The convergence of risk management, compliance and governance processes is a challenge, but offers tremendous opportunities, according to New York-based Ernst & Young (E&Y). Looking at details from the advisory firm’s recently released study, “Managing Information Technology Risk—A Global Survey for the Financial Services Industry,” many insurance companies are recognizing the need to better integrate information technology (IT) risk management with their overall risk management programs and processes.
The survey, conducted by the Economist Intelligence Unit on behalf of E&Y, polled 145 senior executives whose roles incorporate both risk management and information technology. Life insurance executives comprised 34.5% of those polled, while 27.6% classified themselves as non-life and 16.6% as reinsurance.
The goal of convergence, says E&Y, is to design a program, organization and processes to better manage risk through adequate measures and monitoring methods on a sustainable, consistent and transparent basis. This should lead insurers toward a holistic, enterprisewide view of risk and compliance, affording carriers the ability to consistently apply risk management principles and best practices. Because of this, E&Y believes insurers can aggregate this information to create an integrated risk management view while still allowing different functional areas their individual views, enabling them to better manage their more granular, specific risks.
In order to succeed, the report finds that insurers need to establish a common risk taxonomy across the enterprise, which, ultimately, will lead to a common understanding of IT risks and controls throughout the company.
(c) 2008 Insurance Networking News and SourceMedia, Inc. All Rights Reserved.
