IT General Controls for NAIC MAR Programs
The Model Audit Rule (MAR) requires that insurance operations have a sound information technology landscape. Information Technology General Controls (ITGCs) play a crucial role in achieving these objectives. ITGC controls support financial practices and ensure accurate and timely financial reports in the insurance industry.
The focus of this CPE training program includes details of:
1. Access Controls: This involves implementing controls to ensure that access to information systems and data is restricted to authorized personnel only. This includes measures such as user authentication, password policies, and access permissions.
2. Change Management Controls: This involves implementing controls to manage changes to information systems and data. This includes measures such as change authorization, testing, and documentation.
3. Data Backup and Recovery Controls: This involves implementing controls to ensure that data is backed up regularly and can be recovered in the event of a disaster or system failure.
4. Program Development and Maintenance Controls: This involves implementing controls to ensure that software programs are developed and maintained in a secure and controlled manner. This includes measures such as secure coding practices, version control, and program testing.
5. IT Operations Controls: This involves implementing controls to ensure the smooth and efficient operation of information systems. This includes measures such as monitoring system performance, managing hardware and software, and implementing system redundancy.
6. IT Security Controls: This involves implementing controls to protect information systems and data from unauthorized access, theft, or damage. This includes measures such as firewalls, antivirus software, intrusion detection and prevention systems, and security awareness training.
Overall, the training event aimed to equip participants with the knowledge and skills necessary to implement effective ITGCs for NAIC MAR Programs.
Each attendee will receive 2 Auditing CPE Hours (YB). A certificate of completion will be provided.
Details on Event Presentation
The sessions will be as follows:
Mondays – 10:00 a.m. to 12:00 noon CST
We can schedule private events on your timetable for two or more attendees.
CPE Event Highlights
This CPE program is designed to provide participants with the knowledge and skills necessary to implement effective IT General Controls (ITGCs) in the insurance industry, in compliance with the Model Audit Rule.
The program covers key topics such as access controls, change management, data backup and recovery, program development and maintenance, IT operations, and IT security.
The program also includes case studies and best practices related to the implementation of ITGCs, and guidance on how to prepare for and manage compliance audits related to ITGCs. Participants will gain an understanding of the purpose of the Model Audit Rule (MAR) and the importance of ITGCs in achieving its objectives.
By completing this program, participants will be better equipped to ensure the accuracy and integrity of their financial reporting, and to promote sound accounting practices in the insurance industry. The program is suitable for professionals involved in financial reporting and compliance in the insurance industry, including auditors, accountants, and financial analysts.
1. Understand the purpose of the Model Audit Rule (MAR) and the importance of ITGCs in achieving its objectives.
2. Recognize the key provisions of MAR related to the implementation of ITGCs.
3. Identify the different types of ITGCs that need to be implemented to ensure the accuracy and integrity of financial reporting data.
4. Develop a comprehensive ITGC framework that covers key areas such as access controls, change management, data backup and recovery, program development and maintenance, IT operations, and IT security.
5. Establish policies and procedures for the implementation and monitoring of ITGCs.
6. Conduct periodic testing of ITGCs to ensure that they are operating effectively.
7. Assign responsibility for the implementation and monitoring of ITGCs to qualified personnel.
Key Issues on the Agenda
- Brief overview of Model Audit Rule
- Importance of ITGCs for insurance companies
- Key objectives of the training presentation
II. Understanding ITGCs
- Define ITGCs
- Access Controls
- Change Management Controls
- Data Backup and Recovery Controls
- Program Development and Maintenance Controls
- IT Operations Controls
- IT Security Controls
III. ITGCs Implementation
- Steps involved in developing an ITGC program
- Resources needed for program implementation
- Common challenges
IV. Annual Assessment Required by MAR
- Purpose of the Annual Assessment
- Key elements in the Assessment
- Summary of key points
- Next steps for attendees
NASBA Program Disclosure
Program Level of Understanding: Basic to Intermediate Prerequisites: None
Advance Preparation: None
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: Auditing
CPE Credits: 2, based on 50 minutes of instruction per hour.
Summary of the Subject Matter
This CPE program focuses on IT general controls for NAIC MAR programs, providing attendees with an in-depth understanding of how to effectively manage IT risks and support internal audit processes. The program covers the fundamentals of IT general controls, including access controls, change management, and the system development life cycle, as well as how they relate to the MAR program. Attendees will learn how to design and implement effective IT general control processes, as well as how to assess their effectiveness through testing and monitoring. The program also covers best practices for integrating IT general controls into the overall MAR program, as well as how to address common IT-related audit findings.
The program is designed for IT and internal audit professionals responsible for managing IT risks in insurance companies.