West Virginia Code 33-33-15 – Management’s report of internal control over financial reporting
(a) Every insurer required to file an audited financial report pursuant to this article that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500 million, or more, shall prepare a report of the insurer's or group of insurers' internal control over financial reporting, as these terms are defined in section two of this article. The report shall be filed with the commissioner along with the communication of internal control related matters noted in an audit described under section ten of this article. Management's report of internal control over financial reporting shall be filed as of December 31 immediately preceding.
Terms Used In West Virginia Code 33-33-15
- Audited financial report: means and includes those items specified in section four of this article. See West Virginia Code 33-33-2
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- Group of insurers: means those licensed insurers included in the reporting requirements of article 27 of this chapter, or a set of insurers as identified by management for the purpose of assessing the effectiveness of internal control over financial reporting. See West Virginia Code 33-33-2
- Insurer: means any domestic insurer as defined in section six, article one of this chapter and includes any domestic stock insurance company, mutual insurance company, reciprocal insurance company, farmers" mutual fire insurance company, fraternal benefit society, hospital service corporation, medical service corporation, health care corporation, health maintenance organization, captive insurance company or risk retention group and any licensed foreign or alien insurer defined in article one of this chapter. See West Virginia Code 33-33-2
- Internal control over financial reporting: means a process effected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements. See West Virginia Code 33-33-2
- SOX Compliant Entity: means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002:
(A) The preapproval requirements of Section 201, Section 10A(i) of the Securities Exchange Act of 1934. See West Virginia Code 33-33-2
(b) Notwithstanding the premium threshold in subsection (a) of this section, the commissioner may require an insurer to file management's report of internal control over financial reporting if the insurer is in any risk-based capital level event, or meets any one or more of the standards of an insurer deemed to be in hazardous financial condition as defined in article ten of this chapter.
(c) An insurer or a group of insurers may file its or its parent's Section 404 Report and an addendum in satisfaction of this section's requirement provided that those internal controls of the insurer or group of insurers having a material impact on the preparation of the insurer's or group of insurers' audited statutory financial statements were included in the scope of the Section 404 Report and if the insurer or group of insurers is:
(1) Directly subject to Section 404;
(2) Part of a holding company system whose parent is directly subject to Section 404;
(3) Not directly subject to Section 404 but is a SOX Compliant Entity; or
(4) A member of a holding company system whose parent is not directly subject to Section 404 but is a SOX Compliant Entity.
(d) The addendum referenced in subsection 8 of this section shall be a positive statement by management that there is no material process with respect to the preparation of the insurer's or group of insurers' audited statutory financial statements excluded from the Section 404 Report.
(e) If there are internal controls of the insurer or group of insurers that have a material impact on the preparation of the insurer's or group of insurers' audited statutory financial statements and those internal controls were not included in the scope of the Section 404 Report, the insurer or group of insurers may either file:
(1) A report pursuant to subsection (a) of this section; or
(2) The Section 404 Report and a [Section 16] report pursuant to subsection (a) of this section for those internal controls that have a material impact on the preparation of the insurer's or group of insurers' audited statutory financial statements not covered by the Section 404 Report.
(f) Management's report of internal control over financial reporting shall include:
(1) A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting;
(2) A statement that management has established internal control over financial reporting and an assertion, to the best of management's knowledge and belief, after diligent inquiry, as to whether its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles;
(3) A statement that briefly describes the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting;
(4) A statement that briefly describes the scope of work that is included and whether any internal controls were excluded;
(5) Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of the December 31 immediately preceding. Management is not permitted to conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its internal control over financial reporting;
(6) A statement regarding the inherent limitations of internal control systems; and
(7) Signatures of the chief executive officer and the chief financial officer, or the equivalent position or title.
(g) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in subsection (f) of this section, are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.
(1) Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation.
(2) Management's report on internal control over financial reporting, required by subsection (a) of this section, and any documentation provided in support thereof during the course of a financial condition examination, shall be kept confidential by the commissioner.