model audit imgThe Model Audit Rule´s (MAR) purpose is to improve each state´s insurance department´s surveillance of the insurers financial conditions by requiring (1) an annual audit of financial statements reporting the financial position and the results of operations of insurers by independent certified public accountants, (2) communications of internal control related matters noted in an audit, and (3) management´s report on internal controls over financial reporting. Every insurer is subject to this regulation.

The Model Audit Rule differs from Sarbanes-Oxley Section 404 in that an insurer´s external auditor is not required to provide an attestation report on the effectiveness of internal controls over financial reporting. This difference significantly reduces the efforts required by external auditors and associated costs that would be incurred.


"Under Section 16 of the Model Audit Rule, management must file a report with its state insurance department regarding its assessment of internal controls over the statutory financial statement process. If an insurer is SOX 404 compliant or is a subsidiary of an entity that is SOX 404 compliant, the company will be able to file its stand alone or parent company SOX 404 report to satisfy the Section 16 requirement. However, if the SOX 404 report has failed to satisfy the Section 16 requirement, an addendum is required with the Section 16 report. The addendum must include a positive statement stating there are no material processes related to the preparation of the statutory financial statements that were excluded from the SOX 404 assessment process."

- Weaver and Tidwell, L.L.P, The NAIC’s New Model Audit Rule

The requirements of Management´s Report of ICFR include statements that:

Confirm management´s responsibility for implementing and maintaining ICFR

Detail scope of work included and whether any controls were excluded

Explain the inherent limitations of internal control systems

Describe the approach used to evaluate ICFR effectiveness

Describe any un-remediated material weaknesses that exist as of the balance sheet date

Report signatures of the chief executive officer and chief financial officer or equivalent position/title


CIMCON Software solutions support MAR by providing insurance companies with the ability to bring EUCs including spreadsheets under internal control for accurate financial reporting. This is accomplished through:

Multiple levels of review, audit trails, reason fields, electronic signatures, and accountability

Electronic signatures with user ID, passwords which provide an audit trail that enables accountability of data

Review changes commands that provide an e-signature that can be used for final review and sign-off