As an insurance company executive, I am sure you have watched with deep interest the National Association of Insurance Commissioners (NAIC) debates with the mutual insurance companies over the need for Sarbanes-Oxley (SOX) type controls within the insurance industry. These debates started in 2004 and culminated with the adoption of revisions to the Model Audit Rule (MAR) in 2006 which tailored into the MAR risk based auditing standards similar to those found within the SOX Act. This article is a summary of those changes relating to corporate governance within the MAR and how these changes not only impact the large mutual insurers but have impacts on all insurers.

The changes to the MAR and the current SOX Act, as it relates to Corporate Governance are very similar in nature. As a comparison the MAR and SOX have very similar requirements as follows:

SOX	Model Audit Rule
Title II – Auditor Independence	Section 7 – Qualifications of Independent Certified Public Accountant
Title III – Corporate Responsibility	Section 14 – Requirements for Audit Committees Section 15 – Preparation of Required Reports and Documents
Title IV – Enhanced Financial Responsibility	Section 16 – Management's Report of Internal Control over Financial Reporting

As the Pennsylvania Department of Insurance and other state insurance departments continue to revise their examination procedures, one thing appears to be certain and that is their focus on improved corporate governance requirements. While the revisions to the MAR state that its impact of change will only be with insurers with Direct Written and Assumed Premiums of $500,000 or more, what we are seeing is that the requirements for corporate governance appear to be impacting all insurers. Insurance department examinations are now including reviews and assessments over corporate responsibility by the insurer and are now being included as part of the examination requirements for each insurer. Therefore, even if you think you do not meet the requirements of the revisions to the MAR, you probably do.

In this article we will focus specifically on the similarities surrounding Title II of the SOX Act and Section 7 of the MAR.

One of the new requirements of the MAR pertains to the qualifications of the independent certified public accountant and auditor independence. More specifically, the MAR provides guidance to insurers as it pertains to:

• Audit partner
• Non-audit services
• Independent CPA services
• Conflicts of interest

Like the SOX Act, the MAR provides for audit partner rotation. The MAR sets a standard for every five years. This timing is similar with the SOX Act. The MAR also states that the independent CPA should be approved for service by an audit committee established by the insurance company. The MAR also discusses non-audit services that impair independence on any insurance audit engagements. More specifically, those services pertain to:

• Functioning in the role of management
• Auditing of his or her own work
• Serving in an advocacy role for the insurer
• Providing internal audit outsourcing, legal, or actuarial services

The MAR is very specific as to these services. The auditor can perform some non-audit services but those services can not exceed 5% of the total fees paid to the independent CPA. If your auditor is providing any of these types of services, they may be in violation of independence standards not only from the MAR but also as outlined in the new auditing standards pertaining to internal controls and risk based auditing as outlined in Statement on Auditing Standards 104 through 111.

The last item outlined in Section 7 of the MAR pertains to conflicts of interest. Conflicts of interest exist when the insurer employs a member of the Board, President, Chief Executive Officer, Controller, Chief Financial Officer, or a person serving in an equivalent position who was employed by the independent CPA and participated in the audit for the one-year period preceding the current statutory opinion due date. General practice is that the auditor would not have independence in this situation and would preclude them from performing the audit for the following fiscal year.

As an insurance company, if you have encountered any of these scenarios, you should assess the impact on your insurance company and its impact to any future insurance department examinations.

Next month's article will discuss Sections 14 and 15 of the MAR relating to Corporate Responsibility as it relates to audit committees and corporate documentation.

If you have any questions or would like to speak to an insurance professional, please call Director of Insurance Services, David Blain CPA/ABV, CVA at 717-761-7910 or contact him directly at dblain@macpas.com.