It became clear to the Gore Mutual team that they had two great opportunities to catapult efficiency and streamline a tedious process.
First, they wanted users to focus on unmet regulatory requirements assigned to their business unit. The team needed a way to visibly account for individual regulations and automatically notify BUCOs.
Second, they needed a way to inform the frequency of compliance control testing by the results of annual compliance risk assessment. For example, a high-risk control must be tested at a minimum of every 6 months, but ideally it would be tested quarterly.
Integrated Control Mapping Dashboard
Tackling the regulatory requirement identification process first, Gore Mutual dove into Onspring’s out-of-the-box compliance solution to relate regulatory requirements to controls.
Next, the team needed to create an alert to notify business units of their new and/or unmet regulatory requirements.
Enlisting the help of Tutela Solutions, Gore Mutual created a report and a corresponding dashboard to alert BUCOs to new and/or unmet regulatory requirements assigned to their business unit, which also seamlessly enabled the identification and documentation of a responsive control.
This automated process connected three applications:
- Regulation Information stores the specific regulations Gore Mutual is striving to satisfy.
- Organizations is where each of the Business Units are documented such as Claims, Marketing, Underwriting, etc.
- Controls houses the specific steps to adhere to the regulation documented per Business Unit.
To ensure all regulatory requirements assigned to Organizations were fulfilled by a corresponding Control, Gore Mutual created a Control Mapping dashboard with several reports utilizing formulas to detect any gaps.
When gaps are identified, Organizations can update an existing Control or create a new Control to ensure alignment. This convenient visibility ensures Business Units have Controls documented for the Regulations they are required to meet—and Corporate Compliance has transparent status information.
Compliance Management in Onspring
See how automation can save 25% of your time when managing regulatory compliance.
Risk-based Compliance Control Testing
Gore Mutual knew that in order to meet regulatory expectations, all control testing needed to be risk-based and provide critical insights into the effectiveness of their RCM Program without overburdening business partners.
They began once again with Onspring’s out-of-the-box solutions to operationalize the risk assessment process by mapping to the Risk Register app easily enough. Then they customized the solution even further. In partnership with Tutela Solutions, Gore Mutual configured the entire process to inform the business unit control operation testing based on a frequency guided by the inherent risk assessment from the control’s underlying business process.
Now, their automated regulatory compliance management program contemplates an Annual Compliance Risk Assessment, wherein each business unit considers the levels of inherent and residual risk of non-compliance within their core business unit processes.