The Actuary and
Enterprise Data
Strategies
CAS MAY 2006
Part II: How Do We Get
There?
Agenda
 Data
Management Best Practices and
Guidelines
 Standards
 Straight-Through-Processing
 Information Quality and Assurance
 Sarbanes-Oxley and other
Regulations
 Questions and Commentary
2
Panelists
Pete Marotta, ISO
 Gary Knoble, USABFS
 Bruce Tollefson, MN WC Rating Bureau
 Christine Siekierski, WI Comp. Rating
Bureau
 Art Cadorine, ISO

Data Management Best
Practices and Guidelines
4
Data Management Best Practices
Data Stewardship – establish a corporate
data steward
 Data and Data Quality Standards –
foster the development and adoption of
data and data quality standards
 Organizational Issues – structure
organization to promote good data
management and data quality

5
Data Management Best Practices
 Operations
and Processes –
establish processes to maximize
data quality and utility
 Data Element Development and
Specification – design and
maintain data, systems and
reporting mechanisms in a manner
that promotes good data
management and data quality
6
10 Guidelines of Data
Management
1.
2.
Data must be fit for the intended
business use.
Data should be obtained from the
authoritative and appropriate
source.
7
10 Guidelines of Data
Management
3.
4.
Data should be input only once
and edited, validated, and
corrected at the point of entry.
Data should be captured and
stored as informational values, not
codes.
8
10 Guidelines of Data
Management
5.
6.
Data should have a different steward
responsible for defining the data,
identifying and enforcing the business
rules, reconciling the data to the
benchmark source, assuring
completeness, and managing data quality.
Common data elements must have a
single documented definition and be
supported by documented business rules.
9
10 Guidelines of Data
Management
7.
8.
Metadata must be readily available to all
authorized users of the data
Industry standards must be consulted
and reviewed before a new data element
is created
10
10 Guidelines of Data
Management
9.
10.
Data must be readily available to all
appropriate users and protected against
inappropriate access and use
Data users will use agreed upon common
tools and platforms throughout the
enterprise
11
Standards
12
What are Standards?
Definition: Standard (n.)
“Anything recognized as
correct by common consent,
by approved custom, or by
those most competent to
decide; a model; a criterion.”
-- Webster’s New Universal Dictionary
13
Types of Standards
 Business
Models
– Identify All the Major Processes and
Relationships
 Common
Insurance Terminology
 Coverage and Forms
 Process Standards
– Application Forms, Report of Injury or
Claim, Licensing, etc.
14
Types of Standards (Continued)

Other
– Solvency Standards
– Financial Information Exchange Standards
– Market Conduct Information Standards
– Ratemaking Standards
– Operating Data Standards
– Data Exchange/Reporting Standards
– Data Quality Standards
– Data Element and Code List Definitions
At one time actuaries drove many of these
standards.
15
Business Process
A business process is a collection of
related structural activities that
produce something of value to the
organization, its stake holders or its
customers.
It is, for example, the process
through which an organization
realizes its services to its customers.
16
Business Rules
Business rules describe the
operations, definitions and
constraints that apply to an
organization in achieving its goals.
For example a business rule might
state that no credit check is to be
performed on return customers.
17
Need for Industry Collaboration
Submission
Insurance
Carriers
Broker/Insurer
Regulatory
Compliance
Ins/Reinsurer
Claims
Regulatory
Authorities
Reinsurer
Claims
Management
Applications
Auditing
Insurance
Agency
Premium
transactions
Payment
transactions
Service
Providers
Agent/
Producer
18
Benefits of Industry Data Standards
Submission
Insurance
Carriers
Regulatory
Compliance
Broker/Insurer
Ins/Reinsurer
Reinsurer
Claims
Management
Applications
Insurance
Agency
Claims
Regulatory
Authorities
STANDARDS
&
IMPLEMENTATION
Premium
transactions
Payment
transactions
Auditing
Service
Providers
Agent/
Producer
19
Straight-ThroughProcessing
20
New Processes: The Goal – Single Entry
A
Real Time
data entry
B
Download
Solution
Carrier
Provider/Vendor
B – Carrier processes data,
synchronizes with agency data base
through download
Producer/
agent/
Broker
A – Form/Msg from Producer
(agent/broker) to Carrier
Producer either waits for download,
or does data entry to process binder,
ID cards, certificates.
Re-use of
data
“enabler”
Service
Provide
r
Reinsurer
C
D
D – Data may continue along the process
to be used by Reinsurers, etc.
C – Messages from Carrier to Service
Providers (CLUE, MVR)
21
Straight Through Processing
(STP)
The
use of common, industry standard
data elements, throughout all
interactions of all parties, in all
insurance transactions or processes.
STP allows data to flow effortlessly
through the industry without
redefinition, mappings or translations.
22
STP Value
 Improves
data quality, utility
– better benchmarking
 Lessens
data translations, eliminates
return transactions for clarification
 Reduces friction in insurance
processes
 Allows companies to differentiate on
value added
 Facilitates “plug and play” solutions
23
STP Benefits
 Improved
Customer Relationship
– Less Time Processing
 Ease
of Doing Business
 Retention and Growth
 Profitability
24
Information Quality
and Assurance
25
Data Quality
Data Quality is defined as the
process for ensuring that data are
fit for the use intended by
measuring and improving its
key characteristics.
26
PWC 2004 Study
“Data quality is at the core – if you
improve your data you will directly
impact your overall business results.”
Global Data Management Survey 2004,
PriceWaterhouseCoopers
27
Managing Data & Data Quality:
Guiding Principles
 Data
is a corporate asset
 Data should be fit for the use
intended
 Data should flow from underlying
business processes
 Data quality should be managed as
close to the source as possible
 Best Practices are ever evolving
28
Data Quality: Key Characteristics
Fit for its intended use
 Accuracy
 Validity
 Timeliness and Other Timing Criteria
 Completeness or Entirety
 Reasonability
 Absence of Redundancy
 Accessibility, Availability and
Cohesiveness
 Privacy
29
Data Transparency: Key Characteristics








Data defined and documented
Utility across time and source
Supports internal controls.
Clear, standardized, comparable information
Facilitates assessment of the health of the
systems using the data
Promotes better controls
Improves operational and financial performance
Documents data elements, data element
transformations and processes
30
PWC 2004 Study
“With over half of respondents
admitting they are at least ‘somewhat’
dependent on third-party data, and
regulators pressing for greater
reliability and integrity, the need to
build greater general confidence in data
quality is clear.”
Global Data Management Survey 2004,
PriceWaterhouseCoopers
31
ASOP #23: Data Quality
 Purpose
is to give guidance in:
– Selecting data
– Reviewing data for appropriateness,
reasonableness, and
comprehensiveness
– Making appropriate disclosures
 Does
not recommend that actuaries
audit data
32
ASOP #23: Data Quality
Considerations in Selection of Data
 Appropriateness
for intended
purpose
 Reasonableness, comprehensiveness,
and consistency
 Limitations of or modifications to
data
 Cost and feasibility of alternatives
 Sampling methods
33
ASOP #23: Data Quality
Definition of Data
 Numerical,
census, or class
information
 Not actuarial assumptions
 Not computer software
 Definition of comprehensive
 Definition of appropriate
34
ASOP #23: Data Quality
Other Considerations
 Imperfect
Data
 Reliance on Others
 Documentation/Disclosure
35
PWC 2004 Study
“Only 24% of those making any use of
third party data make any effort to
measure the quality of that data, with
most frequently cited methods
including auditing/validation (25%),
comparison with other known data
(20%) and use of internal tools
(15%).”
Global Data Management Survey 2004,
PriceWaterhouseCoopers
36
PWC 2004 Study
Top 6 data quality initiatives:
Improve data accuracy (26%)
More rigorous data management (14%)
System upgrade (13%)
Improving security (11%)
Data standardisation (10%)
Improving usage/analysis of data (10%)
Global Data Management Survey 2004,
PriceWaterhouseCoopers
37
Sarbanes Oxley and
Other Regulations
38
Accountability, Quality,
Transparency Regulations



Sarbanes Oxley
– US law ensuring accuracy of financial data with
accountability of company executives
Solvency II
– EU proposal similar to SOX addressing financial
reporting and public disclosure
Reinsurance Transparency
– International Association of Insurance
Supervisors working group to explore solvency
of reinsurers worldwide. Differences in data
definitions are presenting a challenge
39
What Is Sarbanes Oxley?
“Sarbanes-Oxley Act of 2002”
 Also known as “Public Company Accounting
and
Investor Protection Act of 2002”
 Passed in response to notorious misstatements in
financial statements (Enron, Tyco, WorldCom, etc.)
 Aims to correct perceived structural weaknesses in
financial reporting and corporate governance leading
to greater financial transparency
 Created new regulatory body overseeing
accountants auditing public companies

40
What Does It Mean?






Primarily applies to publicly traded companies
Stronger, more independent Board audit
committees
Greater pressure on CEO’s & CFO’s to issue
accurate financial reports
Increased scrutiny by regulators, stockholders,
rating agencies and the public
Greater restrictions on activities & relationships
of auditing firms
More work . . . Lots more work . . . For
publicly traded companies
41
“SOX 404” Requirements
Management’s annual internal control report must
contain:
• A statement of management’s responsibility for
establishing and maintaining adequate internal
control over financial reporting for the company
• A statement identifying the framework used by
management to evaluate the effectiveness of
this internal control
42
“SOX 404” Requirements (Cont.)
 Management’s assessment of the effectiveness of this
internal control as of the end of the company’s most
recent fiscal year.
 A statement that its auditor has issued an attestation
report on management’s assessment.
Do these requirements extend to processes and
data under the purview of the actuary?
43
A Project Approach
1. Establish methodology, approach and scope of project
2.
Document
• Develop control
documentation
and testing
plans
• Facilitated
sessions to
perform quality
review
3.
Assess
• Evaluate design
of controls
• Evaluate
effectiveness
of controls
through testing
and selfassessment
• Modify/Improve
controls
4.
Monitor
• Remediation of
any “GAPS”
identified
• Validation
performed of
self assessment
results
• Evaluate overall
effectiveness
5.
Certify
• Management
Annual Report
on internal
controls.
• Independent
testing and
attestation by
External Auditor
44
Impact of “SOX” on Actuary and the
Data Manager
 Processes
and controls
– Data control and reconciliation
– Systems testing
– Testing and assessment
 Data
Quality and Data Transparency
are key
 Documentation
45
Impact of “SOX” on Actuary and the Data
Manager

Strategic Planning
– Ensure that proper controls and framework
are built into long range strategies
– The use of industry standards encourages the
use of consistent methodologies across the
enterprise
– Good long range strategies result on better
data quality and data transparency
46
Impact of “SOX” on Actuary and the
Data Manager
 Compliance
–Ongoing efforts to meet
compliance requirements results in
higher confidence that proper
controls are in place
–Meeting compliance requirements
results in better data quality
47
Impact of “SOX” on Actuary and the
Data Manager




The importance and visibility of Data
Management among senior executives and
regulators has increased.
The importance of Data as an important
corporate resources has increased.
The contribution of Data Management to proper
data and process control is more widely
recognized.
The demand for data quality has increased.
48
References, Resources & Studies






Celent “ACORD XML Standards in US
Insurance”: www.celent.com or
www.acord.org
IDMA: www.idma.org
PWC “Global Data Management Survey 2004”
and “Global Data Management Survey 2001” :
www.pwcglobal.com
Gartner Research: www4.gartner.com
TDWI “Data Quality and the Bottom Line”:
www.dw-institute.com
CIO Magazine: “Wash Me: Dirty Data …” 2-1501 edition, www.cio.com
49
PWC 2004 Study
“It is one thing to address mounting
privacy and regulatory requirements
with a tactical update to control
processes – it is quite another to step
out ahead of the industry and gain
competitive advantage… The key is to
understand the impact data is having
on your business and do something
about it.”
Global Data Management Survey 2004,
PriceWaterhouseCoopers
50
Questions and
Commentary
51