the actuary and enterprise data strategies cas may 2006 part ii: how do we get there?

The Actuary and The Actuary and Enterprise Data Enterprise Data

StrategiesStrategies CAS MAY 2006CAS MAY 2006

Part II: How Do We Get There?Part II: How Do We Get There?

22

AgendaAgenda

Data Management Best Practices and Data Management Best Practices and GuidelinesGuidelines

Standards Standards Straight-Through-ProcessingStraight-Through-Processing Information Quality and Assurance Information Quality and Assurance Sarbanes-Oxley and other Sarbanes-Oxley and other

RegulationsRegulations Questions and CommentaryQuestions and Commentary

PanelistsPanelists

Pete Marotta, ISOPete Marotta, ISO Gary Knoble, USABFS Gary Knoble, USABFS Bruce Tollefson, MN WC Rating BureauBruce Tollefson, MN WC Rating Bureau Christine Siekierski, WI Comp. Rating Christine Siekierski, WI Comp. Rating

BureauBureau Art Cadorine, ISOArt Cadorine, ISO

44

Data Management Best Data Management Best Practices and GuidelinesPractices and Guidelines

55

Data Management Best PracticesData Management Best Practices

Data StewardshipData Stewardship – establish a corporate – establish a corporate data steward data steward

Data and Data Quality StandardsData and Data Quality Standards – – foster the development and adoption of foster the development and adoption of data and data quality standardsdata and data quality standards

Organizational Issues – structure Organizational Issues – structure organization to promote good data organization to promote good data management and data qualitymanagement and data quality

66

Data Management Best PracticesData Management Best Practices

Operations and Processes – establish Operations and Processes – establish processes to maximize data quality and processes to maximize data quality and utilityutility

Data Element Development and Data Element Development and SpecificationSpecification – design and maintain – design and maintain data, systems and reporting data, systems and reporting mechanisms in a manner that promotes mechanisms in a manner that promotes good data management and data good data management and data qualityquality

77

10 Guidelines of Data 10 Guidelines of Data ManagementManagement

1.1. Data must be fit for the intended business use. Data must be fit for the intended business use.

2.2. Data should be obtained from the authoritative Data should be obtained from the authoritative and appropriate source.and appropriate source.

88


3.3. Data should be input only once and edited, Data should be input only once and edited, validated, and corrected at the point of entry. validated, and corrected at the point of entry.

4.4. Data should be captured and stored as Data should be captured and stored as informational values, not codes.informational values, not codes.

99


5.5. Data should have a different steward responsible for Data should have a different steward responsible for defining the data, identifying and enforcing the business defining the data, identifying and enforcing the business rules, reconciling the data to the benchmark source, rules, reconciling the data to the benchmark source, assuring completeness, and managing data quality.assuring completeness, and managing data quality.

6.6. Common data elements must have a single documented Common data elements must have a single documented definition and be supported by documented business definition and be supported by documented business rules.rules.

1010


7.7. Metadata must be readily available to all Metadata must be readily available to all authorized users of the dataauthorized users of the data

8.8. Industry standards must be consulted Industry standards must be consulted and reviewed before a new data element and reviewed before a new data element is createdis created

1111


9.9. Data must be readily available to all Data must be readily available to all appropriate users and protected against appropriate users and protected against inappropriate access and useinappropriate access and use

10.10. Data users will use agreed upon common Data users will use agreed upon common tools and platforms throughout the enterprisetools and platforms throughout the enterprise

1212

StandardsStandards

1313

What are Standards?What are Standards?

Definition: Standard (n.) Definition: Standard (n.) “Anything “Anything recognized as correct by common recognized as correct by common consent, by approved custom, or by consent, by approved custom, or by those most competent to decide; a those most competent to decide; a model; a criterion.”model; a criterion.”

-- Webster’s New Universal Dictionary-- Webster’s New Universal Dictionary

1414

Types of StandardsTypes of Standards

Business ModelsBusiness Models– Identify All the Major Processes and Identify All the Major Processes and

RelationshipsRelationships Common Insurance TerminologyCommon Insurance Terminology Coverage and FormsCoverage and Forms Process StandardsProcess Standards

– Application Forms, Report of Injury or Application Forms, Report of Injury or Claim, Licensing, etc.Claim, Licensing, etc.

1515

Types of Standards (Continued)Types of Standards (Continued) OtherOther

– Solvency StandardsSolvency Standards– Financial Information Exchange StandardsFinancial Information Exchange Standards– Market Conduct Information StandardsMarket Conduct Information Standards– Ratemaking StandardsRatemaking Standards– Operating Data StandardsOperating Data Standards– Data Exchange/Reporting StandardsData Exchange/Reporting Standards– Data Quality StandardsData Quality Standards– Data Element and Code List DefinitionsData Element and Code List Definitions

At one time actuaries drove many of these At one time actuaries drove many of these standards.standards.

1616

Business ProcessBusiness Process

A business process is a collection of A business process is a collection of related structural activities that related structural activities that produce something of value to the produce something of value to the organization, its stake holders or its organization, its stake holders or its customers. customers.

It is, for example, the process through It is, for example, the process through which an organization realizes its which an organization realizes its services to its customers.services to its customers.

1717

Business RulesBusiness Rules

Business rules describe the Business rules describe the operations, definitions and operations, definitions and constraints that apply to an constraints that apply to an organization in achieving its goals. organization in achieving its goals.

For example a business rule might For example a business rule might state that state that no credit check is to be no credit check is to be performed on return customersperformed on return customers..

1818

Need for Industry CollaborationNeed for Industry Collaboration

Claims Management Applications

Auditing

RegulatoryCompliance

Payment transactions

Premium transactions

Broker/Insurer

Ins/Reinsurer

Claims

Submission

Reinsurer

Insurance Agency

Agent/Producer

Service Providers

RegulatoryAuthorities

Insurance Carriers

1919

Benefits of Industry Data StandardsBenefits of Industry Data Standards

Agent/Producer

InsuranceCarriers

RegulatoryAuthorities

ServiceProviders

InsuranceAgency

Reinsurer

Claims Management Applications

Regulatory Compliance

Payment transactions

Premium transactions

Broker/Insurer

Ins/Reinsurer

Claims

Submission

STANDARDS&

IMPLEMENTATIONAuditing

2020

Straight-Through-Straight-Through-

ProcessingProcessing

2121

New Processes: The Goal – Single EntryNew Processes: The Goal – Single Entry

A B

D

C

A – Form/Msg from Producer (agent/broker) to Carrier

Producer either waits for download, or does data entry to process binder, ID cards, certificates.

Producer/ agent/ Broker

Carrier

ReinsurerServic

e Provid

er

Solution Provider/Vendor

“enabler”

B – Carrier processes data, synchronizes with agency data base through download

C – Messages from Carrier to Service Providers (CLUE, MVR)

D – Data may continue along the process to be used by Reinsurers, etc.

Real Time data entry

Download

Re-use of data

2222

Straight Through Processing Straight Through Processing (STP)(STP)

The use of common, industry standard The use of common, industry standard data elements, throughout all data elements, throughout all interactions of all parties, in all interactions of all parties, in all insurance transactions or processes. insurance transactions or processes.

STP allows data to flow effortlessly STP allows data to flow effortlessly through the industry without through the industry without redefinition, mappings or translations.redefinition, mappings or translations.

2323

STP ValueSTP Value Improves data quality, utilityImproves data quality, utility

– better benchmarkingbetter benchmarking Lessens data translations, eliminates Lessens data translations, eliminates

return transactions for clarificationreturn transactions for clarification Reduces friction in insurance Reduces friction in insurance

processesprocesses Allows companies to differentiate on Allows companies to differentiate on

value addedvalue added Facilitates “plug and play” solutionsFacilitates “plug and play” solutions

2424

STP BenefitsSTP Benefits

Improved Customer RelationshipImproved Customer Relationship– Less Time ProcessingLess Time Processing

Ease of Doing Business Ease of Doing Business Retention and GrowthRetention and Growth ProfitabilityProfitability

2525

Information Quality Information Quality

and Assuranceand Assurance

2626

Data QualityData Quality

Data Quality is defined as the Data Quality is defined as the process for ensuring that data are process for ensuring that data are

fit for the use intended by fit for the use intended by measuring and improving itsmeasuring and improving its

key characteristics.key characteristics.

2727

PWC 2004 StudyPWC 2004 Study

““Data quality is at the core – if you Data quality is at the core – if you improve your data you will directly improve your data you will directly impact your overall business results.”impact your overall business results.”

Global Data Management Survey 2004, Global Data Management Survey 2004, PriceWaterhouseCoopersPriceWaterhouseCoopers

2828

Managing Data & Data Quality: Managing Data & Data Quality: Guiding PrinciplesGuiding Principles

Data is a corporate assetData is a corporate asset Data should be fit for the use Data should be fit for the use

intendedintended Data should flow from underlying Data should flow from underlying

business processesbusiness processes Data quality should be managed as Data quality should be managed as

close to the source as possibleclose to the source as possible Best Practices are ever evolvingBest Practices are ever evolving

2929

Data Quality: Key CharacteristicsData Quality: Key Characteristics

Fit for its intended useFit for its intended use AccuracyAccuracy ValidityValidity Timeliness and Other Timing CriteriaTimeliness and Other Timing Criteria Completeness or EntiretyCompleteness or Entirety ReasonabilityReasonability Absence of RedundancyAbsence of Redundancy Accessibility, Availability and Accessibility, Availability and

CohesivenessCohesiveness PrivacyPrivacy

3030

Data Transparency: Key Data Transparency: Key CharacteristicsCharacteristics

Data defined and documentedData defined and documented Utility across time and sourceUtility across time and source Supports internal controls.Supports internal controls. Clear, standardized, comparable informationClear, standardized, comparable information Facilitates assessment of the health of the Facilitates assessment of the health of the

systems using the datasystems using the data Promotes better controlsPromotes better controls Improves operational and financial performanceImproves operational and financial performance Documents data elements, data element Documents data elements, data element

transformations and processestransformations and processes

3131

PWC 2004 StudyPWC 2004 Study““With over half of respondents With over half of respondents admitting they are at least ‘somewhat’ admitting they are at least ‘somewhat’ dependent on third-party data, and dependent on third-party data, and regulators pressing for greater regulators pressing for greater reliability and integrity, the need to reliability and integrity, the need to build greater general confidence in build greater general confidence in data quality is clear.”data quality is clear.”


3232

ASOP #23: Data QualityASOP #23: Data Quality

Purpose is to give guidance in:Purpose is to give guidance in:– Selecting dataSelecting data– Reviewing data for appropriateness, Reviewing data for appropriateness,

reasonableness, and reasonableness, and comprehensivenesscomprehensiveness

– Making appropriate disclosuresMaking appropriate disclosures Does not recommend that actuaries Does not recommend that actuaries

audit dataaudit data

3333

ASOP #23: Data QualityASOP #23: Data QualityConsiderations in Selection of DataConsiderations in Selection of Data

Appropriateness for intended Appropriateness for intended purposepurpose

Reasonableness, Reasonableness, comprehensiveness, and consistencycomprehensiveness, and consistency

Limitations of or modifications to Limitations of or modifications to datadata

Cost and feasibility of alternativesCost and feasibility of alternatives Sampling methodsSampling methods

3434

ASOP #23: Data QualityASOP #23: Data QualityDefinition of DataDefinition of Data

Numerical, census, or class Numerical, census, or class informationinformation

Not actuarial assumptionsNot actuarial assumptions Not computer softwareNot computer software Definition of comprehensiveDefinition of comprehensive Definition of appropriateDefinition of appropriate

3535

ASOP #23: Data QualityASOP #23: Data QualityOther ConsiderationsOther Considerations

Imperfect DataImperfect Data Reliance on OthersReliance on Others Documentation/DisclosureDocumentation/Disclosure

3636

PWC 2004 StudyPWC 2004 Study““Only 24% of those making any use of Only 24% of those making any use of third party data make any effort to third party data make any effort to measure the quality of that data, with measure the quality of that data, with most frequently cited methods most frequently cited methods including auditing/validation (25%), including auditing/validation (25%), comparison with other known data comparison with other known data (20%) and use of internal tools (15%).” (20%) and use of internal tools (15%).”


3737

PWC 2004 StudyPWC 2004 Study

Top 6 data quality initiatives:Top 6 data quality initiatives:Improve data accuracy (26%)Improve data accuracy (26%)More rigorous data management (14%)More rigorous data management (14%)System upgrade (13%)System upgrade (13%)Improving security (11%)Improving security (11%)Data standardisation (10%)Data standardisation (10%)Improving usage/analysis of data (10%) Improving usage/analysis of data (10%)


3838

Sarbanes Oxley and Sarbanes Oxley and Other RegulationsOther Regulations

3939

Accountability, Quality,Accountability, Quality, Transparency Regulations Transparency Regulations

Sarbanes Oxley Sarbanes Oxley – US law ensuring accuracy of financial data with US law ensuring accuracy of financial data with

accountability of company executivesaccountability of company executives Solvency IISolvency II

– EU proposal similar to SOX addressing financial EU proposal similar to SOX addressing financial reporting and public disclosurereporting and public disclosure

Reinsurance TransparencyReinsurance Transparency– International Association of Insurance International Association of Insurance

Supervisors working group to explore solvency Supervisors working group to explore solvency of reinsurers worldwide. Differences in data of reinsurers worldwide. Differences in data definitions are presenting a challengedefinitions are presenting a challenge

4040

What Is Sarbanes Oxley?What Is Sarbanes Oxley?

““Sarbanes-Oxley Act of 2002”Sarbanes-Oxley Act of 2002” Also known as “Public Company Accounting and Also known as “Public Company Accounting and Investor Protection Act of 2002”Investor Protection Act of 2002” Passed in response to notorious misstatements in Passed in response to notorious misstatements in financial statements (Enron, Tyco, WorldCom, etc.) financial statements (Enron, Tyco, WorldCom, etc.) Aims to correct perceived structural weaknesses in Aims to correct perceived structural weaknesses in financial reporting and corporate governance leading financial reporting and corporate governance leading to greater financial transparencyto greater financial transparency Created new regulatory body overseeing Created new regulatory body overseeing accountants auditing public companiesaccountants auditing public companies

4141

What Does It Mean?What Does It Mean?

Primarily applies to publicly traded companiesPrimarily applies to publicly traded companies Stronger, more independent Board audit Stronger, more independent Board audit

committeescommittees Greater pressure on CEO’s & CFO’s to issue Greater pressure on CEO’s & CFO’s to issue

accurate financial reportsaccurate financial reports Increased scrutiny by regulators, stockholders, Increased scrutiny by regulators, stockholders,

rating agencies and the publicrating agencies and the public Greater restrictions on activities & relationships of Greater restrictions on activities & relationships of

auditing firmsauditing firms More work . . . More work . . . LotsLots more work . . . For publicly more work . . . For publicly

traded companiestraded companies

4242

““SOX 404” RequirementsSOX 404” Requirements

Management’s annual internal control report must Management’s annual internal control report must contain:contain:• A statement of management’s responsibility for A statement of management’s responsibility for

establishing and maintaining adequate internal establishing and maintaining adequate internal

control over financial reporting for the companycontrol over financial reporting for the company• A statement identifying the framework used by A statement identifying the framework used by

management to evaluate the effectiveness of management to evaluate the effectiveness of

this internal controlthis internal control

4343

““SOX 404” Requirements (Cont.)SOX 404” Requirements (Cont.)

Management’s assessment of the effectiveness of this Management’s assessment of the effectiveness of this

internal control as of the end of the company’s most internal control as of the end of the company’s most

recent fiscal year.recent fiscal year.A statement that its auditor has issued an attestation A statement that its auditor has issued an attestation

report on management’s assessment.report on management’s assessment.

Do these requirements extend to processes and Do these requirements extend to processes and

data under the purview of the actuary?data under the purview of the actuary?

4444

A Project Approach A Project Approach

1. Establish methodology, approach and scope of project

2.Document

3.Assess

4.Monitor

5.Certify

• Develop control documentation and testing plans

• Facilitated sessions to perform quality review

• Management Annual Report on internal controls.

• Independent testing and attestation by External Auditor

• Evaluate design of controls

• Evaluate effectiveness of controls through testing and self-assessment

• Modify/Improve controls

• Remediation of any “GAPS” identified

• Validation performed of self assessment results

• Evaluate overall effectiveness

4545

Impact of “SOX” on Actuary and the Impact of “SOX” on Actuary and the Data ManagerData Manager

Processes and controlsProcesses and controls– Data control and reconciliationData control and reconciliation– Systems testingSystems testing– Testing and assessmentTesting and assessment

Data Quality and Data TransparencyData Quality and Data Transparency are keyare key

DocumentationDocumentation

4646

Impact of “SOX” on Actuary and the Data Impact of “SOX” on Actuary and the Data ManagerManager

Strategic PlanningStrategic Planning– Ensure that proper controls and framework are Ensure that proper controls and framework are

built into long range strategiesbuilt into long range strategies– The use of industry standards encourages the The use of industry standards encourages the

use of consistent methodologies across the use of consistent methodologies across the enterpriseenterprise

– Good long range strategies result on better Good long range strategies result on better data quality and data transparencydata quality and data transparency

4747


ComplianceCompliance– Ongoing efforts to meet Ongoing efforts to meet

compliance requirements results in compliance requirements results in higher confidence that proper higher confidence that proper controls are in place controls are in place

– Meeting compliance requirements Meeting compliance requirements results in better data qualityresults in better data quality

4848


The importance and visibility of Data The importance and visibility of Data Management among senior executives and Management among senior executives and regulators has increased.regulators has increased.

The importance of Data as an important The importance of Data as an important corporate resources has increased.corporate resources has increased.

The contribution of Data Management to proper The contribution of Data Management to proper data and process control is more widely data and process control is more widely recognized.recognized.

The demand for data quality has increased. The demand for data quality has increased.

4949

References, Resources & StudiesReferences, Resources & Studies Celent “ACORD XML Standards in US Celent “ACORD XML Standards in US

Insurance”: www.celent.com or www.acord.orgInsurance”: www.celent.com or www.acord.org IDMA: www.idma.orgIDMA: www.idma.org PWC “Global Data Management Survey 2004” PWC “Global Data Management Survey 2004”

and “Global Data Management Survey 2001” : and “Global Data Management Survey 2001” : www.pwcglobal.comwww.pwcglobal.com

Gartner Research: www4.gartner.comGartner Research: www4.gartner.com TDWI “Data Quality and the Bottom Line”: TDWI “Data Quality and the Bottom Line”:

www.dw-institute.comwww.dw-institute.com CIO Magazine: “Wash Me: Dirty Data …” 2-15-CIO Magazine: “Wash Me: Dirty Data …” 2-15-

01 edition, www.cio.com01 edition, www.cio.com

5050

PWC 2004 StudyPWC 2004 Study““It is one thing to address mounting It is one thing to address mounting privacy and regulatory requirements privacy and regulatory requirements with a tactical update to control with a tactical update to control processes – it is quite another to step out processes – it is quite another to step out ahead of the industry and gain ahead of the industry and gain competitive advantage… The key is to competitive advantage… The key is to understand the impact data is having on understand the impact data is having on your business and do something about your business and do something about it.”it.”


5151

Questions and Questions and CommentaryCommentary