Starting in 2011 (for the 2010 reporting period), many private insurance firms will have to submit reports to the NAIC to certify their internal control over financial reporting (ICFR). Similar to SOX 404 for public companies, the NAIC Model Audit Rule requires the CEO and CFO to certify the effectiveness of ICFR and disclose any material weaknesses. Although adoption of the Model Audit Rule will be on a state by state basis, one of the key areas of auditor scrutiny under SOX 404 has been over the effectiveness of Spreadsheet and End-user Computing (EUC) Controls.
Leading audit firms recommend that companies take a proactive approach to Spreadsheet & EUC Controls in preparing for the NAIC Model Audit Rule, and there are several resources available from Deloitte and Protiviti on the subject.
On the technology side, Prodiance recently hosted an online seminar on this topic entitled “Spreadsheets and the NAIC Model Audit Rule” and published a complementary white paper:
Both the online seminar and white paper promote an automated approach using spreadsheet and EUC control software to help sustain compliance with NAIC Model Audit Rule mandates.
Additional Resources:
Eric Perry
