SOFE Examiner: IT Review Considerations for Small Insurance Companies
The following is an excerpt from an article written by Uso Sayers, CISA for the Society of Financial Examiners (SOFE) Spring 2019 issue of The Examiner professional magazine. The full article can be found at www.sofe.org in the Members Only section of the website.
“In closing, IT Reviews of small insurance companies can be challenging and may have budget limitations, but they still require the same level of understanding as with larger entities. The best practice feedback that can be provided as a result of an IT Review for smaller company can be very important and valuable as the costs associated with an IT exam can be burdensome to small insurers. As smaller companies have less IT resources, IT Examiners will need modified considerations for the IT Review. The use of the work of others such as external auditors or internal auditors, may not be applicable and the level of independent IT testing needed may increase as SOC Reports or other audit workpapers are not available. In addition, when working with smaller insurers, the Handbook Exhibit C, Part Two ITGC work program may need to be modified to fit the company better as the small insurer may not have any formalized IT general controls in place. Despite these challenges, an IT review of a small insurance company helps financial examiners determine whether IT system data, system reports, and automated controls can be relied upon to perform financial examination procedures.”