Specifications include, but are not limited to: Task 1: Programmatic Audit The vendor will examine MNsure’s compliance with the federal government regulations for state health insurance exchanges for services, specifically Title 45, Part 155, Subparts C, D, E, K and M (45 Code of Federal Regulations, section 155.1210) of the Code of Federal Regulations, rendered during the year ended June 30, 2024. The vendor’s examination will be conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and the standards for compliance audits contained in Government Auditing Standards, issued by the Comptroller General of the United States. Accordingly, it will include tests of MNsure’s records and other procedures the vendor considers necessary to express an opinion as to whether MNsure is compliant with the requirements described above. The examination will meet the requirements of the Centers for Medicare and Medicaid Services final rule (9957 MF) issued August 30, 2013, effective October 1, 2013, and Title 45, Part 155, 1200 of the Code of Federal Regulations, Exchange Establishment Standards and Other Related Standards under the ACA. MNsure understands the vendor’s engagement will not include a detailed inspection of every transaction and cannot be relied on to disclose all material errors, fraud, or other violations of laws or regulations, that may exist. However, the vendor will inform MNsure of any material errors or fraud that comes to the vendor’s attention. The vendor will also inform MNsure of any other violations of laws or regulations that come to the vendor’s attention; unless clearly inconsequential. MNsure will provide the vendor with the basic information required for the examination and MNsure is responsible for the accuracy and completeness of that information. The vendor may advise MNsure about appropriate criteria or assist in the development of the subject matter, but the responsibility of that subject matter remains with MNsure. Task 2: Audit Objectives & Reports The vendor will express an opinion about whether MNsure complied, in all material respects, with the requirements contained within Title 45, Part 155, Subparts C, D, E, K and M (45 Code of Federal Regulations, section 155.1210) of the Code of Federal Regulations. The vendor’s examination will be conducted in accordance with attestation standards of the American Institute of Certified Public Accountants (AICPA) and the standards for attestation engagements contained in Government Auditing Standards, issued by the Comptroller General of the United States, and will include tests of MNsure’s records and other procedures the vendor considers necessary to enable it to express such an opinion. The vendor will issue a written report upon completion of their examination of MNsure’s compliance. The report will be addressed to Board of Directors of MNsure. MNsure understands that the vendor cannot provide assurance that an unmodified opinion will be expressed. Circumstances may arise in which it is necessary for a vendor to modify their opinion or add an emphasis-of-matter or other-matter paragraph. If the vendor’s opinion on compliance is other than unmodified, the vendor will discuss the reasons with management in advance. The vendor will also provide a report on internal control over compliance with Title 45, Part 155, Subparts C, D, E, K and M (45 Code of Federal Regulations, section 155.1210) of the Code of Federal Regulations, as required by Government Auditing Standards. The report on internal control over compliance will include a paragraph that states that the purpose of the report is solely to describe the scope of testing of internal control over compliance, and the results of that testing, and not to provide an opinion on the effectiveness of the entity’s internal control over compliance. The paragraph will also state that the report is not suitable for any other purpose. If during the examination the vendor becomes aware that MNsure is subject to an examination requirement that is not encompassed in the terms of this engagement, the vendor will communicate to management and those charged with governance that an examination in accordance with attestation standards of the AICPA and the standards for attestation engagements contained in Government Auditing Standards may not satisfy the relevant legal, regulatory, or contractual requirements. The vendor will also issue a report in the manner prescribed by the Centers for Medicare & Medicaid Services (CMS). The report will be addressed to the Consumer Information and Insurance Oversight (CCIIO) State Exchange Group and contain the required information therein. The vendor must deliver a management letter where appropriate. Task 3: Examination Procedures – Internal Control The vendor’s examination will include obtaining an understanding of MNsure and its environment, including internal control, sufficient to assess the risks of material noncompliance with Title 45, Part 155, Subparts C, D, E, K and M (45 Code of Federal Regulations, section 155.1210) of the Code of Federal Regulations and to design the nature, timing, and extent of further examination procedures. Tests of controls may be performed to test the effectiveness of certain controls that the vendor considers relevant to preventing and detecting errors and fraud that are material to Title 45, Part 155, Subparts C, D, E, K and M (45 Code of Federal Regulations, section 155.1210) of the Code of Federal Regulations and to preventing and detecting noncompliance resulting from illegal acts and other matters that have a direct and material effect on compliance. MNsure understands the vendor’s tests, if performed, will be less in scope than would be necessary to render an opinion on internal control and, accordingly, no opinion will be expressed in the vendor’s report on internal control over compliance issued pursuant to Government Auditing Standards. MNsure understands that an examination is not designed to provide assurance on internal control or to identify significant deficiencies or material weaknesses. However, during the audit, the vendor will communicate to management and those charged with governance internal control related matters that are required to be communicated under professional standards.
