Ins 50.155Ins 50.155 Internal audit function requirements. Ins 50.155(1)(1) An insurer is exempt from the requirements of this section if: Ins 50.155(1)(a)(a) The insurer has total annual direct written and unaffiliated assumed premiums, including international direct and assumed premiums but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and Ins 50.155(1)(b)(b) If the insurer is a member of a group of insurers, the group has total annual direct written and unaffiliated assumed premiums, including international direct and assumed premiums but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000. Ins 50.155(2)(2) An insurer or group of insurers shall establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and insurer management regarding the insurer’s governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations. Ins 50.155(3)(3) In order to ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function will not defer ultimate judgment on audit matters to others, and the insurer or group of insurers shall appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships. Ins 50.155(4)(4) The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings. Ins 50.155(5)(5) If an insurer is a member of an insurance holding company system, as defined in s. Ins 40.01 (6), or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level. Ins 50.16Ins 50.16 Conduct of insurer in connection with the preparation of required reports and documents. Ins 50.16(1)(1) No director or officer of an insurer shall, directly or indirectly: Ins 50.16(1)(a)(a) Make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review or communication required under this chapter. Ins 50.16(1)(b)(b) Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review or communication required under this chapter. Ins 50.16(2)(2) No officer or director of an insurer, or any other person acting under the direction thereof, shall directly or indirectly take any action to coerce, manipulate, mislead or fraudulently influence any independent certified public accountant engaged in the performance of an audit pursuant to this chapter if that person knew or should have known that the action, if successful, could result in rendering the insurer’s financial statements materially misleading. In this subsection, actions that “if successful, could result in rendering the insurer’s financial statements materially misleading” include actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an independent certified public accountant: Ins 50.16(2)(a)(a) To issue or reissue a report on an insurer’s financial statements that is not warranted in the circumstances, due to material violations of statutory accounting principles prescribed by the commissioner, generally accepted auditing standards, or other professional or regulatory standards. Ins 50.16(2)(b)(b) Not to perform audit, review or other procedures required by generally accepted auditing standards or other professional standards. Ins 50.16(2)(d)(d) Not to communicate matters to an insurer’s audit committee. Ins 50.16 HistoryHistory: CR 08-053: cr. Register December 2008 No. 636, eff. 1-1-09. Ins 50.17Ins 50.17 Management’s report of internal control over financial reporting. Ins 50.17(1)(1) Every insurer required to file an audited financial report pursuant to this subchapter that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $ 500,000,000 or more shall prepare a report of the insurer’s or group of insurers’ internal control over financial reporting as the terms are defined in s. Ins 50.01. The report shall be filed with the commissioner along with the Communication of Internal Control Related Matters Noted in an Audit described in s. Ins 50.12. Management’s report of internal control over financial reporting shall be as of December 31 immediately preceding. Ins 50.17(2)(2) Notwithstanding the premium threshold in sub. (1), the commissioner may require an insurer to file management’s report of internal control over financial reporting if the insurer is in any risk based capital event as described in s. Ins 51.01, or the insurer is in financially hazardous condition. Ins 50.17(3)(3) In lieu of the management’s report of internal control over financial reporting, an insurer or a group of insurers may file a report described in sub. (4) if any of the following criteria are applicable: Ins 50.17(3)(b)(b) The insurer is part of a holding company system whose parent is directly subject to Section 404. Ins 50.17(3)(c)(c) The insurer is not directly subject to Section 404 but is a SOX Compliant Entity. Ins 50.17(3)(d)(d) The insurer is a member of a holding company system whose parent is not directly subject to Section 404 but is a SOX Compliant Entity. Ins 50.17(4)(4) An insurer qualifying under sub. (3) may file its or its parent’s Section 404 report and an addendum in satisfaction of the requirements under sub. (1) or (2), provided that the internal controls of the insurer or group of insurers having a material impact on the preparation of the insurer’s or group of insurer’s audited statutory financial statements, those items included in s. Ins 50.06 (2) (b) to (3), were included in the scope of the Section 404 report. The addendum shall be a positive statement by management that there are no material processes with respect to the preparation of the insurer’s or group of insurers’ audited statutory financial statements, those items included in s. Ins 50.06 (2) (b) to (3), excluded from the Section 404 report. If there are internal controls of the insurer or group of insurers that have a material impact on the preparation of the insurer’s or group of insurers’ audited statutory financial statements and those internal controls were not included in the scope of the Section 404 report, the insurer or group of insurers may either file: