INSURANCE COMPANIES, AS WELL AS ORGANIZATIONS in other industries, are relying more and more on the internal audit process to verify their compliance with various laws and regulations. To ensure that they can continue that reliance, the insurance industry is actively promoting the idea that internal auditors' work should be given the same legally protected status as communications with doctors, lawyers, and priests. This protection is referred to as "privileged communications status." Since 1997, five U.S. states--Illinois, New Jersey, North Dakota, Oregon, and Michigan--have enacted legislation that, in certain circumstances, protects internal audit work from unwelcome scrutiny.
Privileged communications status has changed over time, varies based on the type of information being reviewed, and can be controversial. As companies are encouraged through legislation such as the U.S. Sarbanes-Oxley Act of 2002 to engage in self-examination, the likelihood of the expansion of the status into other states and additional areas of internal auditing increases. When it does become available, this privileged status will likely apply to self-examinations that meet certain criteria. By knowing those criteria, internal auditors can take action now to maximize the chances that work performed today will be protected from discovery during future litigation.