A silver lining: Sarbanes-Oxley compliance may reveal hidden dividends for insurers.
Insurance companies that underwrite directors and officers, professional liability, and errors and omission coverages also have the opportunity to gain better underwriting and risk assessment information and also may require their insureds to adopt the key safeguards of Sarbanes-Oxley. This law impacts the merger and acquisition activities and the materiality of due diligence, especially in circumstances involving the overstatement of revenues or fraudulent accounting of companies involved.
The direct costs of noncompliance through fines, penalties, and litigation can be high; however, indirect costs from lost credibility and corresponding loss of market share, customer loyalty, and revenue can prove even higher. For the most part, the broad insurance industry understands the importance of protecting their reputation and maintaining the continued trust of their policyholders. For them, compliance is more than a regulatory mandate; it is essential to the integrity of the corporate brand and to retaining customers in a fiercely competitive marketplace.
Publicly traded insurance organizations are being forced to assume full responsibility for the information included in their financial reports and to review and certify the procedures by which they gather, index and compile this information. Key to compliance is the transparency of financial reporting, the ability to gain a better view into business activity as it takes place throughout the organization and from there, monitor and control these activities. The organization achieves transparency when access to critical information is more immediate and decision-making is more rapid and effective.
Technologies that enable organizations to monitor their business processes, produce meaningful and timely analytical information, and manage ever-increasing quantities of information have come to the forefront of the drive to compliance. It is through the enforcement of policies and procedures that compliance is ensured. Content in all organizations, such as scanned images, electronic documents, rich media and faxes, is escalating. It is important to manage the retention and the appropriate elimination of content through a records management strategy.
Process Approach Is Key
Insurance organizations that can manage their complex business processes, data, and the information that is used to drive those processes can address the complexities of compliance with Sarbanes-Oxley and other regulations. Process resides at the core of all insurance organizations. It is how business gets done, with its ability to automate, control, and accelerate. Further refinements enable processes to be modeled, analyzed, and continually improved to ensure ongoing compliance and operational efficiency.
By bringing together the processes and the content, insurance organizations can gain a greater degree of internal transparency.
Developing Compliance Strategies
With Sarbanes-Oxley, the importance of records management has gone from the basement to the boardroom almost overnight. Both records management and corporate accountability are now center stage, in light of past high profile corporate scandals, especially in the area of electronic record keeping and e-mail storage. Insurance organizations are realizing that their compliance and records management policies need to be enforced via process and technology rather than being dependent on people for their enforcement.
Sections 302, 404 and 409 of the Sarbanes-Oxley Act have wide ranging impact on insurance organizations in managing both their internal processes and the content that drives these processes.
Section 302: Ensuring Compliance in Financial Reporting--Section 302 addresses immediate compliance concerns as it establishes corporate responsibility for financial reports, requiring that the organization's principal executive and financial officers certify the contents of their corporate reports. As signing officers, these senior executives also are responsible for establishing and maintaining internal controls for compiling financial information. Financial penalties and prison terms await corporate officers who certify financial reports that are prepared in a manner inconsistent with established controls or that deliberately contain false or misleading financial information.
Responding to Section 302, organizations need to use content and records management strategies to securely store and retrieve virtually unlimited quantities of information at any time during the required seven-year audit retention period. These strategies need to incorporate robust search capabilities to rapidly locate and access information stored in the organization.
A process-based approach enables a direct linkage between process documentation and execution. As a result, when changes occur in a documented process, they should roll out immediately to the enterprise for day-forward adherence. Organizations need to document processes, accelerate and manage information gathering, and rapidly determine the source and approval process for critical financial information. With this type of control, management can represent the process by which information was gathered, identify participants and when it was gathered and modify the process for greater control.
Content management allows auditors to directly view compliance processes, documentation, and reporting information. With secure, yet direct access to financial reporting documentation and process information, transparency into the organization increases. Organizations can achieve meaningful cost reductions from more efficient auditor assessments and rapid response to regulatory inquiries.
Section 404: The Most Difficult and Complex Aspect of Compliance--Section 404 has created the greatest overall concern in that it establishes direct management responsibility for the assessment of internal controls. For all annual financial reports produced after June 15, 2004, management is required to include an assessment of internal controls and procedures for producing financial reporting information. Additionally, the corporation's public accounting firm is required to attest to this assessment. Most public corporations are moving aggressively toward a "standardized" state defined by established and adequately documented internal controls. Therefore, insurance organizations must not only document their internal procedures, but must demonstrate their strict adherence.
Compliance with Section 404 in particular requires a remarkable degree of transparency into the organization's content and processes. Organizations must establish stringent controls not only to document critical processes, but also to ensure that they are carried out. Senior management requires entirely new levels of visibility into reporting processes to gain the confidence to certify the content of their financial reports. Corporations need to establish a complex, bottom-up approach for evaluating their internal controls, soliciting individual input and assessment from across the enterprise. Thus, the approach to Sarbanes-Oxley needs to support top-down visibility and oversight while enabling bottom-up input into both reporting and control assessment. An approach that manages both content and process enables executives to comply with Section 404 without requiring an exorbitant amount of time, cost, or risk to the individual or corporation.
Section 409: Moving to Real-Time Reporting--Compliance also drives the need for accelerated or even real-time reporting. In Section 409 of the Sarbanes-Oxley Act, publicly traded corporations are required to "disclose to the public on a rapid and current basis" any material changes in the organization's financial condition. Moreover, the definition of a "material change" is rapidly expanding to include items as detailed as the loss of a principal customer or account. Also, insurance organizations will have to view changes to loss reserves in a totally new light. Insurers will have to gain a clearer understanding of reserving practices for claims, as well as other events that have an impact on underwriting results.
This issue of transparency and aspect of compliance requires that the content and processes that drive the organization are under control and can be monitored. Organizations can leverage a process-based approach to monitor for events that represent "material changes" and trigger a responsive, controlled process to ensure that required disclosures are generated within the prescribed time period.
The Cost of Compliance
With this law as a goal for compliance, many insurance organizations have scrambled to meet stated deadlines. The unfortunate side effect is that the cost of compliance has rapidly begun to escalate and, with other equally complex issues also impacting the situation such as the foreign regulations for operational risk as required by the Basel II Capital Accord, the increase appears likely to continue. While Section 404 of the Sarbanes-Oxley Act requires that internal controls are in place, Basel II tracks and manages the exposure to risk by banks and financial institutions. To achieve compliance quickly, both consulting and external audit fees have increased industrywide. A dramatic rise in insurance premiums has proven to be another hidden cost of Sarbanes-Oxley.
Many organizations are now turning to the more complex, and costly, effort to document their internal controls in accord with Section 404. As they do, they are looking not only for near-term fixes but also for a compliance approach that can address current and future regulatory requirements. While a simple point approach may address some present-day Sarbanes-Oxley requirements, they may be unable to scale to address new requirements as they evolve, including those associated with Basel II.
Benefits of Sarbanes-Oxley
A growing group of insurers are looking to move beyond compliance to derive additional value from their efforts to enhance their relative competitive advantage. These organizations are working to implement a compliance approach that ultimately will enable an "optimized" environment that delivers real-time monitoring--true transparency--and continuous, rapid process improvement. Thus empowered, these organizations can dramatically reduce the cost of compliance, accomplish near real-time reporting, and rapidly respond to current and future regulatory requirements.
* Insurers are developing ways to enhance their competitive advantage as a byproduct of compliance mandates.
* Sarbanes-Oxley compliance is essential to retaining the integrity of the corporate brand for insurers.
* Technologies that monitor business processes and manage information are important in the drive to compliance.
John Sarich is the industry marketing manager for FileNet Corp., a provider of enterprise content management solutions.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Sarbanes-Oxley Act of 2002|
|Date:||Feb 1, 2005|
|Previous Article:||Taking leave: California's new paid family medical leave act could be copied in other states, opening the door for insurers to expand their leave...|
|Next Article:||A profound change: the SMART bill's most far-reaching change may be preemption of state approval of rates.|