Our IT professionals bring many decades of combined experience to the IT examination process. Our team members include former leaders of insurance company IT Internal Audit departments, a former Chief Information Security Officer, insurance company IT operational leaders, and former Big-4 and tier 1 consulting firm IT auditors.
RRC’s IT professionals understand that all insurers have unique aspects to their IT environments and corresponding controls, so they are able to quickly identify and evaluate an insurer’s IT processes and controls, tying them to the business process they support. They are intimately familiar with the guidance set forth in the NAIC Financial Condition Examiners Handbook in order to determine the proper scope of IT General Control procedures and documentation using the required Handbook exhibits.
During independent ITGC testing, our IT specialists employ a range of techniques efficiently develop an independent understanding of a company’s ITGC design and implementation. Our IT professionals understand the importance of completing the IT review in a timely manner prior to the completion of Phase 2 to comply with the NAIC’s Accreditation Standards.
RRC’s team of IT specialists is also familiar with new regulatory requirements such as 23 NYCRR 500, “CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES”, incorporating these new aspects into cybersecurity compliance reviews. In addition, our IT professionals are actively following the states’ adoption of the NAIC’s Data Security Model Law as those requirements become applicable.
We are thought leaders, delivering numerous presentations and webinars each year on topics such as cybersecurity, contingency planning, application security, and data integrity. We actively support NAIC initiatives, including volunteering periodically in support of the Information Technology Examination Working Group’s endeavors, and have delivered customized training to insurance departments across the country on various IT related hot topics.