Transcription
Appendix GImplementation Guide (Guide)for theAnnual Financial Reporting Model Regulation (Model)IntroductionThe new requirements within the Annual Financial Reporting Model Regulation related to auditorindependence, corporate governance and internal control over financial reporting became effective. The Implementation Guide is being published to assist companies in planning and preparing forcompliance with the new requirements.The Implementation Guide (Guide) is intended to supplement the Model, not to create additionalrequirements, by providing interpretive guidance and clarifying the meaning of terms used in the Model.Such guidance is important to ensure common understanding between insurers and regulators and tomemorialize the intent of the changes. Because issues and questions will occur from time-to-time, byplacing the Guide outside of the Model, maintenance can be achieved in a cost effective way withoutreopening the Model especially when the issue under consideration is an interpretation of therequirements. The Guide should not be viewed as a requirement of complying with the AccountingPractices and Procedures Manual.Maintaining the GuideThe responsibility of developing and maintaining the Guide resides with the NAIC/AICPA (E) WorkingGroup with changes to the Guide following the NAIC regulatory due process. The Guide resides as aninformational appendix to the NAIC Accounting Practices & Procedures Manual (AP&P; Manual). TheAP&P; Manual was selected as the logical repository since the Guide provides instruction aboutcompliance with the Model, which directly relates to financial reporting and statutory accounting.The regulatory due process for modifying this Guide requires the NAIC/AICPA (E) Working Group tosend adopted proposals to the Accounting Practices and Procedures (E) Task Force for adoption andinclusion in the AP&P; Manual. If the Accounting Practices and Procedures (E) Task Force recommendssubstantive changes to the proposal received from the NAIC/AICPA (E) Working Group, the proposalshould be returned to the NAIC/AICPA (E) Working Group for further deliberation.G-1
Appendix GImplementation GuideTable of ContentsThe Table of Contents for the Guide mirrors that of the Model. However, not all sections of the Modelrequire interpretive guidance. Consequently, only those sections containing guidance are contained in theGuide. The presentation of the Guide is organized by the Section Title with the Section number of theModel appearing after the title.TitleSectionPageDefinitions32General Requirements Related to Filing and Extensions for Filing of AnnualAudited Financial Reports and Audit Committee Appointment44Qualifications of Independent Certified Public Accountant74Communication of Internal Control Related Matters Noted in an Audit1110Requirements for Audit Committees1411Management’s Report of Internal Control over Financial Reporting1713Exemptions and Effective Dates1818Appendix 11722Definitions (Section 3)Certain terms and definitions contained in the Model need no further explanation. The Guide providesadditional information for preparers and users for some definitions to facilitate their understanding.“Audited financial report” (D), differs from the term “financial statements” in that the Audited financialreport (see Section 5 of the Model) includes the financial statements plus the report of the independentcertified public accountant. “Financial statements,” therefore, excludes the report of the independentcertified public accountant.“Group of insurers” (H), as intended for use in the Model is to recognize the variety of structures thatmay exist. Companies within a holding company structure, or other set of insurers identified bymanagement, may often share common management, systems or processes. Consequently, whenmanagement asserts to the effectiveness of their internal controls, it is appropriate to make such anassertion for those companies based upon the organization management determines to be most relevant tomeet the reporting requirements. Because holding company structures, and other groups of insurers, canbe complex and organized to meet corporate objectives, that structure may not align with theorganizations that are responsible for managing and preparing the financial statements of the insurer. TheModel provides flexibility to insurers to identify a “Group of insurers” for purposes of evaluating theeffectiveness of their internal control over financial reporting. In determining the appropriate scope andlevel of testing for systems that are shared by a group of insurers, management is not required to expandthe scope or perform additional testing that would be redundant for each legal entity included within thegroup of insurers. To the extent that a specific internal control or system is unique to and has a materialimpact on the preparation of the audited statutory financial statements of a legal entity included in a groupof insurers and the legal entity exceeds the premium thresholds contained in Section 17, that control orsystem is to be included in management's evaluation of internal controls.G-2
Implementation GuideAppendix GA “Group of insurers” that has been granted approval to file audited statutory consolidated or combinedfinancial statements of a group of insurers (as described in Section 8) may set the scope and level oftesting for purposes of determining effectiveness of internal controls over financial reporting consistentwith the basis on which the audited statutory financial statements for the Group are prepared (i.e., at thecombined or consolidated level).The following example is intended to illustrate various ways that a “Group of insurers” could bedetermined. The example is not intended to be limiting in any way. Rather, it is intended to show theflexibility to be in compliance with the Model. Insurers are encouraged to notify the Commissioner of itsinitial “Group of insurers” and any subsequent changes to such group.1.“Group of insurers” could be established at the ultimate parent level, i.e., one report of theeffectiveness of internal controls for all insurers in the group-insurance companies 1-6.2.Two “Group of insurers” could be established at the holding company level, i.e., holdingcompany A and B. In this case, a separate report would be required for holding company A,holding company B, and if it met the reporting threshold, insurance company 4 since it is not ineither group.3.Two “Group of insurers” could be established based upon the type of insurance company, i.e.,LA&H; companies 1, 4 and 6 could be one group and HMO companies 2 and 3 in the secondgroup. In this case, a separate report would be required for the LA&H; companies, the HMOcompanies and if it met the reporting threshold, insurance company 5 since it is not in eithergroup.4.Two “Group of insurers” could be established based upon the way the entities are managed. Forexample, companies, 1, 2, 3 and 5 have the same management while companies 4 and 5 havecommon management.5.If management elects not to identify a “Group of insurers” for purposes of evaluating theeffectiveness of internal control over financial reporting then each reporting entity meeting thereporting requirements of Section 17 would prepare such a report.G-3
Appendix GImplementation Guide“Internal control over financial reporting” (I), as defined in the Model is intended to have the samemeaning as understood in the public sector to comply with the requirements of the Sarbanes-Oxley Act. Because some terms might not be fully defined and to avoid misunderstanding, this Guide attemptsto clarify such terms. For example, the word “reliability” used in the phrase “reliability of financialstatements” has the same meaning as that contained in the generally accepted accounting principles(GAAP) framework, Statement of Financial Accounting Concepts Two. This Statement is referenced inthe Preamble, Part III, paragraph 24 of the AP&P; Manual.General Requirements Related to Filing and Extensions for Filing of Annual Audited FinancialReports and Audit Committee Appointment (Section 4)Section 4D stipulates that each insurer required to file an annual Audited financial report pursuant to theModel shall designate a group of individuals as constituting its Audit committee. Section 4D further statesthat the Audit committee of an entity that controls an insurer may be deemed to be the insurer’s Auditcommittee for purposes of this regulation at the election of the controlling person. The definition of Auditcommittee in Section 3 of the Model references Section 14E for exercising this election. However, adisclaimer within Section 14 of the Model indicates that the section shall not apply to SOX CompliantEntities or wholly-owned subsidiaries of SOX Compliant Entities. Regardless of the disclaimer, in orderto comply with the second sentence in Section 4D, the Audit committee of any entity that controls aninsurer (a SOX Compliant entity or a non-SOX Compliant Entity) may be deemed to be the insurer’sAudit committee at the election of the controlling person, and only if such election is completed in themanner outlined in Section 14E.The responsibility of the Audit committee is defined in Section 14 of the Model. Section 14 states thateach member of the Audit committee shall be a member of the Board of Directors and sets forth therequirements for the proportion of independent Audit committee members based on the insurer’s directwritten and assumed premiums. The definition of an independent Audit committee member is outlined inSection 14.Qualifications of Independent Certified Public Accountant (Section 7)Lead Audit Partner Rotation Requirement (Section 7D)PurposeThe purpose of this section is to provide companies and their independent accountants with guidance toenable an orderly transition in meeting the revised lead audit partner rotation requirements as set forth inSection 7.BackgroundSection 7 provides certain limitations on the number of years an audit partner may serve in the capacity oflead audit partner for an insurance company audit. Previously, the lead audit partner was permitted toserve for seven consecutive years in that capacity with a two year break in service. Under the revisedModel “ the lead audit partner (having primary responsibility for the audit) may not act in thatcapacity for more than five (5) consecutive years. The person shall be disqualified from acting in that or asimilar capacity for the same company or its insurance subsidiaries or affiliates for a period of five (5)consecutive years.”The new rotation requirements under Section 7 are effective beginning with audits of the financialstatements. The rotation requirements of the Model and the interpretative guidance provided areapplicable for statutory reporting and regulatory purposes. An insurer and its affiliates that are subject tothe rotation requirements of the Securities and Exchange Commission (SEC) and Public CompanyAccounting Oversight Board (PCAOB) must also continue to comply with those rotation requirements.G-4
Implementation GuideAppendix GRelief from the Lead Audit Partner Rotation Requirement (Section 7D)The Model states:An insurer may make application to the Commissioner for relief from the above rotationrequirement on the basis of unusual circumstances. This application should be made at least thirty(30) days before the end of the calendar year. The Commissioner may consider the followingfactors in determining if the relief should be granted:(a)Number of partners, expertise of the partners or the number of insuranceclients in the currently registered firm;(b)Premium volume of the insurer; or(c)Number of jurisdictions in which the insurer transacts business.The following examples illustrate circumstances that the Commissioner may consider in determining ifrelief from the lead partner rotation requirement shall be granted:1.No other partners in the firm’s local office have the qualifications to serve as lead audit partnerand the use of a qualified partner resident in another location could result in increased audit riskand higher audit fees.2.Limited number of partners in the firm that have the qualifications to serve as the lead auditpartner.3.Switching firms could result in increased audit risk due to the new engagement team’s lack offamiliarity with the insurer.4.Limited availability of other firms in a particular location with the requisite expertise.5.The regulator believes that complex issues at an insurer make a particular partner best suited tocontinue as lead audit partner6.Short-term relief due to the occurrence of an unforeseeable event that renders a partner unableto continue as the lead audit partner on the engagement.7.Short-term relief due to unexpected delays in the state’s licensing or admission process thatprevent the “new” lead audit partner from assuming that role.Also, the granting of transitional relief may be warranted when the non-insurance parent or ultimateparent of an insurance company is an SEC registrant and the current lead audit partner on the SECregistrant has completed his or her rotation as the lead audit partner on insurance subsidiaries prior tocompleting his or her five-year rotation as the lead partner on the audit of the GAAP financial statementsof the SEC registrant. In this situation the relief would allow the lead audit partner to complete his or herrotation on the SEC registrant as long as he or she no longer acts in the capacity of lead audit partner forany insurance subsidiaries and/or any downstream affiliates of the insurance subsidiaries.Frequently Asked Questions (Section 7D)Following are a series of frequently asked questions to assist companies and their independentaccountants in interpreting this guidance. Dates provided refer to the year of financial statements underaudit.G-5
Appendix GImplementation GuideIn determining when the lead audit partner must rotate, consecutive time served in the capacity of l