Imperative. The Risk Management. White Paper January 2012

Similar documents
Ready for Outsourcing

Best-In-Class HR, Benefits, and Payroll Solutions for the Public Sector. trusted efficient responsive best practices

Moving Forward with IT Governance and COBIT

Business Service Management Links IT Services to Business Goals

Harness Enterprise Risks With Oracle Governance, Risk and Compliance

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

IT Governance. What is it and how to audit it. 21 April 2009

Integrated Stress Testing

Operational Risks and Your Custodian: A Perfect Match?

Business Performance & Data Quality Metrics. David Loshin Knowledge Integrity, Inc. loshin@knowledge-integrity.com (301)

VENDOR MANAGEMENT. General Overview

Enterprise Risk Management in Compliance 360

Managing General Agents (MGAs) Guideline

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

How To Manage Risk With Sas

COMMERCIAL BANK. Moody s Analytics Solutions for the Commercial Bank

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

BlackStratus for Managed Service Providers

Streamlining the Order-to-Cash process

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Symantec Control Compliance Suite. Overview

S T R A T E G I C P A R T N E R S H I P D A T A, N E T O W R K S P E O P L E, P R O C E S S, T E C H N O L O G Y, Europe

Cisco Remote Management Services for Financial Services

CREDIT CARD SOLUTIONS

Leveraging a Maturity Model to Achieve Proactive Compliance

Enterprise risk management: A pragmatic, four-phase implementation plan

3 rd Party Vendor Risk Management

UNLOCKING THE MYSTERY OF SALES COMPENSATION. Three keys to sales compensation success

White paper: Nine Simple Steps to Vendor Management

Bank of Israel. 1. Background. In recent years, cloud. environmentally. from. aspects in. these. 2. Applicability. Directive ). 3.

MISSION VALUES. The guide has been printed by:

Procuring Penetration Testing Services

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

Operational Assessment: An Essential Step in Establishing an Efficient Operational Infrastructure

Improving Customer Contact Quality

ADP Comprehensive Outsourcing Services

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

Assessing Credit Risk

EMIR and REMIT: Wholesale Energy Trading on the Docket. How to Prepare Your Business for the New Paradigm.

Best Practices for Planning and Budgeting. A white paper prepared by PROPHIX Software October 2006

DATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008

APPENDIX 50. Enterprise risk management - Risk management overview

Information Security Management System for Microsoft s Cloud Infrastructure

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Manage and Control Access Risk and Assess Its Financial Impact

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner.

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Need to optimize your assets? Be proactive with ISO

Policy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.

nfx One for Managed Service Providers

On-Time, On-Target Clinical Documentation Meets Today s Demands on Your Terms

Wealth management offerings for sustainable profitability and enhanced client centricity

Private Wealth Solutions An exceptional experience for discerning clients

fmswhitepaper Why community-based financial institutions should practice enterprise risk management.

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The Power of Risk, Compliance & Security Management in SAP S/4HANA

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Sample Financial institution Risk Management Policy 2011

Be the carrier of choice.

Transportation Management Systems Solutions:

End to end Complaint Handling Services

Electronic Lien and Title. Reduce costs and eliminate delays with a comprehensive, web-based ELT solution

CGI Cyber Risk Advisory and Management Services for Insurers

Accelerate Your Enterprise Private Cloud Initiative

Third Party Risk Management 12 April 2012

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Securing Your Business with Managed File Transfer

Alberta Pensions Services Corporation. Business Plan

Application Outsourcing: The management challenge

Specifically Engineered for High-Tech Companies

Governance, Risk and Compliance in the Healthcare Industry

Always in Touch Healthcare Communications for the Mobile World

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

Manage the Mobile Workforce Without the Complexity and Expense of an On-Premise Installation

Information & Asset Protection with SIEM and DLP

Callidus for Insurance

Francesca M. Pepoon PROFESSIONAL EXPERIENCE AS MANAGING PARTNER OF CONSTRUCTION SCIENCE, MS. PEPOON PROVIDES

Life and Annuity Insurance Transformation through End-to-End Business Processing ORACLE STRATEGY BRIEF JULY 2014

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

"Data Manufacturing: A Test Data Management Solution"

Understanding the Value of Symantec Managed Enterprise Vault

Security Framework and Best Practices in Offshore Outsourcing

Risk Assessment & Enterprise Risk Management

IBM Cognos Controller

COMPLIANCE GUIDELINE April 2009

AIRLINES BUSINESS PROCESS OUTSOURCING SURVEY Vineet Malhotra

Leading European. Credit Management Service Provider

M*Modal Transcription Services

Online Resources Business Banking

Delivering Compliance in the Cloud TM

Cloud security architecture

Chartis RiskTech Quadrant for Operational Risk Management Systems

Module 1 Study Guide

Process Intelligence: An Exciting New Frontier for Business Intelligence

Thought Leadership White Paper

HIPAA and HITECH Compliance for Cloud Applications

Oracle Financial Services Broker Compliance

Transcription:

White Paper January 2012 The Risk Management Imperative Service organizations in the insurance and annuity industry have a responsibility to partner with their clients on risk management responsibilities for their activity, and to demonstrate to clients their commitment to build and maintain ongoing risk management best practices.

The Risk Management Imperative Introduction Managing and evaluating risk is integral to the life insurance and annuity industry. Virtually every activity a carrier engages in can impact the company s overall risk exposure. Protecting the relationships that carriers have with customers and agents, including their private and confidential information, is of particular importance. These risks inherent to the insurance industry are well understood by insurance professionals, and are often the source of concerns about outsourcing work or data to service organizations that may not have the same appreciation for these important relationships. Service organizations with roots in the insurance industry, however, hold a deep, long-term institutional understanding of the nature of these risks. These industrybased organizations understand the need to develop and offer strong risk-oriented controls and risk management best practices in conjunction with their services. Those that fully understand and appreciate these risk considerations are best positioned to successfully minimize them. Enterprise Risk Management Franchise Risk Regulatory Risk Service Processing Systems & Systems Development Intellectual Property Competitive Positioning Human Resources Risks Assessed Across the Organization Best-practice service organizations are focused on creating and maintaining strong, effective risk management procedures. Their objective is to allow insurance and annuity companies to safely and confidently take advantage of the cost-saving capabilities of the service organization model without adding undue levels of risk exposure. ( 3 ) ( 3 )

The Risk Management Imperative The Nature of Risk Doing business in the life insurance and annuity sphere involves an array of inherent risks. The varieties of operational risk include: Customer Relationships Data Management Data Security Customer Privacy Reputational and Financial A service organization that does not recognize, understand and address this situation will not satisfy the risk management concerns of the insurance carrier. It is the existence of these risks and an insurance professional s understanding of these risks that has traditionally been a point of resistance within the industry to utilize a service organization for administration of business processing activity. Despite the demonstrated efficiencies that service organizations can deliver, concerns about risk management have kept the insurance industry from the wholehearted embrace of this model that has occurred in many other financial services sectors, such as the mutual fund industry. Insurance and annuity companies that perform all business processing in-house maintain total control of the risk management process, and total responsibility for those risks. Assigning business-processing tasks to an external service organization cedes some level of control over risk management. This occurs in all phases of service organization administration activity: Conversion of business processing to updated platforms Creation of new products Ongoing administrative support This ceding of control occurs whether the service organization model involves outsourcing of work to new personnel, or processing data on software hosted by a service organization, or a combination of the two. Many risk management professionals view this loss of control as an inherent increase in risk, or as the addition of a new category of risk. A service organization that does not recognize, understand and address this situation will not satisfy the risk management concerns of the insurance carrier. To satisfy the legitimate risk management concerns of the carrier, service organizations must become partners in risk management. ( 4 )

That role can be competently and credibly filled by a service organization with demonstrated knowledge, expertise and experience in insurance risk management. The optimal solution occurs when the risk management function becomes a joint enterprise of the service organization and the carrier, focused on managing risks that have financial and reputation impacts and affect value drivers generated by service organization activities. To be most effective, this partnership effort must include transparency into the service organization s risk management procedures in order to build trust and confidence in the relationship. Service Organization Risk Management Best Practices Not all service organizations have the background and capability to design, implement and monitor risk management best practices. That requires a deep and thorough understanding of the nature of risk in the life insurance and annuity industry. At best-practice service organizations, an executive-level Risk Management Committee meets monthly to monitor controls; ensure sound policies, procedures and practices have been put in place; and assess the overall status of the risk environment. Best practices also require a commitment to employee training, and maintaining a corporate culture that emphasizes risk management as a companywide priority and the responsibility of each individual employee. To ensure that risk management processes are maintained, emphasized and constantly updated, best-practice organizations will embed these processes in their Enterprise Risk Management (ERM) programs. Objective Operational Risk Scoring Results Performed by se 2 Operational Risk Assessment Inherent Risk Operational Risk Assessment Residual Risk 3.98 5.88 Low 0 Moderate 4 High 7 Low 0 10 ( 5 3 ) Moderate 4 High 7 10

The Risk Management Imperative Based on their thorough understanding of the nature of insurance and annuity industry risk, best-in-class service organizations will look internally at systems and process to identify sources of risk. Procedure and design workflows are created to identify where controls are needed, and any identified risks are constantly monitored. Risk-aware organizations understand that a strong risk culture, tied to sound risk mitigation controls, not only minimizes risk, but also drives quality, accuracy and accountability in the management of client data. Transparency is another critical component of a best-practice ERM program. When service organizations share detailed documentation of risk management procedures and activity with their clients, that provides assurance that best practices are being maintained. In best-practice models, service organizations and their clients jointly design and implement a risk management protocol that: Considers end-to-end processes and risk controls as service processes and data move between both organizations Includes detailed diagrams of data flows and control mechanisms as processes and data move between clients and the service organization s systems Relies on client input and consultation on the final configuration of data flows and risk controls Provides full transparency with detailed exception reports provided on an ongoing basis, including descriptions of mitigation procedures Provides trend analysis and addresses continuous improvement activity Best-practice organizations are investing in automated reporting systems to monitor adherence to risk controls involving system-tosystem data movement and integrity. Such systems provide the ability to identify and flag errors and issues that arise during system integration points, both real time and during batch processing. These systems are designed to provide real-time dashboard reporting so that responsible parties can track the status of control issues to ensure they have been addressed and resolved. This allows management to immediately see exceptions and to utilize tools such as correlative analysis to identify and address the root causes of errors. In many companies, the root cause of a systems control issue can go undiagnosed for years. ( 6 )

These systems also help drive accountability by ensuring that all errors, identified exceptions and issues are tracked, and all unresolved items are brought to management s attention. Enterprise Risk Management Delivers Value Best practices in enterprise risk management deliver substantial value to both service providers and client carrier companies in the insurance and annuity industry. Fundamentally, such programs drive higher quality and accuracy into business processing activities, resulting in a high confidence in processing integrity, improved customer satisfaction and a positive business reputation. In addition, a shared responsibility for risk management by service organizations and client carriers, combined with transparency, results in strong risk control and yields a reduction in organizational stress, and all the benefits that entails. Finally, sound risk controls can result in lower customer service costs to the organization. ( 7 3 )

Making it happen. Find out what you ve been missing, at no risk to your enterprise. Contact se2 at contact@se2.com or 800.747.3940. 5801 SW 6th Avenue Topeka, KS 66636 800.747.3940 se2.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information