Boston — The rise of government-mandated compliance regulations, coupled with the increasing need to safeguard sensitive data, is forcing organizations to reconsider how their data is stored, accessed, secured and managed, according to research from Boston-based research firm,
“One of the biggest differences between the insurance industry and others, particularly those outside the financial services realm, is the sheer number of governmental and industry-specific regulatory requirements they must comply with,” says Stephen Walker, research associate at Aberdeen and author of the report. “Addressing these compliance requirements is especially problematic for large insurers. In addition to complex overarching federal regulations, individual states have their own requirements that differ, often dramatically, depending on a variety of factors. It’s common for a mid- to large-size insurer to have to adjust to hundreds of new regulations a month, while continuing to comply with existing regulations.”
Survey results showed the importance an organization places on the various features provided by a governance, risk and compliance (GRC) solution can vary, sometimes significantly, given the individual goals of that organization. However, respondents identified some features, such as automated processes for risk analysis and management, and the ability to align IT policy, risk and operations management with business initiatives, as most important when deciding whether to invest in a GRC solution.
When asked what organizations need in a GRC solution, 42% of respondents said a risk analysis and management program; 34% said automated process for identifying, measuring and monitoring operational risk; 32% said feature aligning IT policy, risk and operations management with business initiatives; 29% said documented policies and procedures; and 22% said business functionality and modeling.
Previous Aberdeen research concludes that only 41% of organizations have had a mature governance and risk management program in place for more than 12 months, and 22% have no formal program in place. There are numerous benefits of a comprehensive GRC initiative. However, getting there is neither simple nor inexpensive, according to the report.
The report provides a roadmap to help organizations initiate a GRC framework or evaluate the current status of their GRC initiative and gain insight on the path that initiative can take to augment and proactively advance their business goals. Highlights include:
•Thoroughly evaluate the forward-thinking business goals on which your organization is focusing.
•Develop a clear picture of the current problems facing your organization and potential future stumbling blocks.
•Evaluate the current state of your organization’s internal capabilities and structure.
•Evaluate potential providers on their ability to alleviate current problems.
•Map the capabilities of the potential provider back to the business goals your organization will be focusing on in the future.
•Determine whether the potential provider offers integration and/or convergence as part of their solution.
“Incorporating an effective, scalable and comprehensive GRC program, with the right mix of compliance and risk management technology tools, offers an insurer the ability to not only meet current regulatory mandates, but also provides the flexibility to eff iently adapt to both changes in existing regulations and entirely new mandates,” Walker says. “From a high-level business standpoint, an enterprisewide integrated compliance framework eliminates time-consuming redundant processes and controls, streamlines the costly and formerly siloed activities, and enables the insurer to devote more time and resources toward the revenue generating aspects of the business.”
Source: Aberdeen Group Inc.
Exclusive content available only on InsuranceNetworking.com
