Video Game

Effective NAIC MAR Programs

Offered in-person in various cites each month on Thursday-Fridays in two eight hour CPE events


This in-person CPE course is focused on how to address Model Audit Rule (MAR) annual ICFR assessment and triennial enterprise risk management evaluation using the COSO frameworks (COSO 2013 and COSO ERM) and COBIT.

This 16 CPE in-person event is designed for compliance managers, controllers, CFOs and others who have the responsibility for the insurance organization's internal control framework.


The CPE event uses as its knowldege sources the NAIC Model Audit Rule and the NAIC Financial Condition Examiners Handbook. These documents drive the examination of activities of the Insurance Department auditors. .

Learn how to comply using a cost effective approach to address your compliance needs under the NAIC Model Audit Rule (MAR) requirements. These requirements concern both the annual filings but also the Insurance Commissioner's approach using the Financial Condition Examiners Handbook for the triennial exams.


Each attendee will have access to a set of 55 documents that were used to create the workshop.

This course is designed for professionals experienced in working with internal controls and ERM programs.


Each attendee will receive 16 Auditing CPE Hours (YB). A certificate of completion will be provided.


The retail cost of this CPE event is $1,395.00 for each attendee.

Program Level of Understanding: Intermediate to Advanced
Prerequisites: Participants should come with a knowledge of internal control frameworks.
Advance Preparation: A number of documents will be provided in advance.
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: Auditing
CPE Credits: 16, based on 50 minutes of instruction per hour

Who should attend?

This two day in-person CPE event is designed for the project director, project leader and individuals who have to create effective cybersecurity program and the related documents for an insurance organization. Each attendee will go home with a set of 35 documents that were used to create the academy.

CPE Event Highlights

We will cover the elements of an effective cybersecurity program:

  • Review the contents of the COSO ERM and COSO 2013 frameworks

  • Top Down Risk Based Methodology Defined

  • Best Practices to Documentation and Assessment

  • Entity Level Control Documentation

  • Risk Assessment Documentation

  • How to Manage Communication with External Auditors and Audit Committee

  • Workshops focused on Major Deliverables

Learning Objectives

Attendees will:

  • Understand risk assessments from the insurance accounting viewpoint

  • See how to effectively implement top down internal controls

  • Learn the compliance requirements of the NAIC Model Audit Rule

  • Discuss relationship with their external auditors under the Model Audit Rule

  • Identify methods for improving their internal control frameworks


Key Issues on the Agenda

Introduction and Background

  • Introductions

  • Internal Control Terminology

  • NAIC Prospective on Internal Control over Financial Reporting (ICFR)

Section 1 - NAIC Model Audit Rule (MAR)

  • Overview of the Model Audit Rule

  • Annual Financial Reporting Model Regulation (MAR) by Section

Section 2 - Top-Down vs. Control-Based Compliance

  • NAIC Risk Assessment

  • NAIC Risk Mitigation Strategy

Section 3 - NAIC Model Audit Guidance

  • NAIC's Financial Condition Examiners Handbook

  • CMMI Levels of Maturity

Section 4 - Internal Control Methodologies

  • COSO Internal Control Framework

  • COBIT Framework

Section 5 - Entity-Level Controls - Risk Assessment

  • COSO Top Down Approach

  • NAIC's Prospective

  • NAIC's Exam Phase 1

  • COSO Risk Assessment Component

  • Specific Financial Reporting Objectives

  • Financial Reporting Risks

  • Fraud Risks

Section 6 - Entity-Level Controls - Control Environment

  • Tone at the Top

  • COSO Control Environment Component

  • Integrity and Ethical Values

  • Board of Directors

  • Management's Philosophy & Operating Style

  • Organizational Structure

  • Financial Reporting Competencies

  • Authority and Responsibility

Section 7 - Entity-Level Controls - The Supporting Components

  • COSO Control Activities Component

  • Integration with Risk Assessment

  • Selection & Development of Control Activities

  • Policies and Procedures

  • Information Technology

  • COSO Information & Communication Component

  • Financial Reporting Information

  • Internal Control Information

  • Internal Communication

  • External Communication

  • COSO Monitoring Component

  • Ongoing and Separate Evaluations

  • Reporting Deficiencies

Section 8 - Business Process Controls and Testing

  • Key Elements of ICFR

  • Business Processes & Cycles

  • Testing Standards

Section 9 - Information Technology General Controls


  • NAIC's Prospective on IT Controls

Section 10 - Management's Assessment

  • Knowledge Transfer to Auditors

  • Management's Assessment

Section 11 - Going Forward