A huge thanks to everyone who joined us last week for our training session on how to use policyIQ to implement an effective and efficient Model Audit Rule (MAR) compliance program! Co-presented by Jenny Hergenrother, the Internal Control Senior Analyst at USAble Life, this session was aimed at insurance organizations who are subject to the National Association of Insurance Commissioners’ (NAIC) compliance requirements.
Model Audit Rule, while specifically required of US insurance companies, was based on the Sarbanes-Oxley requirements and therefore the lessons that Jenny shared apply to a much broader spectrum of clients. We’d like to share a few of those highlights below.
Tracking multiple compliance efforts? Use Folders or a Multi-Select field to minimize duplication
For organizations that are required to be compliant with multiple regulatory or legislative directives, policyIQ offers some unique capabilities to more efficiently manage documentation. Does your organization fall under Sarbanes-Oxley, Title 31’s Anti-Money Laundering, and Payment Card Industry Data Security Standards? Controls may be the same across all compliance requirements – so why document three times?
– Create unique Folder structures for each compliance initiative, with sub-Folders for the critical areas or Processes in scope. Index Risks, Controls and even Testing into all applicable Folders – but document each just once.
– Add a Multi-Select field to your Risk and Control Template with all of the relevant compliance areas in your business. When documenting a Control, select all of the compliance areas to which that Control applies. Reporting on a specific compliance initiative is simple – filter the appropriate area using the field you’ve created.
Document your critical System Applications on their own Pages
A new best practice emerged as we learned more about how USAble Life and Blue Cross Blue Shield of Florida have implemented policyIQ. Both organizations have their critical System Applications documented as Pages in policyIQ, with fields that outline key pieces of information about that system. The System Applications are linked to Controls where the application is used, and indexed into the Process Folders where those applications play a role. If a system is updated or replaced, it is easy to find the affected Processes and Controls to verify that all appropriate changes have been made to the documentation. SAS 70 reports are also uploaded to the System Application pages where appropriate, keeping that critical control information easily accessible.
Use policyIQ to keep notes whenever possible
Jenny introduced training attendees to the concept of Watch Out pages – her simple but effective way to keep notes in policyIQ, rather than keeping lists of things to watch out for on Post-It notes or in separate files. When an issue comes up, she simply adds a Watch Out page – and indexes it to the Process folder where she’ll need to go back and take care of it. We love the idea – and we love Jenny’s philosophy: it’s really best to keep as much of your documentation and notes in one place so that it is easy to find and keep track of things and policyIQ can be used to document most anything.
Collaboration is key!
If there was one lesson that attendees walked away from this session having learned, it was the value of collaborating with a peer who has already been through the process. As a new employee of USAble Life, Jenny sought assistance from Pam Tripp at Blue Cross Blue Shield of Florida, whose organization already had a mature compliance process in place.
Check back at this blog later this week, as we will explore their collaboration and give you tips on how to build your own network and learning experiences.
Want to check out the session for yourself?
The Model Audit Rule training session is now available on-demand from our training page. You can also go to your policyIQ online Help for more information about how to implement policyIQ for Model Audit Rule, or click here to be taken directly into the online Help guide.
If you have any questions about how to use policyIQ for MAR compliance – or how to combine your existing compliance efforts more efficiently, please contact us at support@policyIQ.com. We’re always happy to talk through your needs and help you to better utilize policyIQ!