Citizens Clearinghouse Project Audit

Similar documents
AUDIT REPORT. Citizens Insurance Suite Check Printing Audit Opinion: Needs Improvement. June 11, 2015

INVESTIGATION REPORT. Secondary Employment Policy Violation. Date: May 23, Report Number: CPIC Report Number: CPIC

AUDIT REPORT. Corporate Access and Identity Management Project Audit Opinion: Satisfactory. July 31, 2015

MANAGEMENT ADVISORY SERVICE REPORT

AUDIT REPORT. Service Desk and Problem Management Audit Opinion: Satisfactory. November 14, Report Number: 2014-IT-04

AUDIT REPORT. Cloud Software as a Service (SaaS) Procurement and Governance Audit. June 9, 2016

AUDIT REPORT. Citizens Data Warehouse Audit Opinion: Needs Improvement. Date: June 9, Report Number: 2014-AUD-IT-01

AUDIT REPORT. Legal Billing Compliance. July 29, Report Number: 2015-AUD-09 Legal Billing Compliance

FORENSIC AUDIT REPORT. Legal Defense Billing Audit Opinion: Unsatisfactory. Date: May 31, Report Number: 2013-AUD-15

INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION. Information Technology Operational Audit

Audit Plan Update. Percentage of Total Budgeted Hours. Adjusted Budgeted Hours. Actual YTD. Audit & MAS 8,066 8,366 38% 7, % 2012 Carry Over

5/25/2011. Citizens Property Insurance Corporation:

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

CHAPTER Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

REQUEST FOR INFORMATION (RFI) RFI No FOR INFORMATION TECHNOLOGY DISASTER RECOVERY AND COLOCATION DATA CENTER SOLUTIONS

Citizens Property Insurance Corporation

OUTSOURCING DUE DILIGENCE FORM

Citizens Property Insurance Corporation: PCS Catastrophe Conference May 2011

2006 Florida property insurance legislation; Florida residual market and Catastrophe Fund deficits; expected assessments

03/14/2013 Compensation Update Citizens Property Insurance Corporation Board of Governors Meeting March 22, 2013

Communications and External Affairs Update

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

REPORT NO DECEMBER 2014 SURPLUS COMPUTER HARD DRIVE DISPOSAL PROCESSES AT SELECTED STATE AGENCIES. Information Technology Operational Audit

FLORIDA COMMISSION ON OFFENDER REVIEW (formerly Florida Parole Commission)

REPORT NO OCTOBER 2012 UNIVERSITY OF FLORIDA. Operational Audit

STATE OF NORTH CAROLINA

THE STATE OF FLORIDA

Audit of. District s Information Technology Disaster Recovery Plan

The silver lining: Getting value and mitigating risk in cloud computing

Summary of Conference Committee Report on Hurricane Preparedness and Insurance

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

REPORT NO OCTOBER 2013 DEPARTMENT OF FINANCIAL SERVICES DIVISION OF RISK MANAGEMENT STATE EMPLOYEE WORKERS COMPENSATION.

REPORT NO AUGUST 2009 SOUTH FLORIDA COMMUNITY COLLEGE. Operational Audit

Homeowners Insurance in the States

CASE MANAGEMENT SYSTEM

Florida Property Insurance Market Analysis and Recommendations

The New Florida Insurance Bill SB 130

DRAFT. Report to Governors on the Quality Report 2015/16. Royal United Hospitals Bath NHS Foundation Trust] Year ended 31 March May 2016

REPORT NO OCTOBER 2010 LAKE-SUMTER COMMUNITY COLLEGE. Operational Audit

11/15/06 12:20pm PROPERTY & CASUALTY INSURANCE REFORM COMMITTEE FINAL RECOMMENDATIONS (11/15/06)

INVITATION TO NEGOTIATE NO FOR PROPERTY CHARACTERISTICS WEB SERVICES

ADMINISTRATIVE MANUAL Subject: CORPORATE RESPONSIBILITY Directive #: Present Date: January 2011

OFFICE OF INSPECTOR GENERAL

August 2012 Report No

January 2005 Report No

James Walmsley, Senior Manager, Lloyd s International Market Access (extension 5131)

The United States spends more than $1 trillion each year on healthcare

Information Commissioner's Office

JANUARY 2006 REPORT NO AUDITOR GENERAL WILLIAM O. MONROE, CPA CITIZENS PROPERTY INSURANCE CORPORATION. Operational Audit

OFFICE OF FINANCIAL REGULATION COLLECTION AGENCY REGISTRATIONS MORTGAGE-RELATED AND CONSUMER COLLECTION AGENCY COMPLAINTS PRIOR AUDIT FOLLOW-UP

Legislative Audit Division State of Montana. Criminal Justice Information Network (CJIN)

October 20, Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division

REPORT NO OCTOBER 2013 SEMINOLE STATE COLLEGE OF FLORIDA. Operational Audit

HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS. Audit Report October 26, 2010

CHAPTER Committee Substitute for Committee Substitute for Senate Bill No. 708

A Risk Assessment Checklist for Medicaid State Agencies

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3

Information Technology General Controls And Best Practices

Office of Information Technology E-Government Services

SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012)

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No July 2015

Vendor Management Compliance Top 10 Things Regulators Expect

Vermont Mutual Insurance Company

FROM JANUARY 21, 2007

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA

CHAPTER Committee Substitute for Committee Substitute for Committee Substitute for Senate Bill No. 542

Maryland Health Insurance Plan

The Availability of Insurance in the Maine Property & Casualty Market 2015

Risk Management of Outsourced Technology Services. November 28, 2000

Fraud Risk Management Program Review

REPORT NO AUGUST 2012 CITIZENS PROPERTY INSURANCE CORPORATION

Judiciary Administrative Office of the Courts Data Center

SUMMARY OF AUDIT FINDINGS

Orange County Industrial Development Authority (a component unit of Orange County, Florida)

Internal Controls and Risk Management Report

City of Miami, Florida Management Letter in Accordance With Chapter , Rules of the Florida Auditor General

SUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, September 12, 2014

déjà vu: Revisiting the Collins Report Nearly 20 Years Later

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

Aberdeen City Council IT Security (Network and perimeter)

Business Management System Manual. Context, Scope and Responsibilities

HUMAN RESOURCES HEALTH INSURANCE AND CLAIMS AUDIT SEPTEMBER 30, 2013

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

John Dew, Executive Director Florida CCOC Barrington Circle Tallahassee, Florida

December 2013 Report No

VIRGINIA WORKERS COMPENSATION COMMISSION REPORT ON AUDIT FOR THE YEARS ENDED JUNE 30, 2006 AND JUNE 30, 2007

How quality assurance reviews can strengthen the strategic value of internal auditing*

Joint Audit Report for South Lakeland District Council. & Eden District Council

Audit Committee Charter

The ADT Corporation. Audit Committee Charter. December 2014

2016 CITIZENS STATUTE

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

REFERENCE ACTION ANALYST STAFF DIRECTOR or BUDGET/POLICY CHIEF. 1) Insurance & Banking Subcommittee 13 Y, 0 N, As CS Cooper Cooper

QUALITY MANAGEMENT POLICY & PROCEDURES

Information Technology Operational Audit UNIVERSITY OF SOUTH FLORIDA. Data Center. Report No November 2015

Senate: Not addressed, with Citizens Property Insurance Corporation remaining eligible for TICL

CFPB Readiness Series: Compliant Vendor Management Overview

September 2010 Report No An Audit Report on The Charitable Bingo Operations Division at the Texas Lottery Commission

Transcription:

Citizens Clearinghouse Project Audit Audit Opinion: Satisfactory November 26, 2013 Report Number 2013-AUD-08

Table of Contents Page Background 1 Audit Objectives and Scope 1 Individual Project Area Ratings 2 Future Project Deliverables 2 Audit Opinion 3 Audit Ratings 5 Distribution 6

Executive Summary Background During the 2013 session, the Florida Legislature passed SB 1770 which created section 627.3518 of the Florida Statutes. The bill states that in order to confirm eligibility with the corporation and to enhance access of new applicants for coverage and existing policyholders of the corporation to offers of coverage from authorized insurers, the corporation shall establish a program for personal residential risks in order to facilitate the diversion of ineligible applicants and existing policyholders from the corporation into the voluntary insurance market. Citizen s solution is to establish a Single Entry Multiple Carrier Interface (SEMCI) Clearinghouse, which will provide Florida s homeowners additional options for property insurance coverage in the private market. This will reduce the risk of considerably higher assessments to policyholders, and potentially all Floridians, following a major hurricane or several smaller storms. The new property insurance coverage clearinghouse, which is scheduled to be launched, beginning January 2014, will help agents for both new applicants and current Citizens policyholders identify available property insurance options in the private market. New insurance applicants receiving a private market offer for comparable coverage that is within 15% of Citizens quote will be required to obtain coverage with a private insurer. Citizen s policyholders will be ineligible for renewal with Citizens if the private carrier offers a rate equal to or less than the Citizen s offer for comparable coverage. The implementation of the clearinghouse has been identified as the highest priority project for Citizens. Bolt Solutions Inc. has been selected by the Citizens Board of Governors to provide the software platform linking private insurers with consumer insurance agents seeking to renew policies or purchase new coverage with Citizens. The cost of the Bolt contract is not to exceed $44.9 million over 10 years. Audit Objectives and Scope The Office of the Internal Auditor s primary focus is to actively participate in the planning, development and implementation phases of the Clearinghouse Project (the Project) in order to provide independent project assurance and support. The objective of the audit is to assess the efficiency and effectiveness of the project methodology and the project s implementation on an ongoing basis. The results of our audit to date are based upon interviews performed with management, direct observation, and review of applicable documents and testing of certain controls. Particular areas of focus included a review of the following: Project Management o Status Reporting Legal/Regulatory Compliance o Personal Information Privacy o Website Proper Disclosures o Right to Audit / Inspect Vendor o Customer Acknowledgment Form Training and Communication Vendor Contract Controls o Privacy, Confidentiality o Disaster Recovery/Business Continuity o Security Firewalls, Encryption, etc. o Liability Insurance Requirements 1

Executive Summary Individual Project Area Ratings Project Area/Deliverable Category Project Deliverable/Artifact Rating Legal/Compliance Vendor Contract, Storyboards, Legal Dept. Review Confirmation Satisfactory Vendor Personal Information Privacy Vendor Contract Satisfactory Vendor Website Proper Disclosures Storyboards / Legal Dept. Review Confirmation Satisfactory Vendor Right to Audit / Inspect Vendor Contract Satisfactory Project Management Project Management Plan document Satisfactory Status Reporting Weekly Status Reports Satisfactory Training and Communication Training and Communication Plans Satisfactory Vendor Contract Controls Vendor Contract / DRP / BCP Satisfactory Vendor Privacy, Confidentiality Vendor Contract Satisfactory Vendor Disaster Recovery/Business Continuity Vendor Contract / DRP / BCP Satisfactory Security Firewalls, Encryption, etc. Vendor Contract Satisfactory Vendor Liability Insurance Vendor Contract / Vendor Insurance Policies Satisfactory Future Project Deliverables As the Project is currently in flight and entering the development and implementation phases there are pending future deliverables planned for the project. The table below lists those deliverables that will be audited either on an ongoing basis or as the deliverables become available. Project Area/Deliverable Category Project Deliverable/Artifact Rating Implementation Commercial Lines Planning Commercial Lines Approach Report epas System Access Controls System Screen Scrape / Error Message OIA Review Internal Personnel - System Lockout - upon GO Live for new business System Screen Scrape / Error Message quotes/applications for HO3 Allowance for Mgt. override System Screen Scrape Legal/Compliance Vendor Contract / Storyboards Customer Acknowledgement of Offers Received Customer Acknowledgement Form / Storyboards Management Reporting Management Reports Ad-hoc / On - Demand Management Reports Compliance Management Reports Audit Log Audit Log Testing Test Plan OIA Review Vendor Management Vendor Internal Controls Service Organization Controls (SOC-1) / 2

Executive Summary Vendor IT - General/Application Controls Vendor Change Management Vendor Disaster Recovery Testing Results Vendor Security, Privacy, Confidentiality Statement on Standards for Attestation Engagements (SSAE 16) Report, Disaster Recovery Plan Testing Results, Insurance Policies Service Organization Controls (SOC-1) / Statement on Standards for Attestation Engagements (SSAE 16) Report Service Organization Controls (SOC-1) / Statement on Standards for Attestation Engagements (SSAE 16) Report Disaster Recovery Plan Testing Results Service Organization Controls (SOC-1) / Statement on Standards for Attestation Engagements (SSAE 16) Report Volume / Load Testing Vendor Volume/Load Testing Reports Vendor Go Live - both Bolt and Vendor Volume/Load Testing Reports Carriers Vendor Future Growth Vendor Volume/Load Testing Reports Audit Opinion The overall effectiveness of the processes and controls evaluated during the audit is rated as Satisfactory. Our audit of the Project Plan, the Action Items List, relevant documents and discussions with Project Team Members and Management, leads us to assess that the Project risks are being managed well and there are no major concerns or issues not being addressed that may impact implementation at this time in our audit. The Project Team has successfully performed, on a few occasions, a live Clearinghouse demonstration in the test environment, where the Agent interface could be observed and an external carrier and Citizens provided a real time quote to an Agent request. It is difficult for the OIA to ascertain with complete certainty whether the Project will be operationally ready to proceed with the required 'Go Live' date January 2, 2014. The projects overall status, as indicated by the Project Management Team, is a Yellow which means that all project deliverables may be at risk of being delivered at the time specified in the project plan due to the fast speed of development and the simultaneous work stream development methodology used to meet the regulatory implementation deadline. Project Management has not been in a position to fully develop a delivery plan to correct the overall project status to Green and has noted the project is to remain in the Yellow status for the remainder of the project s implementation to January 2, 2014. The OIA has noted certain risks associated with the successful delivery of the Project within the timeframe specified by SB 1770 : 3

Executive Summary 1. Carrier Load Capacity: The risk involves the carrier s ability to handle in a timely manner the volume of quotes that will be generated on a daily basis by the Clearinghouse. Bolt Project Team is gathering carrier quoting load capacity testing information in order to assess the level of quoting capacity risk. We would like to thank management and staff for their cooperation and professional courtesy throughout the course of this audit. 4

Appendix 1 Definitions Audit Ratings Satisfactory: Critical internal control systems are functioning in an acceptable manner. There may be no or very few minor issues, but their number and severity relative to the size and scope of the operation, entity, or process audited indicate minimal concern. Corrective action to address the issues identified, although not serious, remains an area of focus. Needs Improvement: Internal control systems are not functioning in an acceptable manner and the control environment will require some enhancement before it can be considered as fully effective. The number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate some significant areas of weakness. Overall exposure (existing or potential) requires corrective action plan with priority. Unsatisfactory: One or more critical control deficiencies exist which would have a significant adverse effect on loss potential, customer satisfaction or management information. Or the number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate pervasive, systemic, or individually serious weaknesses. As a result the control environment is not considered to be appropriate, or the management of risks reviewed falls outside acceptable parameters, or both. Overall exposure (existing or potential) is unacceptable and requires immediate corrective action plan with highest priority. 5

Appendix 2 Distribution Addressees Sarah Harrell, Program Director Citizens Clearinghouse Project Steve Bitar, Vice President of Agent and Consumer Services Copies Tom Lynch, Citizens Audit Committee Chairman John Wortman, Citizens Audit Committee Member Juan Cocuy, Citizens Audit Committee Member Yong Gilroy, Chief Insurance Officer Barry Gilway, President/CEO/Executive Director Dan Sumner, General Counsel Kelly Booten, Chief Systems & Operations Curt Overpeck, Chief Information Officer Christine Ashburn, Vice President of Communications John Rollins, Chief Risk Officer Deborah Kearney, Ethics and Compliance Officer Jennifer Montero, Chief Financial Officer Johnson Lambert, LLP (External Auditors) Following Audit Committee Distribution The Honorable Rick Scott, Governor The Honorable Jeff Atwater, Chief Financial Officer The Honorable Pam Bondi, Attorney General The Honorable Adam Putnam, Commissioner of Agriculture The Honorable Don Gaetz, President of the Senate The Honorable Will Weatherford, Speaker of the House of Representatives Audit Performed By Sr. IT Internal Auditor Audit Director Under the Direction of Chris Chester John Fox Joe Martins Chief of Internal Audit 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information