The document outlines a case study of a health insurance provider's implementation of MetricStream's compliance management software to enhance governance, risk, and compliance (GRC) programs in response to the NAIC Model Audit Rule (MAR). The solution enabled the client to streamline its compliance processes, improve documentation and reporting of financial risks, and automate manual tasks, leading to cost savings and better visibility into compliance activities. The implementation was completed in five weeks, demonstrating the software's effectiveness in meeting regulatory requirements and improving corporate governance standards.

1. CASE STUDY
MetricStream NAIC MAR COMPLIANCE SOLUTION FOR A HEALTH INSURANCE
PROVIDER
Customer
The Insurance company is a leading provider of health insurance to large companies, small business-
es, families and individuals in a US state.
Overview
As a leading health insurance provider, the client has a responsibility to conduct business with high
ethical standards in compliance with regulations such as Medicare and Medicaid Compliance, Market
Conduct Examinations, NAIC Model Audit Rule (NAIC MAR), Code of Conduct, OIG Corporate Integrity
Agreements (CIA), HIPAA and Quality Accreditations . Uncompromising integrity to build trusted
relationships with members and the communities it serves is of utmost importance to the client. Com-
Customer pliance with all relevant regulations is mandatory for the client to maintain its leadership in corporate
LEADING PROVIDER OF HEALTH INSURANCE governance standards and ethics.
IN THE US
With the US healthcare system undergoing a transition, several health insurance providers are
advancing their Governance, Risk and Compliance (GRC) programs to manage their risk, streamline
Benefits internal audits and ensure compliance with multiple regulatory requirements and corporate policies.
Several health plans, including some of the largest fellow affiliates of the client, recently selected
The benefits the client derived after implementing MetricStream to respond to rapidly changing regulatory environment.
MetricStream Compliance Management software
solution are manifold: Model Audit Rule (MAR) is the regulation on solvency and corporate governance developed by the
National Association of Insurance Commissioners (NAIC). The regulation has come into effect for
Assured compliance with NAIC MAR - With real- fiscal year 2010 for insurance companies, captive insurance companies, non-profit insurers and
time tracking and monitoring, the solution has helped health plans. The focus of NAIC MAR has been to maintain consumer protection and the strength and
the client to recognize and focus on diverse areas that solvency of the insurance industry.
need attention based on their status of compliance
with NAIC guidelines. The solution has assisted the
client in documenting, tracking and reporting NAIC Challenge
Model Audit Rule (MAR) compliance initiatives at all
organizational levels. Increasing regulatory demands: With increasing regulatory demands from government for health
insurers, the client recognized the need for a sound GRC technology architecture for sustaining compli-
Readiness for future compliance requirements ance, preventing fraud and managing a wide array of risks.
- By analyzing trends and risks based on frequency
of occurrence, identifying high-risk areas quickly, Managing diversified risks: Financial health of the client depends on several areas of risks such
documenting the scope of controls in a structured as investments, policy and claim reserves, premiums, payment of benefits, reinsurance, operating
manner, identifying and testing controls, the client
expenses and taxes. The client has control mechanisms to manage such risks. However, most risks
can now continuously monitor and improve the con-
trol environment and support the changing regulatory
and controls were not sufficiently documented and were not assessed periodically in a systematic
requirements. manner.
Visibility and corrective action planning - Ongoing NAIC MAR Compliance Requirements: With the immediate goal of NAIC MAR compliance, the cli-
structured reporting and communication with the ent needed to define responsibilities and document its financial risks and controls in a formal structure
senior management, along with the automation of for monitoring and reporting purposes.
compliance management processes, has gained the
staff, senior managers and the board of directors of
the client a clear visibility into the client’s risk and As the focus on accountability became stronger, the client needed to place even greater emphasis on
compliance activities. the interests of the policyholders, shareholders and employees. This required integrated and enter-
prise-wide architecture for GRC for meticulous risk tracking and reporting.
Using the MetricStream solution, the client has been
fulfilling insurance regulatory compliance require- As the business complexity increased, risk and compliance executives in the client sought better vis-
ments and implementing effective strategies with reli- ibility and quick access to information which was difficult to collect, monitor and communicate. The
able control systems and corrective action activities
senior management of the client needed to mandate the certification of the effectiveness of internal
successfully.
control over financial reporting (ICFR), periodically.
Cost saving - By standardizing the compliance
management processes, MetricStream has put into Automation: For Enterprise Risk Management (ERM) and compliance activities, the client was using
effect a consistency across the organization and has free-form manual, paper-based processes and basic tools such as spreadsheets and e-mails. Automa-
eradicated manual checks at multiple levels saving tion of these manual processes for effective control assessment and report creation was another
the client considerable costs. challenge the client was faced with.
Absence of a single system of records for consolidating compliance processes and risk data was
resulting in poor risk assessment and reporting.
The client decided to invest in technology and implement MetricStream’s Enterprise GRC Platform to
strengthen its ERM and compliance activities.

2. MetricStream
Solution
Why MetricStream
With the impending effect of NAIC MAR, the client realized the cumbersome and unreliable nature
of its risk assessment and reporting process. This acted as a key driver for the client to choose a
In its endeavor to brace itself for the forthcoming solution that would go a long way in successful management of its future compliance requirements.
NAIC Model Audit Rule (MAR) compliance and
To the client, this meant strong corporate governance in the areas of auditor independence, corporate
resolve the issue of cumbersome manual reporting
processes, the client examined several providers of governance and internal control over financial reporting.
compliance solutions. The client needed to replace the existing free-form, manual processes with an integrated workflow-
based risk and compliance management system. The client’s key criteria for the ideal solution
On scrutinizing diverse solutions available in the included effective usability and ease of deployment. After weighing all options available in the market,
market, the client zeroed in on MetricStream’s GRC the client selected MetricStream Compliance Management software solution.
solution.
The client recognized that MetricStream offers a com-
prehensive GRC solution that addresses a wide range “With MetricStream’s role-based views that offer insights into core GRC processes and key
of regulations to reduce the overall cost of compli- metrics, real-time dashboards and reports, we can now track the status and trends relating
ance management. The team found the MetricStream to key risk and compliance programs more effectively,” says the spokesperson of the client.
solution easy to deploy, user-effective, configurable,
scalable and secure.
MetricStream Enterprise GRC Platform: The solution suite delivers a powerful combination of
process automation, best-practices workflows, data integration, reporting, analytics and regulatory
content. It provides a common framework and an integrated approach to manage all compliance
requirements faced by the client. It enables a consistent compliance and controls processes across
the enterprise, eliminating any deviations and errors as well as redundant activities. Streamlined
processes allow the client to take direct responsibility for managing controls while auditors can focus
on key compliance risks and project oversight.
Risk Management: MetricStream deployed an integrated and flexible risk management framework
for documenting and assessing risks, defining controls, managing audits, identifying issues and imple-
menting recommendations and remediation plans. The risk management solution includes powerful
tools for risk analysis and for monitoring such as configurable risk calculators and risk heat maps. Em-
bedded content about risk management best practices helps the client define the scope of processes
and sub-processes for which risk management needs to be performed and guides the development of
control and test libraries.
Implementation Approach: The implementation was carried out in a phased manner. With the objec-
tive to support the client’s urgent compliance obligations, the project followed aggressive timelines
throughout. Leveraging the product’s rich, out-of-the box functionality and application studio for
obtaining configurations based on customer requirements, the MetricStream team successfully com-
pleted the implementation, data migration and hardware provisioning in just five weeks.
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.