Michigan Laws 500.1028 – Internal audit function; exemption; confidentiality; report to audit committee
Current as of: 2023 | Check for updates
|
Other versions
Terms Used In Michigan Laws 500.1028
- Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
- Audit committee: means a committee or equivalent body established by the board of directors of an entity to oversee the accounting and financial reporting processes of an insurer or group of insurers, the internal audit function of an insurer or group of insurers, if applicable, and the external audits of the financial statements of an insurer or group of insurers. See Michigan Laws 500.1001
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- Department: means the department of insurance and financial services. See Michigan Laws 500.102
- Director: means , unless the context clearly implies a different meaning, the director of the department. See Michigan Laws 500.102
- Freedom of Information Act: A federal law that mandates that all the records created and kept by federal agencies in the executive branch of government must be open for public inspection and copying. The only exceptions are those records that fall into one of nine exempted categories listed in the statute. Source: OCC
- Group of insurers: means those licensed insurers included in the reporting requirements of chapter 13, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting. See Michigan Laws 500.1001
- Insurance holding company system: means 2 or more affiliated persons, 1 or more of which is an insurer. See Michigan Laws 500.115
- Insurer: means that term as defined in section 106 and includes a nonprofit dental care corporation operating under 1963 PA 125, MCL 550. See Michigan Laws 500.1001
- Internal audit function: means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. See Michigan Laws 500.1001
- person: may extend and be applied to bodies politic and corporate, as well as to individuals. See Michigan Laws 8.3l
- state: when applied to the different parts of the United States, shall be construed to extend to and include the District of Columbia and the several territories belonging to the United States; and the words "United States" shall be construed to include the district and territories. See Michigan Laws 8.3o
- Subpoena: A command to a witness to appear and give testimony.
(1) An insurer is exempt from the requirements of this section if the insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program less than $500,000,000.00 and if the insurer is a member of a group of insurers that has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program less than $1,000,000,000.00.
(2) An insurer or group of insurers not exempt under subsection (1) shall establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and management regarding the insurer’s governance, risk management, and internal controls. This assurance must be provided by performing general and specific audits, reviews and tests, and by employing other techniques considered necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(3) General and specific audits performed under this section are not considered an insurance compliance self-evaluative audit under section 221. Documents prepared or produced as a result of or in connection with audits performed under this section must be disclosed to the director on written request. Except as otherwise provided in this subsection, the director shall withhold from public inspection all information and documents submitted to the department under this section and these items are confidential, are not subject to subpoena, are not subject to disclosure under the freedom of information act, 1976 PA 442, MCL 15.231 to 15.246, and must not be divulged to any person. However, the director may divulge the information and documents described in this subsection to a relevant state or federal agency, or to the National Association of Insurance Commissioners, if the director receives assurances that the information and documents will be kept confidential. The director shall not use the information and documents submitted under this section to form the sole basis for an examination under section 222.
(4) To ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function must not defer ultimate judgment on audit matters to others, and must appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(5) The head of internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.
(6) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.
(7) An insurer that meets the premium thresholds under this section must have an internal audit function and must have the function in place by no later than January 1, 2021. If an insurer or group of insurers that is exempt no longer qualifies for the exemption, it has 1 year after the year the threshold is exceeded to comply with the requirement.