Evolving Audit Committee Standards for Texas Insurers

Locke Lord LLP
Contact

Effective January 1, 2010, the National Association of Insurance Commissioners (NAIC) adopted the Annual Financial Reporting Model Regulations (Model Audit Rule), which among other requirements, substantially expanded the role of board of director audit committees in the oversight of insurance company financial reporting, auditor qualifications and independence, corporate governance and internal control reporting. The Model Audit Rule represented a long-in-process regulatory shift toward best practice auditing standards modeled in large part after the practices mandated for U.S. public companies under the Sarbanes-Oxley Act of 2002 (SOX).  The various states, Texas included, have in recent years adopted their own versions of the Model Audit Rule.  To the boards of insurers included within a publicly traded holding company structure, many of the Model Audit Rule provisions are already institutionalized within their internal accounting and reporting procedures.  To board members of privately held or non-public insurers, the Model Audit Rule requirements represent a significantly enhanced regulatory and reporting framework with attendant compliance obligations for all but the smallest of companies.  More than a few years following adoption, many insurers are still working to adapt to and implement the Model Audit Rule requirements.  This comparison chart illustrates the similarities and, in some cases, differences, between the audit committee responsibilities for insurer boards under the Model Audit Rule, the Texas regulatory adoption of the Model Audit Rule generally implemented through Texas Administrative Code Title 28, Rule 7.88 (Texas Rule), SOX and the New York Stock Exchange Listed Company Manual.

Insurer Audit Committee Comparison Chart

Principle

NAIC Model Audit Rule

Texas Rule 7.88

SEC

NYSE

Scope of Application

For guidance purposes only

Texas insurance companies

SEC-registered companies

NYSE-listed companies

Audit Committee Size

Not specified

Not specified

Not specified

At least 3 members.

Audit Committee Member Independence

Independent1 membership of at least 75% for insurers with over $500 million in annual premiums.

Independent membership of at least 50% for insurers with $300 -$500 million in annual premiums.

No independence requirement for insurers with less than $300 million in annual premiums.2

One year transition period for changes in premiums.

Independent3 membership of at least 75% for insurers with over $500 million in annual premiums.

Independent membership of at least 50% for insurers with $300 -$500 million in annual premiums.

No independence requirement for insurers with less than $300 million in annual premiums.4

One year transition period for changes in premiums.

Each member must meet the independence requirements of Section 301 of SOX and Exchange Act Rule 10A-3(b)(1).5

Each member must meet the independence requirements of Section 301 of SOX and Exchange Act Rule 10A-3(b)(1).6

Financial Literacy or Expertise

Not specified

Not specified

Companies must disclose in annual reports whether or not the audit committee includes at least one member who is an “audit committee financial expert."7

All must be “financially literate” as determined by the board. At least one member must have “accounting or related financial management expertise” in the judgment of the board. A person considered an expert under Section 407 of SOX may be presumed an expert by the board.

Service on Multiple Committees

Not specified

Not specified

Not specified

If a member serves on audit committees of more than three public companies, disclosure required on the company’s website or proxy statement. Also, board must make a determination of non-impairment.

Authority over Auditor Relationships

Audit committee is directly responsible for the appointment, compensation and oversight of the work of any independent certified public accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the audited financial report or related work.

Each accountant shall report directly to the audit committee.

Audit committee is directly responsible for the appointment, compensation, and oversight of the work of any independent certified public accountant, including the resolution of disagreements between the management of the insurer and the accountant regarding financial reporting.

Audit committee must be directly responsible for the appointment, compensation, retention and oversight of the work of an outside auditor.

Audit Committee must be directly responsible for hiring and firing the company’s independent auditors.

Non-Audit Work

All auditing services and non-audit services provided to an insurer by the qualified independent certified public accountant of the insurer shall be preapproved by the audit committee.8

Commissioner may not recognize as qualified or independent an accountant who provides certain non-audit services for the insurer at the time of the audit.

Accountant shall not (1) function in the role of management, audit the accountant’s own work, or serve in an advocacy role for the insurer or (2) enter into an agreement of indemnity or release from liability regarding the audit.

Commissioner may not recognize as qualified or independent an accountant who provides certain non-audit services for the insurer at the time of the audit.9

Audit committee must approve in advance all auditing services and non-auditing services that an accountant provides to the insurer.10

Audit committee may delegate to one or more members the authority to grant prior approval to certain non-audit work.

Section 202 of SOX requires audit committee to approve all audit services and prohibits an independent auditor from providing any otherwise permissible non-audit services without prior approval of the audit committee (subject to certain exceptions).

No additional NYSE requirements.

Rotation of Outside Auditor

The lead (or coordinating) audit partner (having primary responsibility for the audit) may not act in that capacity for more than five consecutive years. The person shall be disqualified from acting in that or a similar capacity for the same company or its insurance subsidiaries or affiliates for a period of five consecutive years.11

Lead partner or other person responsible for rendering an audited financial report may not act in that capacity for more than five consecutive years and may not, during the five year period after that fifth year, render an audited financial report for the insurer, or subsidiary or affiliate of the insurer that is engaged in the business of insurance.12

Lead audit and concurring partners to rotate off the audit engagement after five years, with a five-year time-out period. Certain other significant audit partners are subject to a seven-year rotation requirement, followed by a two-year time-out period.

Assume regular rotation of the lead and concurring audit partners, and other significant audit partners as required by Section 203 of SOX. Consider whether, in order to assure continuing independence, there should be regular rotation of the outside auditor.13

Reports from Auditor on Auditing Standards

Audit committee shall require the accountant that performs any audit to report to the audit committee in accordance with the requirements of Auditing Standards No. 61 or its replacements, including (a) all significant accounting policies and material permitted practices, (b) all material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant, and (c) other material written communications between the accountant and the management of the insurer, such as any management or schedule of unadjusted differences.

The accountant shall furnish the insurer in connection with and for inclusion in, the filing of the annual audited financial report, a letter stating the satisfaction of a list of enumerated requirements found in Section 12 A – F of the Model Rule.

Accountant must report to audit committee in accordance with the requirements of the Statement on Auditing Standards No. 114 including: (1) all significant accounting policies and material permitted practices; (2) all material alternative treatments of financial information in statutory accounting principles that have been discussed with the insurer’s management; (3) ramifications of the use of alternative disclosures and treatments; and (4) other material written communications between accountant and management of the insurer (this report may be on an aggregate basis for insurers in a holding company system).

Receive report from the outside auditor on critical accounting policies and alternative treatments of financial information that have been discussed with management.

No additional NYSE requirements.

Authority to Engage Professionals

Not specified

Not specified

Audit committees must be authorized to engage independent counsel and other advisors as the committee determines necessary to carry out its duties (and must have appropriate funding to do so).

No additional NYSE requirements.

Whistleblower Policy

Not specified

Not specified

Audit committee must establish procedures for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or auditing matters and for the confidential, anonymous submission by employees of concerns regarding accounting or auditing matters.

No additional NYSE requirements.

Internal Audit

Insurer shall establish an internal audit function providing independent, objective and reasonable assurance to the audit committee and insurer management regarding the insurer’s governance, risk management and internal controls.  This assurance shall be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.14

Not specified

Each listed company must have an internal audit function.

Each company must have an internal audit function and the audit committee must oversee such function.

Audit Committee Charter

Not specified

Not specified

Not specified

Charter must address committee purpose which must include various specified duties including:

Appointing and overseeing the work of registered public accounting firms; 

Annually obtaining the report by the independent auditor describing internal control procedures, any issues identified and relationships affecting the auditor’s independence;

Reviewing the annual audited and quarterly  financial statements;

Discussing earnings press releases and certain information and earnings guidance given to analysts and rating agencies;

Assessing risk assessment and management;

Executive session meetings with management, internal auditors and the independent auditors;

Reviewing any audit problems and management’s response;

Setting hiring policies for employees or former employees of the independent auditor;

Setting whistle blower policies;

Reporting regularly to the board of directors; and
Evaluating the audit committee itself on an annual basis.

Publication of Charter

Not specified

Not specified

Companies must disclose if audit committee is governed by a charter, and if so, to include a copy of the charter as an appendix to the proxy statement at least once every three years.

Must be available on website.

Internal Controls

Each insurer shall furnish the commissioner with a written communication as to any unremediated material weaknesses in its internal control over financial reporting noted during the audit. Such communication shall be prepared by the accountant within sixty days after the filing of the annual audited financial report.

Every insurer with annual premiums of $500 million or more shall prepare a report of the insurer’s or group of insurers’ internal control over financial reporting.15

Each insurer must provide to the commissioner a written communication prepared by an accountant, in accordance with professional standards, that describes any unremediated material weaknesses in its internal controls over financial reporting noted during the audit.

Each insurer with over $500 million in annual premiums shall prepare and file a report of the insurer’s or group of insurers’ control over financial reporting (a two-year transition period exists once an insurer becomes subject to this reporting).16

Reporting companies must include in their annual reports a report of management on the company’s internal control over financial reporting. 

The internal control report must include a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting; a statement on management’s assessment of such internal control including the framework used in its evalution; and a statement that the accountant included in the annual report an attestation report on management’s assessment of the company’s internal control over financial reporting.

Annually obtaining and reviewing the report by the independent auditor describing internal control procedures and issues, and assessing the auditor’s independence.

Auditor Hiring Policies

The commissioner shall not recognize an independent accountant as qualified if a member of the board, the president, chief executive officer, controller, chief financial officer, chief accounting officer, or any individual serving in an equivalent position for the insurer, was employed by the accountant and participated in the audit of that insurer during the one-year period preceding the date on which the most current opinion is due.  This section applies to partners and senior managers involved in the audit.  An insurer may make application to the commissioner for relief on the basis of unusual circumstances.

The commissioner may not recognize an accountant as qualified or independent if a member of the board, the president, chief executive officer, controller, chief financial officer, chief accounting officer, or any individual serving in an equivalent position for the insurer, was employed by the accountant and participated in the audit of that insurer during the one-year period preceding the date on which the most current opinion is due.

Section 206 of SOX prohibits an accounting firm from performing audit services for a registrant entity if the chief financial officer, controller, or chief accounting officer, or any other person serving in an equivalent position at the issuer, had been employed by the accounting firm and had participated in any capacity in an audit of the issuer during the preceding one-year period.

Set clear hiring policies for employees or former employees of the independent auditors.

Meetings with External Auditors and Management

Not specified

Not specified

Meet separately, from time to time, with management, with internal auditors and with the independent auditors.

Meet separately, periodically, with management, with internal auditors and with independent auditors.

Endnotes

1 The Model Audit Rule defines “independent” as someone who does not accept any consulting, advisory, or other compensatory fee from the entity (except in their capacity as a member of the audit committee or board of directors) and is not an affiliate of the entity or an affiliate of any subsidiary. 
2 Notwithstanding the independence requirement of the Model Audit Rule, the commissioner may require an insurer to improve the independence of the audit committee membership under certain circumstances. 
3 The Texas Rule defines “independent” as someone who does not accept any consulting, advisory, or other compensatory fee from the entity (except in their capacity as a member of the audit committee or board of directors) and is not an affiliate of the entity or an affiliate of any subsidiary. 
4 Notwithstanding the independence requirement of the Texas Rule, the commissioner may require an insurer to improve the independence of the audit committee membership under certain circumstances. 
5 In order be considered “independent” under Section 301 of SOX, a committee member may not, other than in his or her capacity as a member of the audit committee, the board of directors or any other board committee: (1) accept any consulting, advisory, or other compensatory fee from the issuer or (2) be an affiliated person of the issuer or any subsidiary thereof.
6 All listed companies must have an audit committee that satisfies the requirements of Rule 10A-3 under the Securities Exchange Act of 1934 (Exchange Act).
7 The U.S. Securities and Exchange Commission (SEC) defines an “audit committee financial expert” as someone who has (1) an understanding of GAAP and financial statements; (2) the ability to assess the general application of GAAP in connection with the accounting for estimates, accruals, and reserves, (2) experience: (i) preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to those that the issuer’s financial statements can reasonably be expected to raise; or (ii) actively supervising individuals engaged in these activities; (3) an understanding of internal controls and procedures for financial reporting; and (4) an understanding of audit committee functions. The rules also provide criteria for an audit committee financial expert can acquire such attributes.
8 The preapproval requirement is waived with respect to non-audit services if the insurer is a SOX compliant entity or a direct or indirect wholly-owned subsidiary of a SOX compliant entity.  Other exemptions also provided by the Model Audit Rule. 
9 Exception from this provision available for insurers with direct written and assumed premiums of less than $100 million in any calendar year. 
10 This requirement waived with respect to non-audit services if insurer is a SOX compliant entity or a direct or indirect wholly owned subsidiary of a SOX compliant entity. Other exemptions also provided by the Texas Rule.
11 See Implementation Guide FAQs 4, 5, and 9 (suggesting that a former lead partner may serve in a role other than lead partner, such as concurring partner or auxiliary partner, during the 5 year time-out period). See also Section 7(D)(1) of the Model Audit Rule providing a process by which an insurer may apply to the commissioner for relief from the lead audit partner rotation requirements. 
12 The Texas Rule provides that “on application made at least 30 days before the end of the calendar year, the commissioner may determine that the limitation provided this [provision] does not apply to an accountant for a particular insurer . . . if [such] insurer demonstrates to the satisfaction of the commissioner that the limitation’s application to the insurer . . would be unfair because of unusual circumstances.” The Texas Rule further provides a list of considerations that the commissioner may take into account when reviewing such a request including (i) the number of partners or individuals the accountant employs, the expertise of the partners or individuals the accountant employs or the number of the accountant’s insurance clients; (ii) the premium volume of the insurer; and (iii) the number of jurisdictions in which the insurer engages in business.
13 Commentary to NYSE Manual Section 303A.07(b)(iii)(A)).
14 The Model Audit Rule provides an exemption to the internal audit function requirements for insurers with annual direct written and unaffiliated assumed premiums of less than $500,000,000 and insurers that are members of a group of insurers that have annual direct written and unaffiliated assumed premiums of less than $1,000,000,000.
15 Notwithstanding the premium threshold, the commissioner may require an insurer to file a report under certain circumstances.
16 Commissioner may require a similar report of an insurer notwithstanding threshold requirement.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide