Model Audit Rule
Model Audit Rule
John Romano
CPA, CIA, CFE, CITP, CSM
Principal
Russell Sommers
CPA, CISA
Principal
Christopher J. Tait
MBA, CISA, CCSK, CFSA
Principal
Climb to new heights
The National Association of Insurance Commissioners’ (NAIC) Annual Financial Reporting Model Regulation 205, commonly known as the Model Audit Rule (MAR), requires that life and annuity, property and casualty, title, health plans and other insurance organizations that exceed certain thresholds of direct and assumed written premiums adopt auditor independence, corporate governance and internal control over financial reporting standards. For many insurers, handling a MAR program can be a daunting task.
Even if your organization has not yet met the $500 million in direct written and assumed premiums threshold, understanding the controls and identifying potential weaknesses that may arise is crucial to ensure you are prepared for when the time comes to implement MAR. For insurers that have already met the threshold, you must remain compliant by reviewing your process annually to identify inefficiencies, improve overall effectiveness and revamp a stale program to ensure that key risks are addressed and the program is cost effective.
Explore our solutions
MAR can be a significant undertaking. In order to effectively take action, you have to identify the key material risks plaguing your organization, understand the controls to mitigate those risks and identify weaknesses — all while striving to remain compliant and ensure your program is effective and efficient. Our insurance and regulatory specialists are dedicated to the development, successful implementation, ongoing testing and maintenance of your MAR program. Our approach can be done on a stand-alone basis or integrated with a comprehensive internal audit strategy. We seek to ensure your program is up-to-date based on current regulatory requirements, efficient and cost-effective — allowing you to focus on the big picture and the road ahead.
Your business is our business — explore ways to address challenges related to MAR
- Prepare
- Implement
- Optimize
- Transition
Prepare for compliance
Your challenge:
You’ve determined that your organization needs to be MAR compliant in the future and you need to have a plan and cost-efficient approach in place to meet regulatory requirements.
Our solution:
- Develop a plan that will increase governance, organizational unity and confidence in your controls.
- Align risks for compliance by identifying the relevant MAR risks from a regulator’s perspective, then incorporate risks of value to your organization, if not aligned
- Apply standard risk and control templates and reports that allow for efficient implementation
- Develop a roadmap to identify materiality and processes in scope, and conduct a gap analysis with project management milestones to meet the MAR internal control reporting requirements
- Implement effective project management including, but not limited to, a MAR calendar of kickoff meetings, testing timeline and deliverables and making all relevant parties aware
Implement for value
Your challenge:
You’ve identified your organization needs to be MAR compliant in the future and you want to maximize the value from your efforts to improve your processes and internal controls.
Our solution:
The steps outlined under the “prepare for compliance” tab plus:
- Assess your current state by reviewing and understanding and understanding time commitment, definitions of success and challenges to address
- Assist to define your focus on the appropriate controls by taking a top-down approach and following a systematic filtering process with control rationalization
- Assist your team in implementing a MAR steering committee to ensure significant financial reporting areas are addressed
- Define an internal MAR champion/point person for each functional area
- Customize and integrate approach with your internal audit plan, enterprise risk management and compliance functions
- Partner with governance risk and compliance (GRC) software providers to streamline processes and required reporting
Optimize to innovate
Your challenge:
Now that you have a solid MAR program, you want to optimize your approach to be innovative for efficiency and value.
Our solution:
- Conduct a materiality and control rationalization exercise as many established MAR programs may not be efficient and the “same old way” is viewed as good enough
- Conduct a cost analysis of MAR compliance including opportunity costs
- Review business stakeholder involvement and inefficiencies by identifying bottlenecks and cost drivers
- Replace detail control testing with automation and computer assisted audit techniques (CAAT)
- If you have a current GRC partner, conduct enhancement exercises for additional functionality and/or compare to other competitors and partners
Transition for growth
Your challenge:
Your organization is going public or private and you need assistance with the transition to or from Sarbanes-Oxley (SOX) compliance.
Our solution for organizations transitioning from private to public:
- Establish tone at the top as the CEO and CFO must provide leadership to gain organizational buy-in of the additional effort
- Educate control owners on what an initial public offering (IPO) means for SOX 404(a) or SOX 404(b) compliance and what is needed
- If not already utilizing a control framework, ensure that an established control framework such as COSO is implemented
- Conduct an analysis of changes to materiality, processes, systems and control owners and optimize documentation requirements such as narratives, matrices and flow charts
- Engage with your external auditors to ensure alignment with materiality, control and testing expectations
- Tailor the approach and SOX compliance roadmap to your organizations culture, people, processes and technology
Our solution for organizations transitioning from public to private:
- Revisit materiality and control rationalization to ensure controls in scope are proper and account for controls that may have been out of scope for SOX purposes
- Conduct education sessions with existing and new stakeholders to requirements under MAR and what stays the same, changed or new and is no longer required
Watch the recording from our latest MAR webinar
On Sept. 17, 2024, Baker Tilly insurance industry risk advisory specialists hosted a webinar on MAR program optimization. During this engaging session, they provided a concise overview of MAR regulations and emphasized the importance of establishing a robust internal control over financial reporting (ICFR) framework. Watch the recording below for the latest insights, real world case studies and examples that illustrate MAR program optimization strategies.
Still have questions that need answering? Our door is always open. Reach out to one of our Model Audit Rule specialists at the link below.
Explore what’s possible
Internal Audit
Leverage industry-specialized internal audit services for organizational success.
Insurance
Navigating the ever-changing insurance industry while also meeting compliance requirements and staying ahead of quickly developing technology can be overwhelming. Chart your legacy and reach your financial and operational goals: Your journey starts here.
Organizational Readiness
How your business gets from where it is today to where it needs to be tomorrow depends on your most valuable asset - your people. We help you prepare your business to transform through a dedicated focus on the people within your organization that will lead your digital transformation.
Insurance Regulators
We leverage our extensive regulatory expertise, unwavering integrity and commitment to continuous improvement and innovation – enabling us to pass accreditation reviews successfully and serve state insurance departments and regulators.
Data Solutions
Capturing, understanding and leveraging the data that matters most and bringing it into focus is no trivial matter. Rely on our experience to drive your business forward.
IPO Readiness
Helping organizations plan their path — whether it be through an initial public offering (IPO) or other path to going public — we help you navigate the risks and maximize the rewards in your journey.
Sarbanes-Oxley (SOX) Compliance
Drive a more efficient and effective SOX compliance program.
Read our latest insights
Internal audits: why are they so important?
Due in part to their position within the financial services industry, insurance organizations often face governance, risk management and control issues. Baker Tilly’s internal audit professionals can assist you in mitigating risks and building up your organization’s operational resilience.
We use a strategic, industry-forward approach which will enable you and your team to prioritize resiliency and growth efforts while minimizing disruption. As the industry faces diminishing resources and staffing challenges, Baker Tilly serves as an extension of your internal audit capabilities – assisting you in ensuring effective internal controls.