This article covers the implementation and optimization of Model Audit Rule (MAR) programs for insurers approaching or having recently exceeded the $500M threshold of direct and assumed written premiums. For a more in-depth look into MAR, and to learn more about our MAR approach, check out our MAR webpage.
For help with your MAR implementation journey, download our Model Audit Rule road map.
For many insurers, understanding the Model Audit Rule (MAR) Internal Controls over Financial Reporting (ICFR) requirement and lifecycle is a key piece of regulatory compliance. The preparation to implement and optimize an effective MAR program, while staying in line with regulatory requirements and industry trends, can be challenging but is an opportunity for an insurer to enhance the value of their organization. If your organization has already hit the $500M threshold or intends to soon, it’s never too early to start considering your implementation plan. Below you will find four key takeaways that are necessary to keep in mind when implementing – and optimizing – your organization’s MAR program. Along with the information below, refer to our Model Audit Rule implementation road map for a step-by-step guide that you can download and refer back to.
When you are starting to plan for MAR program implementation and compliance, your viewpoint of the value a MAR program will bring to your organization is extremely important. During the beginning stages of MAR implementation, every organization is tasked with determining where their priorities lie. Most organizations fall within three main categories:
We’ve found that the majority of insurance organizations in this position fall within the second category: They want to get more out of their MAR program and incorporate opportunities to improve, however they don’t necessarily have the resources to do a full backing. From a regulatory perspective, the adequacy and strength of your MAR program will be addressed during examinations. Regulators will review your approach and follow up on any material weaknesses when reporting. Depending on the amount of internal control and material weaknesses you have, your priority scoring – a risk score regulators give your organization that helps determine how much time they need to spend with you – may be impacted.
For external audit purposes, external auditors are not required to report on the effectiveness of your internal controls and MAR program. They will review and analyze it from a control standpoint, however beyond that they are not required to report on it.
It is never too early to start your MAR journey. If your organization is projected to hit $500M in direct and assumed written premiums in the next two years, or if it is already MAR compliant, now is the time to start planning your MAR implementation road map. When we build road maps for our clients, we break the process down into five phases:
Once you’ve submitted your certification, it is important to continue to adapt and refine your MAR scope and approach and identify value drivers and challenges. Even if your organization has already established a MAR program and submitted your certification, it is still best practice to have a project management plan in place throughout the entirety of the MAR process.
Click here to download our step-by-step guide for MAR implementation.
The Model Audit Rule was designed to enhance the governance and oversight of internal controls, risk management and financial reporting within insurance organizations. Therefore, it should not be viewed as a burden and instead should be thought of as an opportunity for your organization to increase efficiency and effectiveness overall. After time spent working with insurance organizations on their MAR programs, we have found that often the biggest hurdle is ensuring that there is senior management and audit committee understanding, training and buy-in. Any client implementation we have had a challenge with was because the CEO and/or CFO of the organization were really hands off and therefore didn’t fully support the implementation. Ensuring that there is buy-in from other facets of your organization, and that you provide your leadership with the proper information prior to certifying, is extremely instrumental in having a successful MAR implementation experience.
Failures and inefficiency occur when there is a lack of accountability and understanding. Whether you are starting the implementation process or have already implemented a MAR program, establishing consistent and open communication with every facet of your organization should be your number one priority. Provide comprehensive training and awareness programs for employees and management regarding MAR guidelines, internal controls, risk management practices and their roles and responsibilities in ensuring compliance. Beyond this, it is important to make sure that you identify a MAR champion for each functional area and work on establishing accountability amongst the proper groups within your organization. Having strong project management assists with cost reduction and increased effectiveness. Conducting self-assessments can be challenging and uncomfortable, but in the long run they will help reduce costs and increase awareness overall while identifying areas that need improvement.
Leveraging technology solutions such as audit management software, data analytics tools and automation platforms to streamline MAR compliance processes, enhance data integrity and facilitate real-time monitoring and reporting is an important part of the MAR implementation process. However, it is important have the proper systems in place to ensure your data and systems remain safe and secure. As information technology (IT) controls have evolved over time, there are now several scope items that should be considered when implementing a MAR program within your organization. They include:
While it is not necessary to implement all of these, it is important to keep in mind and understand the risks that may be facing your organization. Establish mechanisms for continuous monitoring, testing and evaluation of internal controls, risk management practices and data governance. Beyond that, it is important to implement feedback loops and corrective actions to address identified deficiencies and improve overall effectiveness.
By integrating these steps into your MAR implementation process, your organization will benefit in the short and long-term and will be more likely to increase your MAR program’s overall efficiency and effectiveness. Below you will find the presentation and recording from our recent webinar on the subject. To learn more about how our insurance and risk advisory specialists can assist your organization, refer to our Model Audit Rule (MAR), insurance and risk advisory webpages.
For help with your MAR implementation journey, download our Model Audit Rule road map.