) If an insurer is a member of an insurance
holding company system or is included in a group of insurers, the insurer may
satisfy the internal audit function requirements set forth in Section
R590-254-15 at:
(a) the ultimate controlling parent
level;
(b) an intermediate holding
company level; or
(c) the
individual legal entity level.