Lessons Learned in Model Audit Rule training apply to any compliance initiatives!

A huge thanks to everyone who joined us last week for our training session on how to use policyIQ to implement an effective and efficient Model Audit Rule (MAR) compliance program!  Co-presented by Jenny Hergenrother, the Internal Control Senior Analyst at USAble Life, this session was aimed at insurance organizations who are subject to the National Association of Insurance Commissioners’ (NAIC) compliance requirements.

Model Audit Rule, while specifically required of US insurance companies, was based on the Sarbanes-Oxley requirements and therefore the lessons that Jenny shared apply to a much broader spectrum of clients.  We’d like to share a few of those highlights below.

Tracking multiple compliance efforts?  Use Folders or a Multi-Select field to minimize duplication

compliancearemulti For organizations that are required to be compliant with multiple regulatory or legislative directives, policyIQ offers some unique capabilities to more efficiently manage documentation.  Does your organization fall under Sarbanes-Oxley, Title 31’s Anti-Money Laundering, and Payment Card Industry Data Security Standards?  Controls may be the same across all compliance requirements – so why document three times?

– Create unique Folder structures for each compliance initiative, with sub-Folders for the critical areas or Processes in scope.  Index Risks, Controls and even Testing into all applicable Folders – but document each just once.

– Add a Multi-Select field to your Risk and Control Template with all of the relevant compliance areas in your business.  When documenting a Control, select all of the compliance areas to which that Control applies.  Reporting on a specific compliance initiative is simple – filter the appropriate area using the field you’ve created.

Document your critical System Applications on their own Pages

systemapplication2A new best practice emerged as we learned more about how USAble Life and Blue Cross Blue Shield of Florida have implemented policyIQ.  Both organizations have their critical System Applications documented as Pages in policyIQ, with fields that outline key pieces of information about that system.  The System Applications are linked to Controls where the application is used, and indexed into the Process Folders where those applications play a role.  If a system is updated or replaced, it is easy to find the affected Processes and Controls to verify that all appropriate changes have been made to the documentation.  SAS 70 reports are also uploaded to the System Application pages where appropriate, keeping that critical control information easily accessible.

Use policyIQ to keep notes whenever possible

Jenny introduced training attendees to the concept of Watch Out pages – her simple but effective way to keep notes in policyIQ, rather than keeping lists of things to watch out for on Post-It notes or in separate files.  When an issue comes up, she simply adds a Watch Out page – and indexes it to the Process folder where she’ll need to go back and take care of it.  We love the idea – and we love Jenny’s philosophy: it’s really best to keep as much of your documentation and notes in one place so that it is easy to find and keep track of things and policyIQ can be used to document most anything.

Collaboration is key!

If there was one lesson that attendees walked away from this session having learned, it was the value of collaborating with a peer who has already been through the process.  As a new employee of USAble Life, Jenny sought assistance from Pam Tripp at Blue Cross Blue Shield of Florida, whose organization already had a mature compliance process in place.

Check back at this blog later this week, as we will explore their collaboration and give you tips on how to build your own network and learning experiences.

Want to check out the session for yourself?

The Model Audit Rule training session is now available on-demand from our training page.  You can also go to your policyIQ online Help for more information about how to implement policyIQ for Model Audit Rule, or click here to be taken directly into the online Help guide.

If you have any questions about how to use policyIQ for MAR compliance – or how to combine your existing compliance efforts more efficiently, please contact us at support@policyIQ.com.  We’re always happy to talk through your needs and help you to better utilize policyIQ!

This entry was posted in Solutions, Training by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s