the actuary and enterprise data strategies cas may 2006 part ii: how do we get there?
Post on 18-Dec-2015
214 views
TRANSCRIPT
The Actuary and The Actuary and Enterprise Data Enterprise Data
StrategiesStrategies CAS MAY 2006CAS MAY 2006
Part II: How Do We Get There?Part II: How Do We Get There?
22
AgendaAgenda
Data Management Best Practices and Data Management Best Practices and GuidelinesGuidelines
Standards Standards Straight-Through-ProcessingStraight-Through-Processing Information Quality and Assurance Information Quality and Assurance Sarbanes-Oxley and other Sarbanes-Oxley and other
RegulationsRegulations Questions and CommentaryQuestions and Commentary
PanelistsPanelists
Pete Marotta, ISOPete Marotta, ISO Gary Knoble, USABFS Gary Knoble, USABFS Bruce Tollefson, MN WC Rating BureauBruce Tollefson, MN WC Rating Bureau Christine Siekierski, WI Comp. Rating Christine Siekierski, WI Comp. Rating
BureauBureau Art Cadorine, ISOArt Cadorine, ISO
44
Data Management Best Data Management Best Practices and GuidelinesPractices and Guidelines
55
Data Management Best PracticesData Management Best Practices
Data StewardshipData Stewardship – establish a corporate – establish a corporate data steward data steward
Data and Data Quality StandardsData and Data Quality Standards – – foster the development and adoption of foster the development and adoption of data and data quality standardsdata and data quality standards
Organizational Issues – structure Organizational Issues – structure organization to promote good data organization to promote good data management and data qualitymanagement and data quality
66
Data Management Best PracticesData Management Best Practices
Operations and Processes – establish Operations and Processes – establish processes to maximize data quality and processes to maximize data quality and utilityutility
Data Element Development and Data Element Development and SpecificationSpecification – design and maintain – design and maintain data, systems and reporting data, systems and reporting mechanisms in a manner that promotes mechanisms in a manner that promotes good data management and data good data management and data qualityquality
77
10 Guidelines of Data 10 Guidelines of Data ManagementManagement
1.1. Data must be fit for the intended business use. Data must be fit for the intended business use.
2.2. Data should be obtained from the authoritative Data should be obtained from the authoritative and appropriate source.and appropriate source.
88
10 Guidelines of Data 10 Guidelines of Data ManagementManagement
3.3. Data should be input only once and edited, Data should be input only once and edited, validated, and corrected at the point of entry. validated, and corrected at the point of entry.
4.4. Data should be captured and stored as Data should be captured and stored as informational values, not codes.informational values, not codes.
99
10 Guidelines of Data 10 Guidelines of Data ManagementManagement
5.5. Data should have a different steward responsible for Data should have a different steward responsible for defining the data, identifying and enforcing the business defining the data, identifying and enforcing the business rules, reconciling the data to the benchmark source, rules, reconciling the data to the benchmark source, assuring completeness, and managing data quality.assuring completeness, and managing data quality.
6.6. Common data elements must have a single documented Common data elements must have a single documented definition and be supported by documented business definition and be supported by documented business rules.rules.
1010
10 Guidelines of Data 10 Guidelines of Data ManagementManagement
7.7. Metadata must be readily available to all Metadata must be readily available to all authorized users of the dataauthorized users of the data
8.8. Industry standards must be consulted Industry standards must be consulted and reviewed before a new data element and reviewed before a new data element is createdis created
1111
10 Guidelines of Data 10 Guidelines of Data ManagementManagement
9.9. Data must be readily available to all Data must be readily available to all appropriate users and protected against appropriate users and protected against inappropriate access and useinappropriate access and use
10.10. Data users will use agreed upon common Data users will use agreed upon common tools and platforms throughout the enterprisetools and platforms throughout the enterprise
1212
StandardsStandards
1313
What are Standards?What are Standards?
Definition: Standard (n.) Definition: Standard (n.) “Anything “Anything recognized as correct by common recognized as correct by common consent, by approved custom, or by consent, by approved custom, or by those most competent to decide; a those most competent to decide; a model; a criterion.”model; a criterion.”
-- Webster’s New Universal Dictionary-- Webster’s New Universal Dictionary
1414
Types of StandardsTypes of Standards
Business ModelsBusiness Models– Identify All the Major Processes and Identify All the Major Processes and
RelationshipsRelationships Common Insurance TerminologyCommon Insurance Terminology Coverage and FormsCoverage and Forms Process StandardsProcess Standards
– Application Forms, Report of Injury or Application Forms, Report of Injury or Claim, Licensing, etc.Claim, Licensing, etc.
1515
Types of Standards (Continued)Types of Standards (Continued) OtherOther
– Solvency StandardsSolvency Standards– Financial Information Exchange StandardsFinancial Information Exchange Standards– Market Conduct Information StandardsMarket Conduct Information Standards– Ratemaking StandardsRatemaking Standards– Operating Data StandardsOperating Data Standards– Data Exchange/Reporting StandardsData Exchange/Reporting Standards– Data Quality StandardsData Quality Standards– Data Element and Code List DefinitionsData Element and Code List Definitions
At one time actuaries drove many of these At one time actuaries drove many of these standards.standards.
1616
Business ProcessBusiness Process
A business process is a collection of A business process is a collection of related structural activities that related structural activities that produce something of value to the produce something of value to the organization, its stake holders or its organization, its stake holders or its customers. customers.
It is, for example, the process through It is, for example, the process through which an organization realizes its which an organization realizes its services to its customers.services to its customers.
1717
Business RulesBusiness Rules
Business rules describe the Business rules describe the operations, definitions and operations, definitions and constraints that apply to an constraints that apply to an organization in achieving its goals. organization in achieving its goals.
For example a business rule might For example a business rule might state that state that no credit check is to be no credit check is to be performed on return customersperformed on return customers..
1818
Need for Industry CollaborationNeed for Industry Collaboration
Claims Management Applications
Auditing
RegulatoryCompliance
Payment transactions
Premium transactions
Broker/Insurer
Ins/Reinsurer
Claims
Submission
Reinsurer
Insurance Agency
Agent/Producer
Service Providers
RegulatoryAuthorities
Insurance Carriers
1919
Benefits of Industry Data StandardsBenefits of Industry Data Standards
Agent/Producer
InsuranceCarriers
RegulatoryAuthorities
ServiceProviders
InsuranceAgency
Reinsurer
Claims Management Applications
Regulatory Compliance
Payment transactions
Premium transactions
Broker/Insurer
Ins/Reinsurer
Claims
Submission
STANDARDS&
IMPLEMENTATIONAuditing
2020
Straight-Through-Straight-Through-
ProcessingProcessing
2121
New Processes: The Goal – Single EntryNew Processes: The Goal – Single Entry
A B
D
C
A – Form/Msg from Producer (agent/broker) to Carrier
Producer either waits for download, or does data entry to process binder, ID cards, certificates.
Producer/ agent/ Broker
Carrier
ReinsurerServic
e Provid
er
Solution Provider/Vendor
“enabler”
B – Carrier processes data, synchronizes with agency data base through download
C – Messages from Carrier to Service Providers (CLUE, MVR)
D – Data may continue along the process to be used by Reinsurers, etc.
Real Time data entry
Download
Re-use of data
2222
Straight Through Processing Straight Through Processing (STP)(STP)
The use of common, industry standard The use of common, industry standard data elements, throughout all data elements, throughout all interactions of all parties, in all interactions of all parties, in all insurance transactions or processes. insurance transactions or processes.
STP allows data to flow effortlessly STP allows data to flow effortlessly through the industry without through the industry without redefinition, mappings or translations.redefinition, mappings or translations.
2323
STP ValueSTP Value Improves data quality, utilityImproves data quality, utility
– better benchmarkingbetter benchmarking Lessens data translations, eliminates Lessens data translations, eliminates
return transactions for clarificationreturn transactions for clarification Reduces friction in insurance Reduces friction in insurance
processesprocesses Allows companies to differentiate on Allows companies to differentiate on
value addedvalue added Facilitates “plug and play” solutionsFacilitates “plug and play” solutions
2424
STP BenefitsSTP Benefits
Improved Customer RelationshipImproved Customer Relationship– Less Time ProcessingLess Time Processing
Ease of Doing Business Ease of Doing Business Retention and GrowthRetention and Growth ProfitabilityProfitability
2525
Information Quality Information Quality
and Assuranceand Assurance
2626
Data QualityData Quality
Data Quality is defined as the Data Quality is defined as the process for ensuring that data are process for ensuring that data are
fit for the use intended by fit for the use intended by measuring and improving itsmeasuring and improving its
key characteristics.key characteristics.
2727
PWC 2004 StudyPWC 2004 Study
““Data quality is at the core – if you Data quality is at the core – if you improve your data you will directly improve your data you will directly impact your overall business results.”impact your overall business results.”
Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers
2828
Managing Data & Data Quality: Managing Data & Data Quality: Guiding PrinciplesGuiding Principles
Data is a corporate assetData is a corporate asset Data should be fit for the use Data should be fit for the use
intendedintended Data should flow from underlying Data should flow from underlying
business processesbusiness processes Data quality should be managed as Data quality should be managed as
close to the source as possibleclose to the source as possible Best Practices are ever evolvingBest Practices are ever evolving
2929
Data Quality: Key CharacteristicsData Quality: Key Characteristics
Fit for its intended useFit for its intended use AccuracyAccuracy ValidityValidity Timeliness and Other Timing CriteriaTimeliness and Other Timing Criteria Completeness or EntiretyCompleteness or Entirety ReasonabilityReasonability Absence of RedundancyAbsence of Redundancy Accessibility, Availability and Accessibility, Availability and
CohesivenessCohesiveness PrivacyPrivacy
3030
Data Transparency: Key Data Transparency: Key CharacteristicsCharacteristics
Data defined and documentedData defined and documented Utility across time and sourceUtility across time and source Supports internal controls.Supports internal controls. Clear, standardized, comparable informationClear, standardized, comparable information Facilitates assessment of the health of the Facilitates assessment of the health of the
systems using the datasystems using the data Promotes better controlsPromotes better controls Improves operational and financial performanceImproves operational and financial performance Documents data elements, data element Documents data elements, data element
transformations and processestransformations and processes
3131
PWC 2004 StudyPWC 2004 Study““With over half of respondents With over half of respondents admitting they are at least ‘somewhat’ admitting they are at least ‘somewhat’ dependent on third-party data, and dependent on third-party data, and regulators pressing for greater regulators pressing for greater reliability and integrity, the need to reliability and integrity, the need to build greater general confidence in build greater general confidence in data quality is clear.”data quality is clear.”
Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers
3232
ASOP #23: Data QualityASOP #23: Data Quality
Purpose is to give guidance in:Purpose is to give guidance in:– Selecting dataSelecting data– Reviewing data for appropriateness, Reviewing data for appropriateness,
reasonableness, and reasonableness, and comprehensivenesscomprehensiveness
– Making appropriate disclosuresMaking appropriate disclosures Does not recommend that actuaries Does not recommend that actuaries
audit dataaudit data
3333
ASOP #23: Data QualityASOP #23: Data QualityConsiderations in Selection of DataConsiderations in Selection of Data
Appropriateness for intended Appropriateness for intended purposepurpose
Reasonableness, Reasonableness, comprehensiveness, and consistencycomprehensiveness, and consistency
Limitations of or modifications to Limitations of or modifications to datadata
Cost and feasibility of alternativesCost and feasibility of alternatives Sampling methodsSampling methods
3434
ASOP #23: Data QualityASOP #23: Data QualityDefinition of DataDefinition of Data
Numerical, census, or class Numerical, census, or class informationinformation
Not actuarial assumptionsNot actuarial assumptions Not computer softwareNot computer software Definition of comprehensiveDefinition of comprehensive Definition of appropriateDefinition of appropriate
3535
ASOP #23: Data QualityASOP #23: Data QualityOther ConsiderationsOther Considerations
Imperfect DataImperfect Data Reliance on OthersReliance on Others Documentation/DisclosureDocumentation/Disclosure
3636
PWC 2004 StudyPWC 2004 Study““Only 24% of those making any use of Only 24% of those making any use of third party data make any effort to third party data make any effort to measure the quality of that data, with measure the quality of that data, with most frequently cited methods most frequently cited methods including auditing/validation (25%), including auditing/validation (25%), comparison with other known data comparison with other known data (20%) and use of internal tools (15%).” (20%) and use of internal tools (15%).”
Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers
3737
PWC 2004 StudyPWC 2004 Study
Top 6 data quality initiatives:Top 6 data quality initiatives:Improve data accuracy (26%)Improve data accuracy (26%)More rigorous data management (14%)More rigorous data management (14%)System upgrade (13%)System upgrade (13%)Improving security (11%)Improving security (11%)Data standardisation (10%)Data standardisation (10%)Improving usage/analysis of data (10%) Improving usage/analysis of data (10%)
Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers
3838
Sarbanes Oxley and Sarbanes Oxley and Other RegulationsOther Regulations
3939
Accountability, Quality,Accountability, Quality, Transparency Regulations Transparency Regulations
Sarbanes Oxley Sarbanes Oxley – US law ensuring accuracy of financial data with US law ensuring accuracy of financial data with
accountability of company executivesaccountability of company executives Solvency IISolvency II
– EU proposal similar to SOX addressing financial EU proposal similar to SOX addressing financial reporting and public disclosurereporting and public disclosure
Reinsurance TransparencyReinsurance Transparency– International Association of Insurance International Association of Insurance
Supervisors working group to explore solvency Supervisors working group to explore solvency of reinsurers worldwide. Differences in data of reinsurers worldwide. Differences in data definitions are presenting a challengedefinitions are presenting a challenge
4040
What Is Sarbanes Oxley?What Is Sarbanes Oxley?
““Sarbanes-Oxley Act of 2002”Sarbanes-Oxley Act of 2002” Also known as “Public Company Accounting and Also known as “Public Company Accounting and Investor Protection Act of 2002”Investor Protection Act of 2002” Passed in response to notorious misstatements in Passed in response to notorious misstatements in financial statements (Enron, Tyco, WorldCom, etc.) financial statements (Enron, Tyco, WorldCom, etc.) Aims to correct perceived structural weaknesses in Aims to correct perceived structural weaknesses in financial reporting and corporate governance leading financial reporting and corporate governance leading to greater financial transparencyto greater financial transparency Created new regulatory body overseeing Created new regulatory body overseeing accountants auditing public companiesaccountants auditing public companies
4141
What Does It Mean?What Does It Mean?
Primarily applies to publicly traded companiesPrimarily applies to publicly traded companies Stronger, more independent Board audit Stronger, more independent Board audit
committeescommittees Greater pressure on CEO’s & CFO’s to issue Greater pressure on CEO’s & CFO’s to issue
accurate financial reportsaccurate financial reports Increased scrutiny by regulators, stockholders, Increased scrutiny by regulators, stockholders,
rating agencies and the publicrating agencies and the public Greater restrictions on activities & relationships of Greater restrictions on activities & relationships of
auditing firmsauditing firms More work . . . More work . . . LotsLots more work . . . For publicly more work . . . For publicly
traded companiestraded companies
4242
““SOX 404” RequirementsSOX 404” Requirements
Management’s annual internal control report must Management’s annual internal control report must contain:contain:• A statement of management’s responsibility for A statement of management’s responsibility for
establishing and maintaining adequate internal establishing and maintaining adequate internal
control over financial reporting for the companycontrol over financial reporting for the company• A statement identifying the framework used by A statement identifying the framework used by
management to evaluate the effectiveness of management to evaluate the effectiveness of
this internal controlthis internal control
4343
““SOX 404” Requirements (Cont.)SOX 404” Requirements (Cont.)
Management’s assessment of the effectiveness of this Management’s assessment of the effectiveness of this
internal control as of the end of the company’s most internal control as of the end of the company’s most
recent fiscal year.recent fiscal year.A statement that its auditor has issued an attestation A statement that its auditor has issued an attestation
report on management’s assessment.report on management’s assessment.
Do these requirements extend to processes and Do these requirements extend to processes and
data under the purview of the actuary?data under the purview of the actuary?
4444
A Project Approach A Project Approach
1. Establish methodology, approach and scope of project
2.Document
3.Assess
4.Monitor
5.Certify
• Develop control documentation and testing plans
• Facilitated sessions to perform quality review
• Management Annual Report on internal controls.
• Independent testing and attestation by External Auditor
• Evaluate design of controls
• Evaluate effectiveness of controls through testing and self-assessment
• Modify/Improve controls
• Remediation of any “GAPS” identified
• Validation performed of self assessment results
• Evaluate overall effectiveness
4545
Impact of “SOX” on Actuary and the Impact of “SOX” on Actuary and the Data ManagerData Manager
Processes and controlsProcesses and controls– Data control and reconciliationData control and reconciliation– Systems testingSystems testing– Testing and assessmentTesting and assessment
Data Quality and Data TransparencyData Quality and Data Transparency are keyare key
DocumentationDocumentation
4646
Impact of “SOX” on Actuary and the Data Impact of “SOX” on Actuary and the Data ManagerManager
Strategic PlanningStrategic Planning– Ensure that proper controls and framework are Ensure that proper controls and framework are
built into long range strategiesbuilt into long range strategies– The use of industry standards encourages the The use of industry standards encourages the
use of consistent methodologies across the use of consistent methodologies across the enterpriseenterprise
– Good long range strategies result on better Good long range strategies result on better data quality and data transparencydata quality and data transparency
4747
Impact of “SOX” on Actuary and the Impact of “SOX” on Actuary and the Data ManagerData Manager
ComplianceCompliance– Ongoing efforts to meet Ongoing efforts to meet
compliance requirements results in compliance requirements results in higher confidence that proper higher confidence that proper controls are in place controls are in place
– Meeting compliance requirements Meeting compliance requirements results in better data qualityresults in better data quality
4848
Impact of “SOX” on Actuary and the Impact of “SOX” on Actuary and the Data ManagerData Manager
The importance and visibility of Data The importance and visibility of Data Management among senior executives and Management among senior executives and regulators has increased.regulators has increased.
The importance of Data as an important The importance of Data as an important corporate resources has increased.corporate resources has increased.
The contribution of Data Management to proper The contribution of Data Management to proper data and process control is more widely data and process control is more widely recognized.recognized.
The demand for data quality has increased. The demand for data quality has increased.
4949
References, Resources & StudiesReferences, Resources & Studies Celent “ACORD XML Standards in US Celent “ACORD XML Standards in US
Insurance”: www.celent.com or www.acord.orgInsurance”: www.celent.com or www.acord.org IDMA: www.idma.orgIDMA: www.idma.org PWC “Global Data Management Survey 2004” PWC “Global Data Management Survey 2004”
and “Global Data Management Survey 2001” : and “Global Data Management Survey 2001” : www.pwcglobal.comwww.pwcglobal.com
Gartner Research: www4.gartner.comGartner Research: www4.gartner.com TDWI “Data Quality and the Bottom Line”: TDWI “Data Quality and the Bottom Line”:
www.dw-institute.comwww.dw-institute.com CIO Magazine: “Wash Me: Dirty Data …” 2-15-CIO Magazine: “Wash Me: Dirty Data …” 2-15-
01 edition, www.cio.com01 edition, www.cio.com
5050
PWC 2004 StudyPWC 2004 Study““It is one thing to address mounting It is one thing to address mounting privacy and regulatory requirements privacy and regulatory requirements with a tactical update to control with a tactical update to control processes – it is quite another to step out processes – it is quite another to step out ahead of the industry and gain ahead of the industry and gain competitive advantage… The key is to competitive advantage… The key is to understand the impact data is having on understand the impact data is having on your business and do something about your business and do something about it.”it.”
Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers
5151
Questions and Questions and CommentaryCommentary