by Carl Casserly
Do compliance managers have special super powers that compel every employee within an organization to think about how to meet corporate risk mitigation objectives? Do workers wake up in the morning thinking about compliance controls and how much they love compliance managers? Unfortunately, no! How can we align workers with risk mitigation needs without making the compliance manager seem like a bureaucratic villain?
All for one, one for all!
Compliance managers need the help of the entire organization to minimize risk, but we all know that every employee has a default mode of focusing on their own tasks and they do not have time nor the interest to investigate risk management theory. What if the natural way a worker performs their job was aligned with risk mitigation objectives? What if I told you we can achieve that without the worker even knowing they are mitigating risk while they work?
Not all states think alike!
Consider the goal of minimizing risk in the process of calculating insurance claim reserves. State regulatory agencies have a wide range of varying requirements for every part of the claim calculation and reporting process. Some requirements are similar among states, but other requirements may vary. For example, let’s assume we have the following requirements for the insurance claim reserve process:
To meet the control requirements, we use a combination of recurring tasks that are automatically triggered and assigned to the appropriate staff. The actuary certificate control process, for example, one task is assigned to each actuary every year requesting the submission of their most up to date certificate that attests they are indeed a recognized actuary. For the reserve calculation part of the process, another task automatically triggers quarterly and is assigned to the actuary to begin the reserve calculation. Workflow will automatically assign tasks as each step is completed or escalate tasks if certain milestones are not completed timely along the way.
Control Attributes – Visible to Manager can be hidden from Worker
Every employee is a Compliance Minion!
In this example, the actuary might not know the submission of the certificate is related to control 14.1, but the compliance manager is thrilled to know what controls have been completed or not, who is responsible, and can see that all levels of management know who should be working on what. The chances the control will be fully satisfied are much closer to 100% than not having a Lean BPM solution in place. Every worker is now a compliance minion, and they don’t even know!
Task Assigned to Actuary
When an auditor knocks on your door, it is time to prove your controls are effective. Lean BPM will reduce the time it takes an auditor to conduct their review by making control evidence accessible quickly.
The audit trail shows who did what and when. Attached files provide added evidence that a control was met for the actuary certificate requirement example. The screen shot shows that Jake Scott uploaded version one of the certificate on October 21 and set the task to completed the same day according to the audit trail.
Audit Trail – File Uploaded by Actuary
Audit Trail – Task Completed by Actuary
Show me the Money!
Visibility into the value of and effectiveness of the controls is vital. HighGear Lean BPM provides a wide range of reporting capabilities.
Report Example – Control Effectiveness
I Like to Do It My Way!
What if you need additional fields? Fields with different names? What if your firm has 5 steps that require multi-department collaboration? What if your firm has a different set of controls than other firms? HighGear allows you to create fields, forms, workflow process, and reports to suit your needs.
Become a Workflow Champion
HighGear aligns workers with risk management objectives, provides visibility into who is working on what and when, and highlights the data necessary to meet regulatory agency requirements.