North American Risk Services Announces Completion of Type II SAS 70 Report Validating Its Quality Controls

Business Editors/Financial Editors/Insurance Writers

MAITLAND, Fla.--(BUSINESS WIRE)--August 15, 2008--North American Risk Services (NARS), a national provider of property and casualty third-party administration (TPA) services, is pleased to announce that it has successfully completed its SAS 70 Type I and II audits of its various administrative and financial controls. The audit was performed by a nationally recognized independent auditing firm and was completed in July 2008.

Statement on Auditing Standards (SAS) No.70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). The AICPA defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report. Successfully completing a SAS 70 audit is widely recognized as an indication that a service company has established and maintained the highest standard of controls over its internal processes and procedures.

North American Risk Services chose to expand the scope of the review as widely as possible. The audit encompassed all areas of our operations including technical, financial, IT, HR and managerial functions. The control objectives in the 2008 report addressed each of the following areas:

Control Environment, Physical Security, Environmental Security, Computer Operations, Information Security, Data Communications, Claims Processing, Verification of Coverage, Audit and Review Process, Check Processing, Bank Reconciliation, and Client Reporting.

In the Type I report, NARS provided a description of its various controls. The service auditor then evaluated the accuracy of that description and determined whether the controls were suitably designed to achieve the specified control objectives. The Type II report combined the results of the Type I audit with detailed tests of those controls’ effectiveness over a six month period. Following this rigorous examination, the auditing firm was able to issue an unqualified opinion regarding each of the areas described above.

NARS management recognizes that Sarbanes-Oxley legislation has placed an increased focus on the internal controls of valued business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by NARS management. The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities. The structure of our report is intuitive and is designed to be incorporated well with our clients’ Sarbanes-Oxley compliance programs.

Headquartered in Maitland, Fla., North American Risk Services (www.narisk.com) provides nationwide claims, data and risk management TPA services to businesses, insurers, reinsurers and brokers in the United States. NARS is known for the experience and expertise of its employees. NARS tailors these skills to control its customers’ loss and administrative costs with an approach designed to fit each unique risk circumstance. NARS also provides its customers with a diverse array of ancillary services including auditing, medical cost management, recovery specialization and a state of the art, web-based information system that is easily configured to match each customer’s specific needs.