Model Audit Rule 205
The Model Audit Rule 205, Model Audit Rule, or MAR 205 are the commonly applied terms for the Annual Financial Reporting Model Regulation.
Model Audit Rule is a financial reporting regulation applicable to insurance companies, and borrows significantly from the Sarbanes Oxley Act of 2002. The Model Audit Rule is co-developed by the American Institute of Certified Public Accountants and National Association of Insurance Commissioners and issued by NAIC
with revisions in 2006 and has taken effect in 2010.
The NAIC internal designation for the Annual Financial Reporting Model Regulation is MDL 205, where MDL stands for Model, and the number of the model rule is 205.
Because the regulation was issued by NAIC, which is not a federal agency with direct regulatory power, its adoption is on a state-by-state basis.
Purpose
The Model Audit Rule was issued to:- Govern the submission of audited statutory financial statements by insurance companies
- Drive Consistency Across Insurance Regulators
- Improve the ability of state insurance departments to oversee the financial condition of insurers
- An Annual Financial Statement Audit by an Independent CPA
- Communication of Internal Control Related Matters Noted in the Audit
- Managements Report of Internal Control over Financial Reporting
Key Sections
Section 4 – Financial Report Filing Requirements
All insurers must have an annual audit by an independent CPA. This audit must be filed by June 1 following the preceding December 31 year end. An insurer may receive an extension for both the Audit report and Managements report on internal controls. Here, the term Management refers to the management of the insurer.For example, filing for the year ending December 31, 2012 must be done by June 1, 2013.
Section 5 – Financial Report Contents
The annual audited financial report should show the financial position, results of its operations, cash flows and changes in capital and surplus. The insurers report must be in conformity with statutory accounting practices of the Department of Insurance of the insurers’ state.§5 The financial reports must be comparative, that is, to show the most recent year end against the preceding year end. For example, in a financial report for the year ending December 31, 2013, for each line item, the report must show the result for December 31, 2013, and December 31, 2012.
§5 The financial report must include:
- Report by an Independent CPA
- Balance Sheet
- Statement of Operations
- Statement of Cash Flow
- Statement of Changes in Capital and Surplus
- Notes to the Financial Statements
Section 7 – Qualifications of Independent External Auditor
This section of the Model Audit Rule describes the qualifications of an Independent external auditor for an insurer through the following major themes:
- Liability – External Auditor Liability and
- Disassociation – Mandatory Audit Partner Rotation, and Audit Leadership being apart from insurers leadership through a minimum time frame
- Non Audit Services – Description of Services that the External Auditor cannot perform while engaged in the audit of the insurers financial statement
§7 The external auditor is liable for representations made in the audit of the insurer. This promotes auditors independence because the external auditor has “skin in the game” and can be held liable for misrepresentations made on its audit report, and other responsibilities.
;Disassociation
§7 is similar to SOX 203 in requiring the rotation of the lead audit partner, with a five year “cool off” period, after a five year consecutive period with the audit of the insurer. In addition to this, Section 7 addresses that a CPA firms senior manager or partner cannot be a part of the insurers leadership for one year prior to the audit.
;Non-Audit Services
§7 is similar to SOX 201 in the restriction of non-audit services being performed by the CPA firm conducting the audit of the insurers financials.
The principles governing non-audit services are that the CPA / CPA firm cannot:
- Function in the role of management )
- Audit their own work ), and
- Serve in an advocacy role for the insurer )
- Bookkeeping or other services related to accounting records of the Insurer
- Financial Information System Design & Implementation
- Appraisal or Valuation Services
- Actuarial advisory services involving determination of financial statement amounts
- Internal Audit Outsourcing
- Management or Human Resources functions
- Broker / Dealer functions
- Legal services or expert services unrelated to the audit
- Any other services that the commissioner determines, by regulation, to be impermissible.
, strengthening the commissions requirements regarding auditor independence.
§7 provides that all audit and non-audit services to the insurer must be approved first by the insurers audit committee.
Section 9 – Scope of Audit and Independent External Audit Report
This section of the Model Audit Rule describes the resources that the external auditor must consult in planning and performing the audit of an insurers financial statements.The following are the requirements noted and standards borrowed to complete the requirement. The Auditor must:
Component of Audit Scope, per MAR §9 | External Rule / Standard / Reference |
Conduct the audit in accordance with Generally Accepted Auditing Standards | Generally Accepted Auditing Standards |
Obtain Understanding of Internal Control | AU319 of the American Institute of Certified Public Accountants |
Scoping for audits of insurers that file a report on internal controls to accompany the financial statements | Statement of Auditing Standards No. 102 or its replacement, and Financial Condition Examiners Handbook |
Section 11 – Communication of Internal Control Matters
The insurer must provide to the state insurance commissioner a report on internal control weaknesses that are still outstanding as of the close of the audit. The terminology used here is unremediated material weaknesses in internal control over financial reporting.To successfully provide the unremediated internal control weaknesses report, the concept of materiality must be explained. Here, the insurer and external auditor are directed to the Statements on Auditing Standards No. 60, Internal Control Related Matters Noted in the Audit regarding the term material weakness.
The Internal Controls Report must, for each material weakness:
- Describe the unremediated material weakness
- Describe Actions taken or planned on to remediate the weakness going forward
- , then the report must state that fact
- The report must also coincide with the most recent insurers annual financial statements
|
Section 15 – Conduct of Insurer for Documentation
The insurers’ leadership cannot improperly influence an external auditor of the insurers’ financial statements. “When the officer, director, or person acting under his or her direction knew or should have known that the action, if successful could result in rendering the issuers financial statements materially misleading”Fraud and Gross Negligence
§15 is closely related to Rule 13b2-2 under the Securities Exchange Act of 1934. The standard for violation used here includes fraud as well as gross negligence. Gross negligence is invoked under the phrase “known or should have known”Section 16 – Management Report on Internal Control
This section of the Model Audit Rule is most closely related to and departs from Sarbanes Oxley Section 404 on Internal Control.- Similar to SOX 404, Management is required to issue an internal controls assessment report.
- Departing from SOX 404, the external auditor does not attest to Managements assessment of internal controls.
- Premiums of $500,000,000 or more, or
- That are subject to Sarbanes Oxley section 404
If an insurer is a publicly traded and subject to SOX 404, then they are already preparing an internal controls report. Therefore, the Model Audit Rule specifically states that this type of insurer “may file its or its parent’s section 404 report and an addendum in satisfaction of this §16 requirement”.
The addendum is a statement by the insurer that “there are no material processes with respect to the preparation of the insurer’s or group of insurers’ audited statutory financial statements...... excluded from the section 404 report.”
§16 Internal Control Report Contents – Managements Report on Internal Control for statutory financial statements must include:
- Statement that Management is Responsible for establishing and maintaining Internal Controls
- Statement that Management has in-fact established internal controls over financial reporting
- Statement on the effectiveness of Internal Controls
- Approach or processes regarding Managements internal control evaluation
- Scope of Work regarding Management internal control evaluation
- Disclosure of unremediated material weaknesses of internal control
- Statement on inherent limitations of internal control
- Signatures of CEO and CFO
The insurer is given the freedom regarding:
- Internal control framework used, and
- Nature and extent of documentation
Report and Addendum Example: The following is of an SEC registrant who had all Internal Controls covered in the 404 Report.
|