Section 45-03-20-15 - Internal audit function requirements1. Exemption. An insurer is exempt from the requirements of this section if: a. The insurer has annual direct written and unaffiliated premium, including international direct and assumed premium, but excluding premiums reinsured with the federal crop insurance corporation and federal flood program, less than five hundred million dollars; and b. If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the federal crop insurance corporation and federal flood program, less than one billion dollars. An insurer or group of insurers exempt from the requirements of this section is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an internal audit function is warranted. The potential benefits of an internal audit function should be assessed and compared against the estimated costs.
2. Function. The insurer or group of insurers shall establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and insurer management regarding the insurer's governance, risk management, and internal controls. This assurance must be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.3. Independence. To ensure internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function may not defer ultimate judgment on audit matters to others, and must appoint an individual to head the internal audit function who has direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.4. Reporting. The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.5. Additional requirements. If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.N.D. Admin Code 45-03-20-15
Adopted by Administrative Rules Supplement 2017-364, April 2017, effective 4/1/2017.General Authority: NDCC 28-32-02
Law Implemented: NDCC 26.1-03-07, 26.1-03-11.1