Implementing Healthier Audit & Compliance Capabilities

Client Initiative Situation How We Helped Outcome


Large U.S. Medical Insurer



Governance, Risk and Compliance Assessment and Implementation of Enterprise Risk Management (ERM)



A large U.S. Medical Insurer needed to strengthen its Audit and Compliance capabilities to meet increasingly complex regulatory landscape.


How We Helped

The Insurer engaged RGP to conduct an in-depth assessment, reviewing governance, risk and compliance effectiveness, processes, approach and capabilities. We identified a number of control weaknesses that threatened to impact financial and operational performance and, in response, developed a sustainable, highly effective ERM program to be implemented in two phases.

  1. Assessment Phase. We took a cultural survey to help assess the organization’s readiness to implement a robust risk management function and employed a risk-based approach to evaluate:
    • Internal audit program for effectiveness and process quality. 
    • Compliance program for scalability and effectiveness in monitoring potential key risks mapped to the Office of Inspector General’s (OIG) Seven Elements of an Effective Compliance Program. 
    • Complaint management process and capabilities within HR, Internal Audit and Legal.
  2. ERM Design and Implementation Phase. We recommended creating an ORSA-based ERM program to serve as the platform to manage enterprise-wide risks and to serve as an ERM framework for meeting NAIC ORSA compliance. With our help, our client developed an ORSA-based ERM program comprised of:
    • A Risk Management Approach for assessing potential loss exposures and stress testing non-solvency risks along with a business continuity plan for each non-solvency risk. 
    • A Solvency Management Approach for assessing corporate capital structure, evaluating financial leverage, reviewing fixed charge coverage, analyzing liquidity, reviewing historical sources and uses of capital, examining operating performance and business profile, stress testing solvency risks and developing a business continuity plan for solvency risks.


RGP’s initial assessment and recommendations were adopted by the Client’s senior management and board of directors and RGP was engaged to further design and implement the ERM program.  The ORSA-based ERM program that RGP developed for our Client will help them manage and monitor their enterprise-wide risks and meet NAIC’s ORSA Model Act requirements for insurers (filing an annual ORSA Summary Report to show evidence of the description of the insurer’s risk management framework, insurer’s assessment of risk exposures, and group risk capital and prospective solvency assessment).