A BlueCross BlueShield Associate Achieves Superior Compliance, Audit and Issue Management

Solution

The company needed a central system with a highly flexible GRC software architecture for managing its compliance and audit programs as well as for supporting its regulatory commitments.

MetricStream was selected as the preferred solution provider on the basis of its holistic approach to compliance, audit and issue management. MetricStream's comprehensive functional capabilities and advanced technical capabilities to map the company's requirements were other pillars of the selection process.

MetricStream delivered to the company an integrated and robust audit, compliance and issue management system, implemented at a single location for several thousand users.

MetricStream's compliance, audit and issue management system

The solution is a comprehensive, Web-based application deployed on MetricStream GRC Platform and provides a common framework and an integrated approach to manage all compliance, audit and issue management requirements of the organization.

MetricStream's platform supports the company's organizational model across all the business units and departments, as well as their mapping to different roles and reporting relationships. The portal views are based on the user's profile and organizational mapping. The application provides a role-based portal access with options required for initiating actions, responding to events, assigning tasks, viewing reports and dashboards, limited to user roles. The architecture allows handling transitions and organizational changes such as acquisitions and mergers.

The application facilitates generation of packaged executive reports. Ad hoc or customized reports can also be configured. Alerts and notifications are generated using emails and task assignments. Flexible rules for escalation and color-coding are configured for risk scores, due dates and time limits.

Compliance management: MetricStream Solution provides a common framework and an integrated approach to manage HIPAA compliance and other CMS regulatory requirements faced by the company. With MetricStream Solution, the company can ensure complete compliance not only with health insurance-specific mandates, but also with cross-industry mandates such as the Sarbanes-Oxley Act, PCI, FCPA and several others.

The solution helps the company create and maintain a centralized compliance management structure that includes processes and assets in scope, risks, controls, policies and procedures, reporting requirements, schedules and filing templates.

The solution also facilitates the required transparency for the identification and tracking of all compliance issues using advanced functionalities such as risk heat maps, control monitoring and compliance dashboards. Issues that are identified are either automatically resolved or routed to the appropriate personnel for remediation action.

MetricStream Solution also captures and collates requirements and regulatory information, industry guidance, national governance, laws and regulations on a central platform. The compliance managers at the company can access an exhaustive compliance library within the application, identify relevant regulations, document specific requirements for the organization, and define a monitoring process to comply with requirements.

Issue management: MetricStream Solution enables the company to identify and rectify discrepancies, gaps, coding errors and other issues related to audits as well as enterprise wide issues.

The system assigns a unique ID to each issue which makes it easy to track the issue across review stages. Issues are categorized based on predefined criteria and detailed information about each issue is provided.

Failure investigations are conducted to determine the root cause of the issue. The investigation is conducted using collaborative workflows and investigative tasks are assigned to appropriate individuals. Remedial action is facilitated by automatic alerts and notifications which are sent to the appropriate personnel. Corrective action is initiated and the case closes when the action plan is implemented.

Policies and procedures management: MetricStream policy and procedure management solution provides a flexible framework to streamline the creation and management of policies and procedures in line with applicable regulations. This aspect of the solution helps the company encourage accountability and communication within its compliance teams.

The solution has introduced an electronic and automated approach to the development, maintenance, and communication of policies and procedures across the enterprise.

The solution provides a central repository to store and organize policies and procedure documents. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve policy and procedure documents globally in a controlled manner.

Built-in tools support policy implementation, acceptance, exception tracking and mapping of policies to compliance requirements. The detailed analytics and reporting capability with graphical dashboards tracks each policy from origin to obsolescence, giving managers complete visibility into the system.

MetricStream solution enables the company to integrate policies and procedures with the compliance, risk and control framework. At each section and sub-section of the policy, risks and controls can be linked.

Audit management: MetricStream audit management solution helped the company's audit schedulers to create and maintain an audit schedule in a logical structure and hierarchy with detailed audit templates required for different departments and teams.

Audits can be scheduled periodically or on an ad-hoc basis for internal departments, processes and projects. Based on the master audit calendar, the scheduler can select a team of auditors and assign the audit responsibility with a due date. In case of any change in the audit dates, automatic notifications are sent to the auditors as well as the entity to be audited and reasons for the modification are recorded. Relevant personnel can view the complete schedule of audits for the selected period.

Auditors can define checklists and tasks that need to be performed for audit. Checklists can also be downloaded and used offline with the MetricStream Offline Briefcase option. Auditors can confirm the audit assignment and completion of audit and record audit results indicating conformance or non-conformance.

The solution allows the auditors to attach additional documents relevant to the audit, create an outstanding action items list, allocate each item to a resource, record agreed completion date and additional comments. The solution supports tracking of action items and flagging critical failures. Automatic alerts are sent to relevant departments when audit results are posted. The automated workflow engine tracks the implementation of audit recommendations to complete the audit.

The solution maintains a complete record of management review meetings such as meeting schedules, meeting handouts, minutes of the meeting and tasks.

Reporting capabilities: The company is able to generate report summary information for pass rates and dates, audit rates and dates, review rates and dates using standard sets. Detailed reports can be obtained for sequential detailed information on policies, procedures, audits, corrective action plans and change requests. Managers at the company can generate and view interactive reports with an ability to drill down for oversight. The ad hoc reporting capability of the application includes a user-friendly interface with tips, hints and tutorials. Reports are presented in a way that is easily comprehensible to different levels of audiences.