§ 58‑10‑190.  Definitions.

As used in this Part:

(1) "Accountant" or "independent certified public accountant" means an independent certified public accountant or accounting firm in good standing with the American Institute of Certified Public Accountants (AICPA) and in all states in which he or she is licensed to practice; for Canadian and British companies, it means a Canadian‑chartered or British‑chartered accountant.

(2) An "affiliate" of, or person "affiliated" with, a specific person has the same meaning set forth in G.S. 58‑19‑5.

(3) "Audit committee" means a committee, or equivalent body, established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or group of insurers, any internal audit function of the insurer or group of insurers, and external audits of financial statements of the insurer or group of insurers. The audit committee of any entity that controls a group of insurers may be deemed to be the audit committee for one or more of these controlled insurers at the election of the controlling person as provided in G.S. 58‑10‑245(f). If an audit committee is not designated by the insurer, the insurer's entire board of directors shall constitute the audit committee.

(4) "Audited financial report" means and includes those items specified in G.S. 58‑10‑200.

(5) "Controlling person" has the same meaning set forth in G.S. 58‑19‑5.

(6) "Group of insurers" means those licensed insurers included in the reporting requirements of Article 19 of this Chapter, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.

(7) "Indemnification" means an agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting from other known misrepresentations made by the insurer or its representatives.

(8) "Insurer" means any insurance entity as identified in Articles 7, 8, 11, 15, 17, 23, 24, 25, 26, 65, and 67 of this Chapter and regulated by the Commissioner.

(8a) "Internal audit function" means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

(9) "Internal control over financial reporting" means a process effected by an entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, that is, those items specified in G.S. 58‑10‑200(b)(2) through G.S. 58‑10‑200(b)(6) and includes those policies and procedures that meet all of the following criteria:

a. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets.

b. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements, that is, those items specified in G.S. 58‑10‑200(b)(2) through G.S. 58‑10‑200(b)(6) and that receipts and expenditures are being made only in accordance with authorizations of management and directors.

c. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of assets that could have a material effect on the financial statements, including those items specified in G.S. 58‑10‑200(b)(2) through G.S. 58‑10‑200(b)(6).

(10) "SEC" means the United States Securities and Exchange Commission, or any successor agency.

(11) "Section 404" means Section 404 of the Sarbanes‑Oxley Act of 2002 and the SEC's rules and regulations promulgated under that act.

(12) "Section 404 report" means management's report on "internal control over financial reporting" as defined by the SEC and the related attestation report of the independent certified public accountant as described in Section 3A of the Sarbanes‑Oxley Act of 2002.

(13) "SOX‑compliant entity" means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes‑Oxley Act of 2002: (i) Section 202. Preapproval requirements of Title II, Auditor Independence; (ii) Section 301. Audit Committees independence requirements of Title III, Corporate Responsibility; and (iii) Section 404. Management assessment of internal controls requirements of Title IV, Enhanced Financial Disclosures. (2009‑384, s. 1; 2019‑57, s. 2(a), (b).)