State regulators were required to perform a group-coordinated examination with two subgroups of a multinational organization with three separate information technology (IT) environments subject to examination. The objectives were to perform IT specialist services as part of Subgroup 2 and coordinate with the two participating states of Subgroup 2 and three additional states of Subgroup 1.
Baker Tilly was responsible for the IT Exhibit C assessment for Subgroup 2, which had two separate IT environments from Subgroup 1. Baker Tilly’s IT team had to assess and perform an individual assessment of the United States location and environment and an international environment. Subgroup 1 was responsible for assessing another U.S. environment.
Baker Tilly’s IT specialist created customized risk assessments for the two different environments and provided the examiner-in-charge (EIC) with updates regarding common and separate risks, identified issues and ability to rely on the respective environments. Baker Tilly’s IT specialists coordinated with the Subgroup 1 IT specialist and the additional Subgroup 2 IT specialist from another state regulator that was conducting additional data security model law procedures. Baker Tilly’s IT specialist also coordinated with two different external auditors to obtain the required information for review and reliance.
A separate report was completed for each environment applicable to Subgroup 2 and was finalized within the examination planning memorandum. A clear understanding of scope and issues was obtained by the EIC for Subgroup 2 and the EIC for Subgroup 1. The IT review was determined a success.
Looking for more information on this topic or to learn more about our compliance solutions? Reach out to one of our insurance specialists.