IDAPA 18.07.04
This rule applies to domestic and foreign insurers and certified public accountants performing audits of financial reports for insurance companies.
The purpose of this rule provides requirements for annual audits of financial statements, communication of internal control, and management’s report of internal controls over financial reporting.
This rule implements the following statute passed by the Idaho Legislature:
Insurance -
700 W. State Street, 3rd Floor
Boise, ID 83720-0043
P.O. Box 83720
Boise, ID 83720-0043
Phone: 1(800) 721-3272 or (208) 334-4250
Fax: (208) 334-4398
Email: rulesreview@doi.idaho.gov
Web: https://doi.idaho.gov/
This rule chapter will be reviewed in compliance with Section 67-5292, Idaho Code, and in accordance with the 8-year rule review schedule linked here.
18.07.04 – Annual Financial Reporting
000. Legal Authority. ... 3
001. Title And Scope. ... 3
002. Incorporation By Reference. ... 3
003. -- 009. (Reserved) ... 3
010. Definitions. ... 3
011. General Requirements Related To Filing And Extensions For Filing Of Annual Audited Financial Reports And Audit Committee Appointment. ... 4
012. Contents Of Annual Audited Financial Report. ... 5
013. Designation Of Independent Certified Public Accountant. ... 5
014. Qualifications Of Independent Certified Public Accountant. ... 6
015. Consolidated Or Combined Audits. ... 8
016. Scope Of Audit And Report Of Independent Certified Public Accountant. ... 9
017. Notification Of Adverse Financial Condition. ... 9
018. Communication Of Internal Control Related Matters Noted In An Audit. ... 9
019. Accountant's Letter Of Qualification. ... 10
020. Definition, Availability And Maintenance Of Certified Public Accountants Workpapers. ... 10
021. Requirements For Audit Committees. ... 10
022. Conduct Of Insurer In Connection With The Preparation Of Requisite Reports And Documents. ... 12
023. Management's Report Of Internal Control Over Financial Reporting. ... 12
024. Exemptions And Effective Dates. ... 14
025. Canadian And British Companies. ... 14
026. Internal Audit Function Requirements. ... 15
027. Minimum Reserve Standards. ... 15
028. -- 999. (Reserved) ... 15
Title 41, Chapters 2 and 6, Idaho Code.
(3-31-22)
01. Title. IDAPA 18.07.04, “Annual Financial Reporting.”
(3-31-22)
02. Scope. To improve the Department’s surveillance of the financial condition of insurers by requiring: (1) an annual audit of the financial statements reporting the financial position and the results of operations of insurers by independent certified public accountants; (2) Communication of Internal Control Related Matters Noted in an Audit; and (3) Management’s Report of Internal Control over Financial Reporting. Insurers having direct premiums written in this state of less than one million dollars ($1,000,000) in any calendar year and less than one thousand (1,000) policyholders or certificate holders of direct written policies nationwide at the end of such calendar year are exempt from this rule for such year (unless the Director makes a specific finding that compliance is necessary for the Director to carry out statutory responsibilities) except that insurers having assumed premiums pursuant to contracts or treaties of reinsurance of one million dollars ($1,000,000) or more, or both, will not be exempt. Foreign or alien insurers filing the audited financial report in another state, pursuant to that other state’s requirement for filing of audited financial reports found by the Director to be substantially similar to the requirements herein, are exempt from Section 011 through Section 020 of this rule if conditions of Subsection 001.02.a. or 001.02.b., of this rule apply: (3-31-22)
a. A copy of the Audited financial report, Communication of Internal Control Related Matters Noted in an Audit, and the Accountant’s Letter of Qualifications that are filed with the other state are filed with the Director in accordance with the filing dates in Sections 011, 018, and 019 respectively (Canadian insurers may submit accountants’ reports as filed with the Office of the Superintendent of Financial Institutions, Canada). (3-31-22)
b. A copy of any Notification of Adverse Financial Condition Report filed with the other state is filed with the Director pursuant to Section 017. (3-31-22)
c. Foreign or alien insurers need to file Management’s Report of Internal Control over Financial Reporting in another state are exempt from filing the Report in this state provided the other state has substantially similar reporting requirements and the Report is filed with the Director of the other state within the time specified. (3-31-22)
d. This rule does not prohibit, preclude or in any way limit the Director from ordering, conducting or performing examinations of insurers pursuant to the provisions of Title 41, Idaho Code, and the rules, practices and procedures of the Department. (3-31-22)
This rule incorporates by reference the full text of the National Association of Insurance Commissioners Financial Condition Examiners Handbook and the National Association of Insurance Commissioners Annual Statement Instructions and Accounting Practices and Procedures Manual, pursuant to Sections 41-223 and 47-335, Idaho Code. (3-31-22)
01. Affiliate. Is a person that directly, or indirectly through one (1) or more intermediaries, controls, or is controlled by, or is under common control with, the person specified. (3-31-22)
02. Audit Committee. A committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or group of insurers, and audits of financial statements of the insurer or group of insurers. The Audit committee of any entity that controls a group of insurers may be deemed to be the Audit committee for one (1) or more of these controlled insurers solely for the purposes of this rule at the election of the controlling person. Refer to Subsection 021.05 of this rule, for exercising this election. If an Audit committee is not designated by the insurer, the insurer’s entire board of directors constitutes the Audit committee. (3-31-22)
03. Audited Financial Report. Includes those items specified in Section 012 of this rule. (3-31-22)
04. Indemnification. An agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing or other misrepresentations made by the insurer or its representatives. (3-31-22)
05. Group of Insurers. Those licensed insurers included in the reporting requirements of Title 41, Chapter 38, Idaho Code, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of Internal control over financial reporting. (3-31-22)
06. Internal Control over Financial Reporting. A process effected by an entity’s board of directors, management and other personnel providing reasonable assurance of the reliability of the financial statements, such as those items specified in Subsections 012.02 through 012.07 of this rule, and includes those policies and procedures that: (3-31-22)
a. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets; (3-31-22)
b. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements, such as those items specified in Subsections 012.02 through 012.07 of this rule, and that receipts and expenditures are being made only in accordance with authorizations of management and directors; and (3-31-22)
c. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements, such as those items specified in Subsections 012.02 through 012.07 of this rule. (3-31-22)
07. Section 404. Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s rules and regulations promulgated thereunder. (3-31-22)
08. Section 404 Report. Management’s report on “internal control over financial reporting” as defined by the SEC and the related attestation report of the independent certified public accountant as described in Section 3A. (3-31-22)
13. SOX Compliant Entity. An entity that needs to be compliant with, or voluntarily is compliant with, the following provisions of the Sarbanes-Oxley Act of 2002: (3-31-22)
a. The preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (3-31-22)
b. The Audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (3-31-22)
c. The Internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K). (3-31-22)
01. Annual Audit Filing Date. All insurers will have an annual audit by an independent certified public accountant and file an audited financial report with the Director on or before June 1 for the year ended December 31 immediately preceding. The Director may require an insurer to file an audited financial report earlier than June 1 with ninety (90) days advance notice. (3-31-22)
02. Request for Extension. Extensions of the June 1 filing date may be granted by the Director for thirty (30) day periods upon a showing by the insurer and its independent certified public accountant of the reasons for the request and a determination by the Director of good cause for an extension. The request for extension needs to be submitted in writing at least ten (10) days prior to the due date in sufficient detail to permit the Director to make an
informed decision with respect to the extension. If an extension is granted, an extension of thirty (30) days is also granted to the filing of Management's Report of Internal Control over Financial Reporting. (3-31-22)
03. Designation of Audit Committee. Every insurer needs to file an annual audited financial report pursuant to this chapter will designate an Audit committee, as defined in Section 010. The Audit committee of an entity controlling an insurer may be deemed to be the insurer's Audit committee for purposes of this rule at the controlling person's election. (3-31-22)
012. CONTENTS OF ANNUAL AUDITED FINANCIAL REPORT.
01. Contents of Report. The annual audited financial report will report the financial position of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows and changes in capital and surplus for the year then ended in conformity with statutory accounting practices prescribed, or otherwise permitted, by the Department of Insurance of the state of domicile. The annual Audited financial report will include the following: (3-31-22)
a. Report of independent certified public accountant; (3-31-22) b. Balance sheet reporting admitted assets, liabilities, capital and surplus; (3-31-22) c. Statement of operations; (3-31-22) d. Statement of cash flow; (3-31-22) e. Statement of changes in capital and surplus; (3-31-22)
f. Notes to financial statements, which will those prescribed by the appropriate NAIC Annual Statement Instructions and NAIC Accounting Practices and Procedures Manual. The notes will include a reconciliation of differences, if any, between the audited statutory financial statements and the annual statement filed pursuant to Section 41-335, Idaho Code, or other applicable section of Idaho Code with a written description of the nature of these differences. (3-31-22)
g. The financial statements included in the audited financial report will be prepared in a form and using language and groupings substantially the same as the relevant sections of the annual statement of the insurer filed with the Director. The financial statement will be comparative, presenting the amounts as of December 31 of the current year and the amounts as of the immediately preceding December 31. (In the first year in which an insurer needs to file an audited financial report, the comparative data may be omitted.) (3-31-22)
013. DESIGNATION OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT.
01. Registration with the Director. Each insurer prescribed by this rule to file an annual audited financial report needs, within sixty (60) days after becoming subject to the requirement, to register with the Director in writing the name and address of the independent certified public accountant or accounting firm retained to conduct the annual audit. Insurers not retaining an independent certified public accountant on the effective date of this rule will register the name and address of their retained independent certified public accountant not less than six (6) months before the date when the first audited financial report is to be filed. (3-31-22)
02. Letter of Awareness. The insurer will obtain a letter from the accountant, and file a copy with the Director stating that the accountant is aware of the provisions of the Insurance Code and the Department's rules of the state of domicile that relate to accounting and financial matters and affirming that they will express his opinion on the financial statements in terms of their conformity to the statutory accounting practices prescribed or otherwise permitted by that Department, specifying appropriate exceptions. (3-31-22)
03. Dismissal or Resignation. If an accountant who was the accountant for the immediately preceding filed audited financial report is dismissed or resigns, the insurer will within five (5) business days notify the Department. The insurer will also furnish the Director with a separate letter within ten (10) business days after the above notification stating whether in the twenty-four (24) months preceding such event there were any disagreements
with the former accountant on any matter of accounting principles or practices, financial statement disclosure, or auditing scope or procedure; which disagreements, if not resolved to the satisfaction of the former accountant, would have caused the accountant to make reference to the subject matter of the disagreement in connection with the opinion. The disagreements need to be reported in response to this rule include those resolved to the former accountant’s satisfaction and not resolved to the former accountant’s satisfaction. Disagreements contemplated by this section occur at the decision-making level, such as between personnel of the insurer responsible for presentation of financial statements and personnel of the accounting firm responsible for rendering the report. The insurer will also in writing request the former accountant to furnish a letter addressed to the insurer stating whether the accountant agrees with the statements contained in the insurer’s letter and, if not, stating the reasons for which the accountant does not agree; and the insurer will furnish such responsive letter from the former accountant to the Director with its own. (3-31-22)
01. In Good Standing. The Director will not recognize any person or firm as a qualified independent certified public accountant that is not in good standing with the AICPA in all states in which the accountant is licensed to practice, or, for a Canadian or British company, that is not a chartered accountant; or has either directly or indirectly entered into an agreement of indemnity or release from liability (“indemnification”) with respect to the insurer’s audit. (3-31-22)
02. Conformance with Ethical and Professional Standards. Except as otherwise provided in this rule, the Director will recognize an independent certified public accountant as qualified if the accountant conforms to the standards contained in the Code of Professional Ethics of the AICPA and Rules and Regulations and Code of Ethics and Rules of Professional Conduct of the Idaho Board of Public Accountancy, or similar code. (3-31-22)
03. Resolution of Disputes and Delinquency Proceedings. A qualified independent certified public accountant may enter into an agreement with an insurer to have audit-related disputes resolved by mediation or arbitration. In the event of a delinquency proceeding commenced against the insurer under Title 41, Chapter 33, the mediation or arbitration provisions operates at the option of the statutory successor. (3-31-22)
04. Capacity to Render Report for Consecutive Years. The lead (or coordinating) audit partner (primarily responsible for the audit) cannot act in the capacity for more than five (5) consecutive years. The person will be disqualified from acting in that or a similar capacity for the same company or its insurance subsidiaries or affiliates for a period of five (5) consecutive years. An insurer may make application to the Director for relief from the above requirement due to unusual circumstances. Application should be made at least thirty (30) days before the end of the calendar year. The Director may consider the following factors in determining if the relief should be granted: (3-31-22)
a. Number of partners, expertise of the partners or the number of insurance clients in the currently registered firm; (3-31-22)
b. Premium volume; or (3-31-22)
c. Number of jurisdictions in which the insurer transacts business. (3-31-22)
05. Relief from Limitation on Consecutive Appointment of Lead Partner. The insurer will file, with its annual statement filing, the approval for relief from Subsection 014.04 of this rule, with the states that it is licensed in or doing business in and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer will file the approval in an electronic format acceptable to the NAIC. (3-31-22)
06. Grounds for Not Recognizing as Qualified. The Director will neither recognize as a qualified independent certified public accountant, nor accept any annual Audited financial report, prepared in whole or in part by, any natural person who: (3-31-22)
a. Has been convicted of fraud, bribery, a violation of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. Sections 1961 to 1968, or any dishonest conduct or practices under federal or state law; (3-31-22)
b. Has been found to have violated the insurance laws of this state with respect to any previous reports submitted under this rule; or (3-31-22)
c. Has demonstrated a pattern or practice of failing to detect or disclose material information in previous reports filed under the provisions of this rule. (3-31-22)
07. Hearings. The Director of insurance may, as provided in Chapter 52, Title 67 and Chapter 2, Title 41, Idaho Code and IDAPA 04.11.01, hold a hearing to determine whether an independent certified public accountant is qualified and, considering the evidence presented, may rule that the accountant is not qualified for purposes of expressing his opinion on the financial statements in the annual Audited financial report made pursuant to this rule and require the insurer to replace the accountant with another whose relationship with the insurer is qualified within the meaning of this rule. (3-31-22)
08. Banned Services. The Director will not recognize as a qualified independent certified public accountant, nor accept an annual audited financial report, prepared in whole or in part by an accountant who provides to an insurer, contemporaneously with the audit, the following non-audit services: (3-31-22)
a. Bookkeeping or other services related to the accounting records or financial statements of the insurer; (3-31-22)
b. Financial information systems design and implementation; (3-31-22)
c. Appraisal or valuation services, fairness opinions, or contribution-in-kind reports. (3-31-22)
d. Actuarially-oriented advisory services involving the determination of amounts recorded in the financial statements. The accountant may assist an insurer in understanding the methods, assumptions and inputs used in the determination of amounts recorded in the financial statement only if it is reasonable to conclude that the services provided will not be subject to audit procedures during an audit of the insurer’s financial statements. An accountant’s actuary may also issue an actuarial opinion or certification (“opinion”) on an insurer’s reserves if the following conditions have been met: (3-31-22)
i. Neither the accountant nor the accountant’s actuary has performed any management functions or made any management decisions; (3-31-22)
ii. The insurer has competent personnel (or engages a third party actuary) to estimate the reserves for which management takes responsibility; and (3-31-22)
iii. The accountant’s actuary tests the reasonableness of the reserves after the insurer’s management has determined the amount of the reserves; (3-31-22)
e. Internal audit outsourcing services; (3-31-22)
f. Management functions or human resources; (3-31-22)
g. Broker or dealer, investment adviser, or investment banking services; (3-31-22)
h. Legal services or expert services unrelated to the audit; or (3-31-22)
i. Any other services that the Director determines, by rule, are impermissible. (3-31-22)
09. Principles of Independence. In general, the principles of independence with respect to services provided by the qualified independent certified public accountant are largely predicated on three (3) basic principles, violations of which would impair the accountant’s independence. The principles are that the accountant: (3-31-22)
a. Cannot function in the role of management; (3-31-22)
b. Cannot audit his own work; and (3-31-22)
c. Cannot serve in an advocacy role for the insurer. (3-31-22)
10. Exemption from Banned Services. Insurers having direct written and assumed premiums of less than one hundred million dollars ($100,000,000) in any calendar year may request an exemption from Subsection 014.08 of this rule. The insurer will file with the Director a written statement discussing the reasons why the insurer should be exempt from these provisions. If the Director finds, upon review of this statement, that compliance with this regulation would constitute a financial or organizational hardship upon the insurer, an exemption may be granted. (3-31-22)
11. Permitted Non-Audit Services. A qualified independent certified public accountant who performs the audit may engage in other non-audit services, including tax services, that are not described in Subsection 014.08 of this rule, or that do not conflict with Subsection 014.09 of this rule, only if the activity is approved in advance by the Audit committee, in accordance with Subsection 014.12 of this rule. (3-31-22)
12. Preapproval Requisite by Audit Committee. All auditing services and non-audit services provided to an insurer by the qualified independent certified public accountant of the insurer will be preapproved by the Audit committee. The preapproval requirement is waived with respect to non-audit services if the insurer is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity; or (3-31-22)
a. The aggregate amount of all such non-audit services provided to the insurer constitutes not more than five percent (5%) of the total amount of fees paid by the insurer to its qualified independent certified public accountant during the fiscal year in which the non-audit services are provided; (3-31-22)
b. The services were not recognized by the insurer at the time of the engagement to be non-audit services; and (3-31-22)
c. The services are promptly brought to the attention of the Audit committee and approved prior to the completion of the audit by the Audit committee or by one (1) or more members of the Audit committee who are the members of the board of directors to whom authority to grant such approvals has been delegated by the Audit committee. (3-31-22)
13. Delegation by Audit Committee. The Audit committee may delegate to one (1) or more designated members of the Audit committee the authority to grant the preapprovals prescribed by Subsection 014.12 of this rule. The decisions of any member to whom this authority is delegated will be presented to the full Audit committee at each of its scheduled meetings. (3-31-22)
14. Prior Employment Banned. The Director will not recognize an independent certified public accountant as qualified for a particular insurer if a member of the board, president, chief executive officer, controller, chief financial officer, chief accounting officer, or any person serving in an equivalent position for that insurer, was employed by the independent certified public accountant and participated in the audit of that insurer during the one (1) year period preceding the date that the most current statutory opinion is due. Subsection 014.14 of this rule, will only apply to partners and senior managers involved in the audit. (3-31-22)
a. An insurer may make application to the Director for relief from Subsection 014.14 of this rule, on the basis of unusual circumstances. (3-31-22)
b. The insurer will file, with its annual statement filing, the approval for relief from Subsection 014.14 of this rule, with the states that it is licensed in or doing business in and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer will file the approval in an electronic format acceptable to the NAIC. (3-31-22)
An insurer may make written application to the Director for approval to file audited consolidated or combined financial statements in lieu of separate annual audited financial statements if the insurer is part of a group of insurance companies that utilizes a pooling or one hundred percent (100%) reinsurance agreement that affects the solvency and
integrity of the insurer’s reserves and such insurer cedes all of its direct and assumed business to the pool. In such cases, a columnar consolidating or combining worksheet will be filed with the report, as follows: (3-31-22)
01. Worksheet. Amounts shown on the consolidated or combined Audited financial report will be shown on the worksheet; (3-31-22)
02. Separate Amounts. Amounts for each insurer subject to this section will be stated separately; (3-31-22)
03. Noninsurance Operations. Noninsurance operations may be shown on the worksheet on a combined or individual basis; (3-31-22)
04. Explanations of Consolidating and Eliminating Entries. Explanations of consolidating and eliminating entries will be included; and (3-31-22)
05. Reconciliation. A reconciliation will be included of any differences between the amounts shown in the individual insurer columns of the worksheet and comparable amounts shown on the annual statement of the insurers. (3-31-22)
Financial statements furnished pursuant to Section 012 hereof will be examined by the independent certified public accountant. The audit of the insurer’s financial statements will be conducted in accordance with generally accepted auditing standards. The independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent prescribed by the standards of his profession, for those insurers prescribed to file a Management’s Report of Internal Control over Financial Reporting pursuant to Section 023, the independent certified public accountant should consider (as that term is defined in generally accepted auditing standards) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration will be given to the other procedures illustrated in the Financial Condition Examiner’s Handbook promulgated by the National Association of Insurance Commissioners as the independent certified public accountant deems necessary. (3-31-22)
The insurer needed to furnish the annual Audited financial report will require the independent certified public accountant to report, in writing, within five (5) business days to the board of directors or its Audit committee any determination by the independent certified public accountant that the insurer has materially misstated its financial condition as reported to the Director as of the balance sheet date currently under audit or that the insurer does not meet the minimum capital and surplus requirements of Title 41, Idaho Code, as of that date. An insurer that has received a report pursuant to this paragraph will forward a copy of the report to the Director within five (5) business days of receipt of the report and will provide the independent certified public accountant making the report with evidence of the report being furnished to the Director. If the independent certified public accountant fails to receive such evidence within the mandatory five (5) business day period, the independent certified public accountant will furnish to the Director a copy of its report within the next five (5) business days. No independent certified public accountant will be liable in any manner to any person for any statement made in connection with Section 017 if the statement is made in good faith in compliance with Section 017. If the accountant, subsequent to the date of the Audited financial report filed pursuant to this rule, becomes aware of facts which might have affected his report, the Director notes the obligation of the accountant to take action as prescribed by the standards of his profession. (3-31-22)
In addition to the annual audited financial report, each insurer will furnish the Director with a written communication as to any unremediated material weaknesses in its Internal control over financial reporting noted during the audit. Such communication will be prepared by the accountant within sixty (60) days after the filing of the annual audited financial report, and will contain a description of any unremediated material weakness (as the term material weakness is defined by the standards of his profession) as of December 31 immediately preceding (so as to coincide with the audited financial report discussed in Subsection 011.01, of this rule) in the insurer’s Internal control over financial reporting noted by the accountant during the course of their audit of the financial statements. If no unremediated material weaknesses were noted, the communication should so state. The insurer needs to provide a description of
remedial actions taken or proposed to correct unremediated material weaknesses, if the actions are not described in the accountant’s communication. (3-31-22)
The accountant will furnish the insurer in connection with, and for inclusion in, the filing of the annual audited financial report, a letter stating: (3-31-22)
01. Independence. That the accountant is independent with respect to the insurer and conforms to the standards of his profession as contained in the Code of Professional Ethics and pronouncements of the AICPA and the Rules of Professional Conduct of the Idaho Board of Public Accountancy, or similar code; (3-31-22)
02. Background and Experience. The background and experience in general, and the experience in audits of insurers of the staff assigned to the engagement and whether each is an independent certified public accountant. Nothing within this rule will be construed as prohibiting the accountant from utilizing such staff as he deems appropriate where use is consistent with the standards prescribed by generally accepted auditing standards; (3-31-22)
03. Compliance with Rule. That the accountant understands the annual audited financial report and his opinion thereon will be filed in compliance with this rule and that the Director will be relying on this information in the monitoring and regulation of the financial position of insurers; (3-31-22)
04. Consent to Requirements of Section 020. That the accountant consents to the requirements of Section 020 of this rule and that the accountant consents and agrees to make available for review by the Director, or the Director’s designee or appointed agent, the workpapers, as defined in Section 020; (3-31-22)
05. Properly Licensed. A representation that the accountant is properly licensed by an appropriate state licensing authority and is a member in good standing in the AICPA; and (3-31-22)
06. Compliance with Section 014. A representation that the accountant is in compliance with the requirements of Section 014 of this rule. (3-31-22)
Workpapers are the records kept by the independent certified public accountant of the procedures followed, the tests performed, the information obtained, and the conclusions reached pertinent to the accountant’s audit of the financial statements of an insurer. Workpapers, accordingly, may include audit planning documentation, work programs, analyses, memoranda, letters of confirmation and representation, abstracts of company documents and schedules or commentaries prepared or obtained by the independent certified public accountant in the course of his audit of the financial statements of an insurer and which support the accountant’s opinion. Every insurer needs to file an Audited financial report pursuant to this rule, will require the accountant to make available for review by the insurance department examiners, all workpapers prepared in the conduct of the accountant’s audit and any communications related to the audit between the accountant and the insurer, at the office of the insurer, at the insurance department or at any other reasonable place designated by the Director. The insurer will require that the accountant retain the audit workpapers and communications until the insurance department has filed a report on examination covering the period of the audit but no longer than seven (7) years from the date of the audit report. In the conduct of the aforementioned periodic review by the insurance department examiners, it will be agreed that photocopies of pertinent audit workpapers may be made and retained by the department. Such reviews by the department examiners will be considered investigations and all working papers and communications obtained during the course of such investigations will be afforded the same confidentiality as other examination workpapers generated by the department. (3-31-22)
This section will not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity. (3-31-22)
01. Responsibility. The Audit committee will be directly responsible for the appointment, compensation and oversight of the work of any accountant (including resolution of disagreements between
management and the accountant regarding financial reporting) for the purpose of preparing or issuing the audited financial report or related work pursuant to this chapter. Each accountant will report directly to the Audit committee. (3-31-22)
02. Corporate Membership. Each member of the Audit committee will need to be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to Subsection 021.05 and Section 010 of this rule. (3-31-22)
03. Independence. In order to be considered independent for purposes of Section 021, a member of the Audit committee will not, other than in his capacity as a member of the Audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof. However, if law requires board participation by otherwise non-independent members, that law will prevail and such members may participate in the Audit committee and be designated as independent for Audit committee purposes, unless they are an officer or employee of the insurer or one (1) of its affiliates. (3-31-22)
04. Continuation of Service. If a member of the Audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the Director, may remain an Audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one (1) year from the occurrence of the event that caused the member to be no longer independent. (3-31-22)
05. Controlling Person. To exercise the election of the controlling person to designate the Audit committee for purposes of this rule, the ultimate controlling person will provide written notice to the directors of insurance of the affected insurers. Notification will be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election. The election can be changed through notice to the Director by the insurer, which needs to include a description of the basis for the change. The election will remain in effect for perpetuity, until rescinded. (3-31-22)
06. Accountant’s Reports to Audit Committee. The Audit committee will require the accountant that performs for an insurer any audit prescribed by this rule to timely report to the Audit committee in accordance with the standards of his profession. If an insurer is a member of an insurance holding company system, the reports prescribed by Subsection 021.06 of this rule, may be provided to the Audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the Audit committee. The accountant’s reports need to include: (3-31-22)
a. All significant accounting policies and material permitted practices; (3-31-22)
b. All material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and (3-31-22)
c. Other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences. (3-31-22)
07. Requisite Proportion of Independent Audit Committee Members. The proportion of independent Audit committee members will meet or exceed the following criteria: (3-31-22)
| Prior Calendar Year Direct Written and Assumed Premiums | ||
|---|---|---|
| $0 - $300,000,000 | Over $300,000,000 - $500,000,000 | Over $500,000,000 |
| No minimum requirements. See also Note A and B. | Majority (50% or more) of members will be independent. See also Note A and B. | Supermajority of members (75% or more) will be independent. See also Note A. |
| Prior Calendar Year Direct Written and Assumed Premiums |
|---|
| Note A: The Director has authority afforded by state law to require the entity's board to enact improvements to the independence of the Audit committee membership if the insurer is in a RBC action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer. |
| Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members. |
| Note C: Prior calendar year direct written and assumed premiums will be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities. |
(3-31-22)
08. Hardship Waiver. An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than five hundred million dollars ($500,000,000) may make application to the Director for a waiver from the Section 021 requirements based upon hardship. The insurer will file, with its annual statement filing, the approval for relief from Section 021 with the states that it is licensed in or doing business in and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer will file the approval in an electronic format acceptable to the NAIC. (3-31-22)
01. False or Misleading Statements. No director or officer of an insurer may, directly or indirectly make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review or communication prescribed under this chapter. (3-31-22)
02. Omissions. No director or officer of an insurer may, directly or indirectly omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review or communication prescribed under this chapter. (3-31-22)
03. Coercion. No officer or director of an insurer, or any other person acting under the direction thereof, may directly or indirectly take any action to coerce, manipulate, mislead or fraudulently influence any accountant engaged in the performance of an audit pursuant to this chapter if that person knew or should have known that the action, if successful, could result in rendering the insurer's financial statements materially misleading. For purposes of Subsection 022.03 of this rule, actions that, 'if successful, could result in rendering the insurer's financial statements materially misleading' include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant: (3-31-22)
a. To issue or reissue a report on an insurer's financial statements that is not warranted in the circumstances (due to material violations of statutory accounting principles prescribed by the Director, generally accepted auditing standards, or other professional or regulatory standards); (3-31-22)
b. Not to perform audit, review or other procedures prescribed by generally accepted auditing standards or other professional standards; (3-31-22)
c. Not to withdraw an issued report; or (3-31-22)
d. Not to communicate matters to an insurer's Audit committee. (3-31-22)
01. Premium Threshold. Every insurer needs to file an audited financial report pursuant to this chapter that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of five hundred million dollars ($500,000,000) or more will prepare a report of the insurer’s or group of insurers’ internal control over financial reporting, as these terms are defined in Section 010. The report will be filed with the Director along with the Communication of Internal Control Related Matters Noted in an Audit described under Section 018. Management’s Report of Internal Control over Financial Reporting will be as of December 31 immediately preceding. (3-31-22)
02. RBC Level or Other Event. Notwithstanding the premium threshold in Subsection 023.01 of this rule, the Director may require an insurer to file Management’s Report of Internal Control over Financial Reporting if the insurer is in any RBC level event, or meets any one (1) or more of the standards of an insurer deemed to be in hazardous financial condition as defined in IDAPA 18.07.05, “Director’s Authority for Companies Deemed to be in Hazardous Financial Condition.” (3-31-22)
03. Section 404. An insurer or a group of insurers may file its or its parent’s Section 404 Report and an addendum in satisfaction of this Section 023 requirement provided that those internal controls of the insurer or group of insurers having a material impact on the preparation of the insurer’s or group of insurers’ audited statutory financial statements (those items included in Subsections 012.02 through 012.07 of this rule) were included in the scope of the Section 404 Report. The addendum will be a positive statement by management that there are no material processes with respect to the preparation of the insurer’s or group of insurers’ audited statutory financial statements (those items included in Subsections 012.02 through 012.07 of this rule) excluded from the Section 404 Report. If there are internal controls of the insurer or group of insurers that have a material impact on the preparation of the insurer’s or group of insurers’ audited statutory financial statements and those internal controls were not included in the scope of the Section 404 Report, the insurer or group of insurers may either file: (3-31-22)
a. A Section 023 report; or (3-31-22)
b. The Section 404 Report and a Section 023 report for those internal controls that have a material impact on the preparation of the insurer’s or group of insurers’ audited statutory financial statements not covered by the Section 404 Report, providing the insurer or group of insurers is: (3-31-22)
i. Directly subject to Section 404; (3-31-22)
ii. Part of a holding company system whose parent is directly subject to Section 404; (3-31-22)
iii. Not directly subject to Section 404 but is a SOX Compliant Entity; or (3-31-22)
iv. A member of a holding company system whose parent is not directly subject to Section 404 but is a SOX Compliant Entity. (3-31-22)
04. Requisite Elements. Management’s Report of Internal Control over Financial Reporting will include: (3-31-22)
a. A statement that management is responsible for establishing and maintaining adequate Internal control over financial reporting; (3-31-22)
b. A statement that management has established Internal control over financial reporting and an assertion, to the best of management’s knowledge and belief, after diligent inquiry, as to whether its Internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles; (3-31-22)
c. A statement that briefly describes the approach or processes by which management evaluated the effectiveness of its Internal control over financial reporting; and (3-31-22)
d. A statement that briefly describes the scope of work that is included and whether any internal controls were excluded; (3-31-22)
e. Disclosure of any unremediated material weaknesses in the Internal control over financial reporting identified by management as of December 31 immediately preceding. Management is not permitted to conclude that the Internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one (1) or more unremediated material weaknesses in its Internal control over financial reporting; (3-31-22)
f. A statement regarding the inherent limitations of internal control systems; and (3-31-22)
g. Signatures of the chief executive officer and the chief financial officer (or equivalent position/title). (3-31-22)
05. Documentation by Management. Management will document and make available upon financial condition examination the basis upon which its assertions, prescribed in Subsection 023.04 of this rule, are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities. Management may have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation. Management’s Report on Internal Control over Financial Reporting, prescribed by Subsection 023.01 of this rule, and any documentation provided in support thereof during the course of a financial condition examination, will be kept confidential by the Idaho Department of Insurance. (3-31-22)
01. Exemptions Not Otherwise Provided. Upon written application of any insurer, the Director may grant an exemption from compliance with any and all provisions of this rule if the Director finds, upon review of the application, that compliance with this rule would constitute a financial or organizational hardship upon the insurer. An exemption may be granted at any time and from time to time for a specified period or periods. Within ten (10) days from a denial of an insurer’s written request for an exemption from this chapter, the insurer may request in writing a hearing on its application for an exemption. The hearing will be held in accordance with the IDAPA 04.11.01, “Idaho Rules of Administrative Procedure of the Attorney General,” pertaining to administrative hearing procedures. (3-31-22)
02. Alternate Effective Date for Section 021 [Requirements for Audit Committees]. An insurer or group of insurers that is not prescribed to have independent Audit committee members or only a majority of independent Audit committee members (as opposed to a supermajority) because the total written and assumed premium is below the threshold and subsequently becomes subject to one (1) of the independence requirements due to changes in premium will have one (1) year following the year the threshold is exceeded to comply with the independence requirements. Likewise, an insurer that becomes subject to one (1) of the independence requirements as a result of a business combination will have one (1) calendar year following the date of acquisition or combination to comply with the independence requirements. (3-31-22)
03. Effective Date for Section 023 [Management’s Report of Internal Control Over Financial Reporting]. An insurer or group of insurers that is not prescribed to file a report because the total written premium is below the threshold and subsequently becomes subject to the reporting requirements will have two (2) years following the year the threshold is exceeded to file a report. Likewise, an insurer acquired in a business combination will have two (2) calendar years following the date of acquisition or combination to comply with the reporting requirements. (3-31-22)
01. Annual Audited Financial Report. In the case of Canadian and British insurers, the annual audited financial report is defined as the annual statement of total business on the form filed by such companies with their supervision authority duly audited by an independent chartered accountant. (3-31-22)
02. Letter Requisite in Section 013. For such insurers, the letter prescribed in Section 013 states that the accountant is aware of the requirements relating to the annual Audited statement filed with the Director pursuant to section 011 and affirms that the opinion expressed is in conformity with such requirements. (3-31-22)
01. Exemption. An insurer is exempt from the requirements of this section if: (3-31-22)
a. The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than five hundred million dollars ($500,000,000); and (3-31-22)
b. If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than one billion dollars ($1,000,000,000). (3-31-22)
02. Function. The insurer or group of insurers need to establish an internal audit function providing independent, objective and reasonable assurance to the audit committee and insurer management regarding the insurer’s governance, risk management and internal controls. This assurance will be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations. (3-31-22)
03. Independence. In order to ensure that internal auditors remain objective, the internal audit function needs to be organizationally independent. Specifically, the internal audit function will not defer ultimate judgment on audit matters to others, and will appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships. (3-31-22)
04. Reporting. The head of the internal audit function will report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function’s independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings. (3-31-22)
05. Additional Requirements. If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level. (3-31-22)
In addition to the requirements in this rule, unless otherwise prescribed or permitted, the minimum reserve standards for individual and group health insurance contracts set forth in the NAIC Accounting Practices and Procedures Manual apply to all individual and group health (disability) insurance coverages including single premium credit disability insurance. All other credit insurance is not subject to this section. (3-31-22)
028. -- 999. (RESERVED)