Blue Cross and Blue Shield of Kansas
Audit and Compliance Committee Charter

PURPOSE

To assist the board of directors in fulfilling its oversight responsibilities for (1) the integrity of the company's financial statements, (2) the company's compliance with legal and regulatory requirements, (3) the independent auditor's qualifications and independence, and (4) the performance of the company's internal audit function and independent auditors.

AUTHORITY

The committee has authority to conduct or authorize investigations into any matters within its scope of responsibility. It is empowered to:

• Appoint, compensate, and oversee the work of the public accounting firm employed by the organization to conduct the annual audit. This firm will report directly to the committee.
• Resolve any disagreements between management and the auditor regarding financial reporting.
• Pre-approve all auditing and permitted non-audit services performed by the company's external audit firm.  The committee may establish by policy the scope and extent of any pre‑approvals for audit and permitted non-audit services provided to the corporation.
• Policy

  The Committee will review staff's recommendations and recommend Board approval of the external audit firm prior to the audit and tax preparation work being completed.  This can be done annually or for a period of years if that is their desire. All other permitted non-audit services performed by the company's external audit firm are authorized by the Audit and Compliance Committee for staff to proceed with the various functions and services with a report to the Audit and Compliance Committee at each meeting designating the services provided and the amount of fees paid to the external audit firm.  The Committee will have an opportunity to review these services and fees after the fact at each meeting.

• Retain independent counsel, accountants, or others to advise the committee as it determines necessary to carry out its duties.
• Secure funding sufficient to allow the committee to discharge its responsibilities.

The committee shall also function as the Audit and Compliance Committee of subsidiary corporations of Blue Cross and Blue Shield of Kansas (i.e., Advance Insurance Company of Kansas (AICK) and its subsidiary Kansas Group Insurance Services, Inc. (KGISI)).

COMPOSITION

The committee will consist of five members of the board of directors. The chair of the board will appoint committee members and the committee chair.

Each committee member will be both independent and financially literate. At least one member shall qualify as a "financial expert". As used herein, “independent” means a board member who is not an employee of the corporation.  “Financial expert” is defined as an individual that possess education and experience as a public accountant, auditor, financial officer, controller, or accounting officer.

No committee member shall simultaneously serve on the audit committees of more than two other companies.

The committee shall include at least two and as many as five members from the Finance Committee.  The Chair of the Audit and Compliance Committee may not also be the Chair of the Finance Committee.

MEETINGS

The committee will meet at least three times a year, with authority to convene additional meetings, as circumstances require. All committee members are expected to attend each meeting, in person or via tele- or video-conference. Three committee members shall constitute a quorum. The committee will invite members of management, auditors or others to attend meetings and provide pertinent information, as necessary. It will meet separately, periodically, with management, with internal auditors and with external auditors. It will also meet periodically in executive session. The committee may meet jointly with the Finance Committee.  A draft of the meeting agenda will be sent to the committee chair prior to finalization.  Meeting agendas will be prepared and provided in advance to members, along with appropriate briefing materials. Minutes will be prepared.

RESPONSIBILITIES

The committee will carry out the following responsibilities:

Financial Statements

The committee will conduct the reviews and discussions with management and the independent auditors that are listed in this section.  The committee shall also provide the Board with a recommendation for action on the independent auditor’s report.

• Review significant accounting and reporting issues and understand their impact on the financial statements.

  These issues include:

  • Complex or unusual transactions and highly judgmental areas
  • Major issues regarding accounting principles and financial statement presentations, including any significant changes in the company's selection or application of accounting principles
  • The effect of regulatory and accounting initiatives, as well as off balance sheet structures, on the financial statements of the company.
• Review with management and the external auditors the results of the audit, including any difficulties encountered. This review will include any restrictions on the scope of the independent auditor's activities or on access to requested information, and any significant disagreements with management.

Internal Control

• Understand the scope of internal and external auditors' review of internal control over financial reporting, and obtain reports on significant findings and recommendations, together with management's responses.

Internal Audit

The committee will conduct the reviews and discussions with management and the general auditor that are listed in this section, and will be responsible for approving the reports provided by staff. 

• Review with management and the general auditor the charter, plans, activities, staffing, and organizational structure of the internal audit function. Ensure there are no unjustified restrictions or limitations.
• Approve the appointment, dismissal and payment practices with respect to the General Auditor.

External Audit

• Review the performance of the external auditors, and recommend Board approval on the appointment or discharge of the auditors. In performing this review, the committee will, at least annually, obtain and review a report by the independent auditor describing (a) the firm's internal quality-control procedures; (b) any material issues raised by the most recent internal quality-control review, peer review, or inquiry or investigation by governmental or professional authorities, within the preceding five years, and (c) all relationships between the independent auditor and the company.

• Ensure the rotation of the lead audit partner at least every five years and other audit partners every seven years, and consider whether there should be regular rotation of the audit firm itself.
• Set Blue Cross and Blue Shield of Kansas hiring policies for employees or former employees of the independent auditors.

• Review summary reports of the Kansas Insurance Department examination and other examinations conducted by regulatory agencies that staff determine should be brought to the attention of the committee.  The committee will be responsible for approving these reports.

Compliance

The committee will conduct the reviews and discussions with management that are listed in this section, and will be responsible for approving the reports provided by staff. 

• Review with general counsel, chief financial officer and the general auditor, legal and regulatory matters that may have a material impact on the financial statements and company compliance policies.
• Establish procedures for: (i) The receipt, retention, and treatment of complaints received by the company regarding accounting, internal accounting controls, or auditing matters; and (ii) The confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.
• Review the annual report for monitoring compliance with the company code of conduct.
• Review the process for communicating the code of conduct to company personnel, and for monitoring compliance.
• Review reports provided by the Medicare Part D Compliance Officer on the status of ensuring compliance with Medicare Part D program requirements.
• Review reports provided by the Privacy Officer on the status of activity to ensure compliance with Federal and State privacy law and regulation.
• Review reports on regulatory compliance activity to ensure that the company operates in compliance with relevant laws and regulations.

Other Responsibilities

• Discuss with management the company's policies with respect to risk assessment and risk management.  The committee will be responsible for approving the reports provided by staff.
• Review and assess the adequacy of the committee charter, requesting board approval for proposed changes.
• Evaluate the committee's performance and report the results to the board.