A helping hand: as insurers work hard to make sure everything is ready to comply with various regulations, their IT departments also are playing a key role in meeting the challenge.Key Points * Insurers increasingly are relying on their information technology departments' help in the compliance process. * Insurers' IT leaders believe their companies' investments in compliance already are paying off. * Because many insurers view compliance as either a mandate or requirement, some believe it's helped to renew IT's reputation, while giving it more credibility. Compliance has become part of an insurer's everyday vocabulary. Faced with regulations, such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when , Gramm-Leach-Bliley, the USA Patriot Act USA PATRIOT Act [Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorists], 2001, U.S. and others, insurers increasingly are relying on their information technology departments' help in the compliance process. "Compliance is the cornerstone of our operations," said Fred Haynes Freddie Lynn "Fred" Haynes (March 29, 1946 -- November 5, 2006) was, despite his relatively small physical size, a star football player for the Louisiana State University Tigers from 1966-1968, having climaxed his three-season career by successfully quarterbacking both the Sugar , IT leader for global finance for GE Insurance Solutions. Haynes was one of four industry experts who participated in a Best's Review round-table discussion on IT and compliance. The good news for many companies is that they can rest assured because their IT departments have been preparing for some time to meet compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). , and most say they're already up to the challenge. At the Ready While insurers' IT departments have worked diligently dil·i·gent adj. Marked by persevering, painstaking effort. See Synonyms at busy. [Middle English, from Old French, from Latin d over the past several years to make their systems ready to ensure regulatory compliance, they said they're also prepared for additional challenges that may be thrown their way, including future delays in compliance deadlines. Such delays are nothing new for insurers. They experienced that recently when the compliance deadline for Sarbanes-Oxley Section 404--the reporting portion of the bill--was delayed twice. Kansas City Kansas City, two adjacent cities of the same name, one (1990 pop. 149,767), seat of Wyandotte co., NE Kansas (inc. 1859), the other (1990 pop. 435,146), Clay, Jackson, and Platte counties, NW Mo. (inc. 1850). , Mo.-based GE Insurance Solutions said it's prepared to meet the challenge of any such future delays. Last year, the company conducted an internal "complete dry run" of its systems and ran as if dates were real, said Haynes. This year, the company again is going through the process. "However, some businesses may not be as prepared in having some of the internal controls, documentation or business practices set up, and may end up having to go back and do a lot of work from the ground up," he said. GE Insurance Solutions now is focusing on putting best practices in place, getting more organized and concentrating on filling in the blanks, Haynes said. Some in the industry believe future delays are inevitable. "I wouldn't be surprised if [Sarbanes-Oxley] were delayed again, similar to what we saw with HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ," said Dr. Charles Emery emery: see corundum. emery Granular rock consisting of a mixture of the mineral corundum (aluminum oxide, Al2O3) and iron oxides such as magnetite (Fe3O4) or hematite (Fe2O3). , senior vice president of information systems and chief information officer for Horizon Blue Cross Blue Shield Blue Shield A US not-for-profit health care insurer that is a reimbursement intermediary for physicians. Cf Blue Cross. of New Jersey. "Everyone was point on for the implementation date, but certain groups couldn't make it. In HIPAA's case, it was the doctors." Similar to GE Insurance Solutions' approach, Emery said Horizon also ignored some of the delay dates and now is on target to meet the original compliance dates. Evaluating Costs While it's difficult to put a number on it, insurers' IT leaders believe their companies' investments in compliance already are paying off. A recent study by Financial Executives International, a professional organization for chief financial officers and other senior financial executives, estimated that the cost of Sarbanes-Oxley Section 404 compliance recently has gone up by 62% in six months, particularly for larger companies. Compliance now is estimated to cost $3.14 million, up from last year's survey estimate of $1.93 million. Internal costs, external costs and a rise in the fees charged by external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. all are driving the increase. "Return is hard to catch for us," said Horizon's Emery. "For the most part, we treated it as a mandate, and mandates are looked at a little differently than ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). where we are looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a business return." Given the onset of both new and old regulations, the company recently developed a matrix of redundancy where "they basically all cross over one another," he added. He said the company came up with a worst-case scenario worst-case scenario n → Schlimmstfallszenario nt with the most stringent of all regulations and rules and placed them on the front end of its system processes. "Therefore, we view it more as a cost avoidance Cost avoidance is a management accounting term referring to an expense one has avoided incurring. It is commonly used in the field of energy management to describe the energy costs you avoided due to energy management initiatives. of redoing post implementations," Emery said. For GE Insurance Solutions, Haynes said its largest cost driver of Sarbanes-Oxley compliance comes from the internal process of gathering and organizing documentation of controls. The overall cost, however, is in line with what the company originally anticipated, he said. IT's Reputation Because many insurers view compliance as either a mandate or a requirement, some believe it's helped to renew IT's reputation, while giving it some more credibility because IT departments are familiar with the internal workings of company systems. "It's given appreciation of some of the complexity, since people now have to sign documents and they're now interested in what it really means," said Horizon's Emery. The downside Downside The dollar amount by which the market or a stock has the potential to fall. Notes: You might hear someone say that the downside on stock XYZ is $10. What that means is that the stock could fall by this amount if things got bad. , however, is that because insurers face new constraints CONSTRAINTS - A language for solving constraints using value inference. ["CONSTRAINTS: A Language for Expressing Almost-Hierarchical Descriptions", G.J. Sussman et al, Artif Intell 14(1):1-39 (Aug 1980)]. and controls, IT now is starting to look like a bottleneck A lessening of throughput. It often refers to networks that are overloaded, which is caused by the inability of the hardware and transmission lines to support the traffic. It can also refer to a mismatch inside the computer where slower-speed peripheral buses and devices prevent the CPU , he said. However, GE's Haynes disagreed, casting IT's role more as best practices in terms of how the company organizes and executes to comply with Sarbanes-Oxley rather than as a bottleneck. While Appleton, Wis adv. 1. Certainly; really; indeed. v. t. 1. To think; to suppose; to imagine; - used chiefly in the first person sing. present tense, I wis. See the Note under Ywis. .-based Thrivent Financial for Lutherans Thrivent Financial for Lutherans (first word pronounced "THRIVE-int" — or more precisely, alluding to contractions, "thrive—n't"; IPA pronunciation: /ˈθɹaɪvɘnt/ , a not-for-profit Fortune 500 financial-services organization, hasn't yet formally implemented Sarbanes-Oxley, Chief Information Officer Larry Robbins said the member-governed organization has a strong history of open disclosure of key decisions, checks and balances on management's authority, and accuracy and completeness in financial reporting. He said Thrivent Financial's IT department is getting ready for the challenge of Sarbanes-Oxley as a true partnership with business to formalize regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. . "We allow business to lead on many of these things "These Things" is an EP by She Wants Revenge, released in 2005 by Perfect Kiss, a subsidiary of Geffen Records. Music Video The music video stars Shirley Manson, lead singer of the band Garbage. Track Listing 1. "These Things [Radio Edit]" - 3:17 2. , and IT is there to support and enable whenever possible." Because many of the industry's IT leaders were involved with their companies' initial compliance processes, they believe it's given them a leg up in terms of knowing the company's compliance-related needs. Haynes, for instance, has assigned a full-time IT controller who is part of a companywide controllership organization which is focused on ensuring compliance with Sarbanes-Oxley. Making Interpretations IT also plays an important role in the interpretation of regulations. "There is room for different interpretations. If you look across the entire landscape, we've historically approached each regulation in isolation, whether it's a privacy issue, a compliance issue or something expected," said Thrivent's Robbins. Thrivent is now connecting the dots within and across the company, he said, forming a multidiscliplinary view of all the regulations to look at them more systematically. For Horizon, regulatory interpretation lies in the hands of the company's compliance group, which is led by general counsel and various internal specialists. "One thing for us is not just Sarbanes-Oxley but also making sure it integrates in with everything else at the same time, so we don't have separate processes and discovery requirements for every single law and regulation that comes down," said Emery. He said CIOs also play a key role in the interpretation process and are expected to know the ins and outs ins and outs pl.n. 1. The intricate details of a situation, decision, or process. 2. The windings of a road or path. of state and federal regulations. Secondary Benefits When asked whether any of the recent regulations either improve or influence the benefit that IT can bring to an organization as a secondary benefit of the work they are doing technologically, insurers said only time would tell. "We're still trying to figure out that component," said Michael A. Edwards, executive vice president and chief information officer for Baltimore-based American Skyline Insurance Co. "On the one hand, it's true because with Sarbanes-Oxley there is accountability from a management team perspective and this is information we share with our shareholders and board of directors. It's such a huge issue to work through, and there's still uncharted territory
Horizon's Emery said recent regulations have created some of what he calls "wildcatting." "This is where someone runs off, says this is a cool system that a vendor convinced them they can't live without and then eventually they say they have to have it." Senior management now understands they can't do that, however, without first filling it into the whole compliance scheme, he added. "For instance, HIPAA was a great set of regulations, but it was just 25 years too late. If we can figure out and help the government put regulations in the right place so we don't have to unbuild un·build v. un·built , un·build·ing, un·builds v.tr. To dismantle, take apart, or demolish; raze. v.intr. To dismantle something built. and rebuild, that makes a lot more sense," he said. "When you talk about Sarbanes-Oxley, you need to organize your documentation and better understand your data flows from a support perspective," said Haynes. There are economies companies can achieve whether they are outsourcing (1) Contracting with outside consultants, software houses or service bureaus to perform systems analysis, programming and datacenter operations. Contrast with insourcing. See netsourcing, ASP, SSP and facilities management. or insourcing (1) Doing work with inhouse employees. Contrast with outsourcing. (2) Creating jobs in your country by an organization that is foreign owned. Contrast with outsourcing. in terms of supporting critical applications, he said. "And we've also seen some opportunities to automate To turn a set of manual steps into an operation that goes by itself. See automation. processes that maintain user access and system roles, and that ends up in some cost savings for us." Robbins also said there are secondary opportunities that come about as a result of the compliance issues companies face. "However, it's difficult to quantify Quantify - A performance analysis tool from Pure Software. and doesn't justify it all from an expense standpoint," he said. Instead, it forces companies to look across the organization more holistically. "It also forces us to have better controls all the way through the process. We need to look at Sarbanes-Oxley as an opportunity to not only address the compliance aspect, but to leverage this to streamline the business process and systems." State vs. Federal Since insurance is regulated at the state level, and a lot of the compliance issues were on the federal level, insurers speculate what may come about in trying to bridge the gap between states' regulatory demands and expected federal requirements. Health plans faced this situation with HIPAA, said Horizon's Emery. "The state had its own HIPAA-basic type set of rules called HINT, and we worked with the state to get better in line with the federal government, and we found for the most part the state will work with an overlying overlying suffocation of piglets by the sow. The piglets may be weak from illness or malnutrition, the sow may be clumsy or ill, the pen may be inadequate in size or poorly designed so that piglets cannot escape. federal structure if it makes sense," Emery said. If not, the state then wants to put its own rules into place on top of the federal ones, so IT's role in many cases is that of coordinator and educator, he added. Working closely with state regulators is also key. American Skyline's Edwards said it's critical that insurers have the best working relationship they can with various departments of insurance. Closer Look at Compliance Generally the regulations, although at times challenging, are bringing focus to areas that are appropriate for IT departments to look at and improve, said Robbins of Thrivent Financial. "Our challenge is to meet compliance as well and get the most value out of them for our membership." American Skyline's Edwards said companies should pay particular attention to three areas: legal and regulatory requirements from an interpretation of law perspective; accounting compliance and interpreting their requirements; as well as particular attention internally within operations management Operations management is an area of business that is concerned with the production of goods and services, and involves the responsibility of ensuring that business operations are efficient and effective. . Compliance is critical to the industry, and it's everyone's job, said GE's Haynes. "When it comes to compliance, IT is seen as an enabler and a true partner with business," he said. In addition, Horizon's Emery said he would like to see both the federal and state governments do a better job at coordinating these efforts. "And in light of the fact they don't always, our key to success is coordinating it so we only have to cover the tracks once," Emery said. Compliance already is being accomplished and is a good codification The collection and systematic arrangement, usually by subject, of the laws of a state or country, or the statutory provisions, rules, and regulations that govern a specific area or subject of law or practice. of much of what already is being done, he said. "Our industry deals in confidence," Emery said, "and anything that gives our customers more confidence will make them more confident that we're doing the right thing for them on a consistent basis." Participants Larry Robbins Chief Information Officer, Thrivent Financial for Lutherans The regulations, although at times challenging, are bringing focus to areas that are appropriate for IT departments to look at and improve. Michael A. Edwards Executive Vice President and Chief Information Officer, American Skyline Insurance Co. Companies should pay particular attention to three areas: legal and regulatory requirements from an interpretation of law perspective; accounting compliance and interpreting their requirements; as well as particular attention internally within operations management. Dr. Charles Emery Senior Vice President, Information Systems and Chief Information Officer, Horizon Blue Cross Blue Shield of New Jersey "HIPAA was a great set of regulations, but it was just 25 years too late. If we can figure out and help the government put regulations in the right place so we don't have to unbuild and rebuild, that makes a lot more sense." Moderator moderator - A person, or small group of people, who manages a moderated mailing list or Usenet newsgroup. Moderators are responsible for determining which email submissions are passed on to the list or newsgroup. Fred Haynes IT Leader for Global Finance, GE Insurance Solutions "When it comes to compliance, IT is seen as an enabler and a true partner with business." Paul Tinnirello Executive Vice President/Chief Information Officer and E-Fusion Conference Chairman, A.M. Best Co. Learn More American Skyline Insurance Co. A.M. Best Company #12479 Distribution: In-house agents, independent agents, exchange, direct Horizon Blue Cross Blue Shield of New Jersey A.M. Best Company #64022 Distribution: Brokers, benefit consultants, direct GE Insurance Solutions A.M. Best Company # 58158 Distribution: Brokers, managed general underwriters, direct Thrivent Financial for Lutherans A.M. Best Company #06008 Distribution: Captive field force |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion