02-031 C.M.R. ch. 235, § 14 - Internal Audit Function Requirements

A. Each insurer whose insurer-level or group-level premium equals or exceeds the thresholds for conducting an Own Risk and Solvency Assessment (ORSA), as set forth in 24-A M.R.S. §§222(8) (B-3) and 423-F(1), shall establish and maintain an internal audit function in compliance with this Section. If an insurer becomes subject to this section due to an increase in premium volume, it shall have one year after the year the threshold is reached to come into full compliance.

Drafting Note:An insurer or group of insurers exempt from the requirements of this Section is encouraged, but not required, to consider the establishment of an internal audit function, based upon a review of its business type, sources of capital, and other risk factors and an assessment, in light of these factors, of the estimated costs and potential benefits of an internal audit function.

B. An insurer that is a member of a group of affiliated insurers may establish its internal audit function at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.

C. The insurer or group shall establish an internal audit function that brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The internal audit function shall provide independent, objective, and reasonable assurance to the Audit Committee and insurer management regarding the insurer's governance, risk management and internal controls, by performing general and specific audits, reviews, and tests, and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and statutory and regulatory requirements.

D. To ensure that internal auditors remain objective, the internal audit function shall be organizationally independent. The internal audit function may not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. This Paragraph does not prohibit dual-reporting relationships as long as they do not impair the independence and objectivity of the internal audit function.

E. The head of the internal audit function shall report to the Audit Committee regularly, no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.

Notes

02-031 C.M.R. ch. 235, § 14