Current through Register Vol. 46, No. 45, November 2, 2024
Section 89.16 - Internal audit function requirements(a) A company shall establish an internal audit function, which shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.(b) In order to ensure that internal auditors remain objective, the internal audit function shall be organizationally independent. The internal auditors shall not defer ultimate judgment on audit matters to other persons, and shall appoint an individual to head the internal audit function who shall have direct and unrestricted access to the board of directors. Organizational independence shall not preclude dual-reporting relationships.(c) The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic internal audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed internal audits, and the appropriateness of corrective actions implemented by management as a result of internal audit findings.(d) If a company is a member of a group of companies, then the company may satisfy the internal audit function requirements set forth in this section at the ultimate group level, an intermediate group level, or the individual legal entity level; provided, however, that the company may only satisfy the internal audit function requirements at the ultimate group level or intermediate group level if the internal audit function addresses risk management, control, and governance processes of the company.(e) A company shall be exempt from the requirements of this section if: (1) the company has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $500 million; and(2) the company is a member of a group of companies and the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $1 billion.(f) If a company that is exempt from the requirements of this section no longer qualifies for that exemption, then the company shall have one year after the year the threshold is exceeded to comply with the requirements of this section.N.Y. Comp. Codes R. & Regs. Tit. 11 § 89.16
Renumbered to 89.17 New York State Register May 13, 2020/Volume XLII, Issue 19, eff. 11/9/2020