§ 147.8a. Internal audit function requirements.
(a) Exemption. An insurer is exempt from the requirements of this section if:
(1) The insurer meets the following requirements:
(i) Has annual direct written and unaffiliated assumed premium, including international direct and assumed premium excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500 million.
(ii) If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium including international direct and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1 billion.
(2) It is a continuing care provider licensed to transact business in this Commonwealth under the Continuing-Care Provider Registration and Disclosure Act (40 P.S. § § 3201—3225).
(b) Function. The insurer or group of insurers shall establish an internal audit function that provides independent, objective and reasonable assurance to the audit committee and the insurer’s management regarding the insurer’s governance, risk management and internal controls. This function includes the performance of general and specific audits, reviews and tests and employ other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(c) Independence. To ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function may not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(d) Reporting. The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function’s independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.
(e) Additional requirements. If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements in this section at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level.
Authority The provisions of this § 147.8a issued under the authority of sections 206, 506, 1501 and 1502 of The Administrative Code of 1929 (71 P.S. § § 66, 186, 411 and 412); sections 320, 630, 1007 and 2452 of The Insurance Company Law of 1921 (40 P.S. § § 443, 764a, 967 and 991.2452); sections 205 and 206 of The Pennsylvania Fair Plan Act (40 P.S. § § 1600.205 and 1600.206); section 731 of the Medical Care Availability and Reduction of Error (MCARE) Act (40 P.S. § 1303.731); 40 Pa.C.S. § § 6125, 6331 and 6701; sections 11 and 14 of the Health Maintenance Organization Act (40 P.S. § § 1561 and 1564); and sections 7 and 25 of the Continuing-Care Provider Registration and Disclosure Act (40 P.S. § § 3207 and 3225).
Source The provisions of this § 147.8a adopted December 16, 2016, effective January 17, 2017, 46 Pa.B. 7819.
Cross References This section cited in 31 Pa. Code § 147.3a (relating to requirements for audit committees); and 31 Pa. Code § 147.13 (relating to effective date and exemption).
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.
