Skip to content

Spotlight on Controls and Internal Audit Departments

Jan 11, 2023

It’s no secret that in recent years, insurance regulators across the country have focused more on insurers’ ability to maintain an operating environment with quality internal controls. The evolution began over time, tracing back several years to the regulatory transition to risk-focused examinations mandated in 2010. This change incorporated necessary examinations into the National Association of Insurance Commissioners (“NAIC”) Accreditation process that state insurance departments must pass to be Accredited by the NAIC.

With a continued focus on controls and corporate governance through the passage of guidance, including the Model Audit Rule (MAR), Own Risk Solvency Assessment (ORSA), and the Corporate Governance Annual Disclosure Model Regulation (CGAD), a requirement for organizations to produce accurate and reliable information remains. Because of the heightened focus on internal audit departments, the need for an internal audit department to manage and monitor controls and deliver reports to management and governance about effectively mitigating identified risks has never been greater.

Why Does My Organization Need an Internal Audit?

As regulators emphasize controls and risk mitigation strategies during their examination process, it’s not a giant leap to quickly understand why an internal audit department is crucial to assessing risk mitigation. Having a robust internal audit department can not only save a company from the headache of regulatory issues but can provide management and governance with a much deeper understanding of the effectiveness of their risk mitigation strategies, ultimately saving companies time, money, and helping leadership sleep better at night.

A fundamental component of an internal audit is its ability to uncover deficiencies and inefficiencies in a company’s operations — including internal controls, corporate governance, compliance, and accounting processes — before they are brought to light by an external audit* or regulatory examination. Controls put into place often help improve operational efficiency by allowing management to explore specific areas of its operations. This ensures that policies and procedures are accurately followed, budgets are adhered to, potential capital shortages are identified, and accurate reporting is generated for leadership — all of which are potentially positive outcomes of an internal audit.

Where Do I Start?

Where you start all depends on where you are in the evolution of your internal audit department. As the purpose of an internal audit is to provide management and the board of directors with information about the business, the scope of the audit can be as broad or limited as needed and tailored accordingly. A benefit of an internal audit is that it can be performed entirely in-house, outsourced, or some combination of the two. While, historically, internal audits are performed primarily in-house, it may be wise to outsource certain risk areas to an audit firm that can provide you with additional support and resources. This is especially wise if your business has rapidly grown, everyday accounting is a struggle, or there is a potential for fraud within the organization.

Questioning if an internal audit is in the best interest of your organization? Contact your CRI advisor to discuss the options. We’re available to talk you through the options, including whether hiring internally, outsourcing, or co-sourcing your internal audit function is the right move for you and your organization. In addition, our team of accounting experts is equipped to help continuously improve our clients’ processes and internal controls. With our in-depth industry expertise and knowledge, you’re assured of seeing an increase in your organization’s bottom line.

Relevant insights

Join Our Conversation

Subscribe to our e-communications to receive the latest accounting and advisory news and updates impacting you and your business.

By proceeding, you are agreeing to the terms and conditions in the Carr, Riggs and Ingram Privacy Policy.

This field is for validation purposes and should be left unchanged.