A leading multinational insurance group headquartered in the UK and serving more than 17 million customers in nearly 140 countries faced a technology turning point in 2009. The governance, risk and compliance (GRC) systems used by the Financial Control Group and the Internal Audit Group were nearing end-of-life status, and the Risk Group, which had no GRC platform, needed to satisfy emerging requirements for individual capital assessment (ICA) and Solvency II.
Rather than implementing three separate systems for each group, management decided to launch a combined assurance initiative designed to bring a single risk story back to its board of directors.
After developing detailed criteria and thoroughly investigating several market-leading providers and platforms, the insurance company selected the Protiviti Governance Portal. Along with the Governance Portal’s broad feature set and extensive configurability, four key factors contributed to this decision:
As part of the implementation, Protiviti performed an inventory of the requirements of seven project teams, developing a total of 40 specific functional areas (e.g., risk assessment, reporting, remediation, etc.) to be included in the implementation. During planning and diagnostic discussions, Protiviti helped management identify a series of common themes across the functional groups that would facilitate an integrated GRC approach while still supporting team-specific requirements. Throughout the configuration phase, Protiviti provided continuous feedback, direction and validation of the final design. The implementation was completed in 12 months.
Currently, the Financial Control Group uses the Governance Portal to manage the financial reporting processes, including control models for remediation, testing and quality assurance. This group also uses the solution to manage the CFO accounting assertions. The Risk Group has incorporated compliance management, operational risk, information security, scenario assessments, and the Solvency II Risk Register in the Governance Portal. In the Audit Group, internal auditors use the Protiviti Governance Portal to manage the audit process, including recording findings, assigning actions, and creating management information reports. The auditors leverage the Portal’s offline functionality to perform work in the field while disconnected from the server.
The process of deploying and refining the system’s capabilities is ongoing, but the Protiviti Governance Portal has already proven to be an excellent foundation for the company’s combined assurance initiative. For example, when the Financial Controls Group and the Audit Group are engaged in similar activities, the Governance Portal flags those controls and identifies the two different opinions. This visibility allows executive management to decide whether to eliminate the duplicate effort or maintain the two separate activities because there is value in the different opinions.
Although the company did not adopt the Protiviti Governance Portal with ROI in mind, the company has realized significant savings in a number of areas: