Achmea - Risk Based Data Governance - Pieter Ettes

865 views
547 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
865
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • We are the largest insurance group in the Netherlands. We provide cover for a wide group of customers, including consumers, public authorities, listed companies, small businesses, single traders and the self-employed.
  • Achmea is active with a number of brands, the six main labels being:
    Interpolis, Zilveren Kruis Achmea, Agis Zorgverzekeringen, FBTO, Centraal Beheer Achmea and Avéro Achmea. In this way we operate in different markets to provide the best insurance for our millions of customers. Roughly half of all homes in the Netherlands have either pensions or insurance from Achmea. To give you an impression of the coverage, this slide shows the numbers of customers – either consumers or businesses – served by our various brands.
    Other interesting facts and figures about Achmea:
    •          1 in 3 of the Dutch population has health insurance from Achmea.
    •          1 in 4 of the cars on Dutch roads is insured with Achmea.
    •          1 in 5 employees in the Netherlands is building up a pension with Achmea.
    •          The pension plans of 1 in 3 employers in the Netherlands are administered by Achmea.
    •          With a portfolio of €14 billion, Achmea is the biggest investor in real estate and mortgage lending.
    •          All of the companies listed on the AEX have dealings with Achmea group businesses.
    •          Interpolis claims department pays out an amount equal to the value of a new Aston Martin (€269,231) every hour.
    •          If pensions are the salaries of people aged 65 and over, this makes Achmea the biggest employer in the Netherlands. We effectively pay a salary to roughly half a million people in the Netherlands.
    •          Achmea Health Centres are proving a great success nationwide. We have now even developed customised in-house Health Centres with companies and universities.
    •          By far the majority of the pavements and roads in the Netherlands you use everyday are insured by us.
  • Over the past 200 years, employer and employee organisations, health insurers and mutual assurance societies have become part of our business, forming Achmea into what we are today – the largest insurance group in the Netherlands.
  • We are also active outside the Netherlands, where we employee a further 4,000 people approximately. The main focus of our operations is on the countries of Turkey, Greece and Russia, where we have around 5 million customers. As regards the other countries, we shall be focusing in the years ahead on activities which are a good fit.
     
    Eureko Sigorta
    Eureko Sigorta, through its partnership with Garanti Bank, one of Turkey’s largest financial services providers, is market leader in Turkey for banking distribution. Eureko Sigorta offers mainly non-life and healthcare products.
     
    Interamerican
    In Greece, Interamerican occupies the number two slot for both life and non-life insurance, including health insurance products and services. Interamerican also has an integrated breakdown assistance service for motorists.
     
    Oranta
    Oranta is an expanding business and operates mainly from offices in Moscow and St Petersburg. Oranta also has a presence in most large Russian cities. Oranta sells non-life and health insurance products.
     
    Other countries
    We are also active in Slovakia, Ireland, Bulgaria and Romania.
     
    Outside Europe
    We recently started setting up a business in Australia.
  • We are also active outside the Netherlands, where we employee a further 4,000 people approximately. The main focus of our operations is on the countries of Turkey, Greece and Russia, where we have around 5 million customers. As regards the other countries, we shall be focusing in the years ahead on activities which are a good fit.
     
    Eureko Sigorta
    Eureko Sigorta, through its partnership with Garanti Bank, one of Turkey’s largest financial services providers, is market leader in Turkey for banking distribution. Eureko Sigorta offers mainly non-life and healthcare products.
     
    Interamerican
    In Greece, Interamerican occupies the number two slot for both life and non-life insurance, including health insurance products and services. Interamerican also has an integrated breakdown assistance service for motorists.
     
    Oranta
    Oranta is an expanding business and operates mainly from offices in Moscow and St Petersburg. Oranta also has a presence in most large Russian cities. Oranta sells non-life and health insurance products.
     
    Other countries
    We are also active in Slovakia, Ireland, Bulgaria and Romania.
     
    Outside Europe
    We recently started setting up a business in Australia.
  • Achmea - Risk Based Data Governance - Pieter Ettes

    1. 1. ACHMEA Risk Based Data Governance 1 Pieter Ettes
    2. 2. Summary • Achmea did develop the Achmea Data Governance Framework as a generic ‘shopping list’ to improve data governance measures • From theory and perfection to a practical approach • The Bizzarrini moment • Fundamental is the risk based approach, a fine balance between effort, efficiency and compliance based on operational risk • Continuous improvement : more measures, other business areas, higher amount of data logistic processes
    3. 3. Context : THIS IS ACHMEA 3
    4. 4. 4
    5. 5. Achmea Brands* 5
    6. 6. Merger timeline 6
    7. 7. Achmea outside the Netherlands 7
    8. 8. Our key figures 8
    9. 9. Short Overview 9
    10. 10. Drivers Achmea Data Governance Framework • External drivers • Upcoming Solvency II (insurance) legislation “Based on the criteria of “accuracy”, “completeness” and “appropriateness”, and consistent with the basic interpretations given, the undertaking shall further specify its own concept of data quality.” • Demands by the Supervisor (Eiopa and DNB) “Achmea has to fully document and implement the processes that are aimed at the demonstrability of data quality, including related reports, within the set timeframe” • Audit issues “The theme for the observations at division level is the widely communicated need for centralized guidelines, standards and or guidance”
    11. 11. Drivers Achmea Data Governance Framework • Internal drivers • Focus on data governance financial and actuarial data in use for (external and internal) reporting and management decision processes • Business case : less workload in data quality control • Need for consistency company wide ; one data governance cookbook which works as a shopping list • Need for centralized guidance to all Achmea divisions (NL) and European companies
    12. 12. “6 layers model” structure Gg B i Data Ownership Assiging responsibilities for data, processes, systems and decision-making Data Management Managing specific types of data (master data, organisational structure data) that require centralized co-ordination Data Definition Speaking one language. Enabling operations on data, comparing data, etc. Each layer consists of specific measures. The entire model has 69 measures. Process Controls LitlleG Data Logistic Chain Data Monitoring Managing changes to data in the processes by means of measures. Managing the transfer of data from department A and system B to department C and system D. Monitoring the actual quality of data based on validation rules.
    13. 13. “69 measures” seems a lot but.......... • BigG implemented top-down company wide • Content : Partly policy documents, partly measures enforced by central IT and Finance departments. • Re-use of existing policies, processes and other evidence • LittleG implemented in the various organizational units • Large scale re-use of existing evidence • Risk-based approach : to be executed if needed Practical and pragmatic approach based on gradual improvement
    14. 14. The 69 measures in the Achmea Data Governance Framework • Legal requirements Solvency II /IFRS4 etc. • Market and proprietary models (DGI, DAMA DMBOK, KPMG, Deloitte, E&Y etc) • Best Practices Achmea and Achmea Strategy/ Identity • Existing Achmea policies Data Governance Framework 6 layers in model 69 measures (= data governance cookbook) Data quality = defined by the degree of implementation of the 69 measures. The Bizzarrini moment is coming………..
    15. 15. Implementation 2011 Starting with a generic framework 2012 Learning by doing 2013 Improved framework, embedded in business 15
    16. 16. 2011 Implementation • Preparation early 2011 • Jan 2011 start creation Data Governance Framework to fit all requirements in one initiative • April 2011 approval Finance Directors Board for plan • May 2011 version 1.0, preperation for roll-out • Roll-out second half 2011 • Aug 2011 Formation of Data Governance Taskforce • Sept 2011 start of execution fase, concentrating on 11 most important LittleG measures (next slide) • Audit on results early 2012
    17. 17. 2011 : Basic set of 11 in data logistic chain 1 Primary system interface 4 5 6 9 10 interface System 2 interface 3 3 3 2 4 6 7 2 System 1 8 11 5 9 10 7 2 4 5 6 9 10 Basic Data Quality in data logistic chain 1 Description of overall reconciliation process 2 Interface list per source system 3 Export files data definition list 4 Data definition list per source system 5 System documentation per source system 6 Infrastructure SLA per source system 7 Data Delivery Agreement per system (including frequency) 8 Business Continuity Plan 9 Quality policy per system 10 CIA-triad (Confidentiality, Integrity, Availability) classification per system 11 Data quality assurance policy/process 7 Formal Output
    18. 18. 2011 Findings Implementation • Findings audits end 2011/early 2012 • Audits revealed need for improvement plans for most divisions • Also the generic BigG measures needed improvement • Need for detailling : > More guidance on how to implement > Risk based approach needed : not every measure is always applicable > Embedding of measures in existing control framework
    19. 19. 2012 Implementation • Jan 2012 delivery first batch BigG measures, complete end 2012 • June 2012 delivery of improved 11 measures ending in a re-audit • June 2012 start rest of the LittleG measures
    20. 20. The Bizzarrini moment Click This button
    21. 21. 2012 Risk Based approach Data quality assurance cycle periodic cycle for securing data quality at a detailed level • Determine scope (which systems?) • Determine quality/ acceptance criteria • Provide evidence for (key) controls • Monitor data quality • Monitor effects of improvement plan Implement plan Decision on which “mix” is necessary Assess current set of (key) controls Current “mix of measures” Periodic risk selfassessment (+ improvement plan)
    22. 22. 2012 Data quality assurance cycle • Key aspects: • Data quality is actively monitored • A “mix of measures” is used for monitoring data quality • “Mix of measures” is determined based on the specific risk profile of each system • A limited number of measures in the Achmea Data Governance Framework is obligatory • By means of “risk self assessment” the mix of controls will be reviewed and updated
    23. 23. 2012 Inclusion in our Control Framework • Problem : How to ensure that measures will stay active • Solution : Inclusion of measures in existing control framework • control checks that will be periodically examined • Checking of the data governance measures of the 11 measures and the data quality assurance cycle is embedded in this framework • Inclusion in the framework assures the continuity of the data governance measures.
    24. 24. 2013 • Formal governance in place (board level) • Doing on group level what needs to be done • On division level implementation • ADGF Version ADGF 2.0 • Embedded in normal business control processes, operational risk department and audit helping in imposing discipline • Alliance with IT department : quality gates in IT proces, inclusion in formal IT proces guidelines • ADGF fundamental part of other initiatives : Data Asset Management, CRM, IT roadmap
    25. 25. Lessons learned 25
    26. 26. Lessons learned • Remember Bizzarrini • Learn! • The Data Governance Framework cannot be succesfully imposed on a complex organization from a purely topdown perspective. • In many aspects it has to be explored and discovered (within clear boundaries top-down) by all concerned • The Achmea Data Governance Framework is a living collection of knowledge ; it should be evaluated and improved on a periodic basis.
    27. 27. Lessons learned • Team up! • Multi disciplinary team with sufficient “soft” and “hard” skills • Business and problem driven, IT is just a part of the team • Cooperation of the ‘willing’ key persons • Need to combine skills from IT, Business, Control, Audit etc • Need a shared drive to learn while building • Small project organization: activities will be executed as part of normal business routine as much as possible
    28. 28. Lessons learned • Make friends! • Pragmatism and buy-in • Data governance is not new : already 200 year of data governance (from founding of Achmea till now) • Let IT volunteer for what they can archive • KISS. We are not aiming for perfection. • Maximum use of existing information, knowing that this will not always fit the measures as planned • Explain that with respect to current practices improvement is needed to meet new requirements
    29. 29. Lessons learned • White and blue collar! • BigG (company wide governance) involves management at higher level • LittleG mainly involves people who do operational work • Each level needs its own communication and decision strategy
    30. 30. Lessons learned • Focus! • Risk based approach • Involve internal audit to do assesments • Aim at accepting improvement plans for repairing issues • Continuous improvement and versioning • Not all data processes are really important so do a triage and focus on the important ones
    31. 31. Lessons learned • Routine! • Cyclic character of data governance • It’s not about the one-time status of data governance • It has to become part of daily business • So incorporate it as much als possible in the normal process cycles • And use the exisiting control processes to assure compliance to your data governance measures
    32. 32. Lessons learned • Proportionality! • Not all data needs to be ruled by data governance, only data that’s being shared enterprise wide or reported externally • Size and maturity level of each organizational unit ruling ambition level • Take the theoretical ADG down to the level of what each unit can handle

    ×