Richard F. Denning & Associates RMIS Risk Management Insurance Information Systems

Richard F. Denning - RMIS Columns

Columns from one of the Leading RMIS Industry Experts

Richard F. Denning

Richard F. Denning is President of Shelter Island Risk Services, a leading RMIS consulting firm based in Shelter Island, New York. You may contact Rick at (631) 749-1535.

"43 Questions To Ask Yourself About The State Of Your Risk Management Information System (RMIS", 1993

By Richard Denning, President R.F. Denning & Associates, and Andrew Daniels, Director of Market Development and Planning, Risk Sciences Group.

Defining a RMIS

1. How should RMIS technology be used in our risk management department?: A decade ago, many organizations were satisfied with the information available in a monthly listing of claims. Today, speed in obtaining data and flexibility is its expression are essential needs of the risk manager that the RMIS satisfies. Most American firms make their RMIS a central part of their overall risk and insurance program. Its role includes bringing external claim data from insurers and third-party administrators, linking internal data sources (such as exposure and employee information), and performing specialized applications in risk control, medical cost containment, legal cost control, etc. In fact, the RMIS is a major resource in accomplishing all the tasks of risk management. Risk management competency comes from building a sound RMIS foundation.

2. Who owns the data? And in what form?: Data ownership is a critical issue to today's risk manager. Data is the raw material for a successful RMIS and the risk manager should insist on rights to it. At a minimum, you should have access to all data elements listed in the Appendix. If you don't own the data, a change in your program could leave you stranded with not data at all. When contracting for RMIS services, you should ask for, and receive in writing, a statement indication that you own not only all data (relating to your insurance program) residing in the RMIS, but also a machine-(computer-) readable magnetic tape copy of this data. This should include all financial audit trails (histories of the settlement process) which are critical for loss forecasting, claim development patterns, etc.

What happens to my RMIS if I change brokers or insurance carriers?

3. If I decide to change brokers, insurers or third-party claims administrators due to either market conditions or poor service, will my existing RMIS continue to be available to me? If yes, at what price?: This is an important question to ask up front. Many RMISs are made available only if other services are purchased. If you should change carriers, what happens to your RMIS? Similarly, if you change brokers and you were using their RMIS, what happens? If the RMIS will still be available, what will it cost to operate? Remember, the suppliers of these systems may provide their RMISs either "free" or substantially below the actual cost when they are bundled with other services. However, unbundled pricing may be significantly different.

4. Can my existing RMIS be expanded and modified to include new sources of insurance and claim data? If yes, at what cost to start up and operate?: Organizational changes caused by acquisitions and the like, dictate RMIS flexibility. RMISs should interface with risk-management-related data from a variety of sources, such as insurance carriers, thirdparty claims administrators, or your own company's data (i.e., exposures, risk control/safety, and litigation information). The majority of RMISs capable of handling multiple data sources are from independent vendors. In order to maintain your control over RMIS expansion, the cost to start up and to operate a RMIS of this nature should be negotiated on a fixed cost or flat rate basis. Ask vendors for a list of references and a list of data conversion programs and prices to help you judge their performance in this area.

Use of standard vs. customized RMIS

5. Should my RMIS be purchased as an independent system or as a bundled part of my claims services?: A RMIS sold as a part of bundled claims services can be an effective tool. However, there are limitations associated with such systems. They cannot easily be customized to meet the specific needs of your organization. And, if for some reason your relationship with your claims services provider is discontinued, then your entire RMIS may jeopardized. On the other hand, an independently purchased RMIS will give you control over the information, freeing you to change program providers, alter the data collected and tailor the application to your needs.

6. May I use my own codes or do I have to use codes supplied by the RMIS vendor?: RMISs should be easy to use. And yet if a RMIS vendor requires you to use their coding system while you try to maintain your own, difficulties are sure to arise. Nearly all RMISs that are sold bundled with other services will not allow you to use your own codes. On the other hand, independent RMIS vendors offer greater user flexibility and may be able to accommodate your coding system.

7. Am I able to control the format, content and frequency of the reports generated from the RMIS?: A RMIS user should have the ability to control the format and content of output reports. Reports should be generated on an "as needed" basis, as well as on a regular schedule. There should be flexibility for you to develop your own reports without becoming a programmer. A good test is whether the RMIS permits "real" managers to produce basic reports or requires the attentions of more dedicated users.

8. Am I able to use the RMIS for analytic support by requesting reports on an ad-hoc basis, to address a specific situation?: The RMIS user should be able to request directly from the RMIS any required reports. The "hands-on" process is critical for "what-if" analysis (i.e., what if this operating unit is divested: how is my insurance program affected?).

9. Am I able to modify the RMIS according to my firm's specific needs?: Several RMISs will modify their systems to meet your individual data collection and reporting needs. The willingness and ability to customize separates expert RMIS consultants from the controlled vendor-based non-modifiable systems.

10. What about computer screens and menus? Can they be customized to my own specifications?: Effective RMIS use and successful rate of problem analysis and resolution is directly proportional to the user's ability to easily operate the RMIS. To check a RMIS vendor's success at customizing screens and menus, it is wise to check their references from users within your industry. Cost for RMIS start-up and operation

11. How is this operational cost determined?: When shopping for the lowest operational costs, be aware that some RMIS vendors' charges are usage-dependent rates while others are on a fixed-fee basis. Making fair comparisons between these options is not easy. Often predicting the amount of system resources you will use (and thus budgeting for these usage-dependent costs) is extremely difficult. In addition, some vendors surcharge for on-line (daytime) usage. The critical point is to develop your RMIS budget on a defined, fixed-fee arrangement to avoid extra, unexpected charges.

12. How critical is cost in choosing a RMIS?: Obviously, cost effectiveness is a major issue in choosing a RMIS. Keeping in mind that RMIS fees are typically less than 1% of annual incurred losses, there is substantial potential for payoffs from RMIS investments. Notably, a user survey conducted by one independent RMIS vendor, found that less than 50% of users considered cost to be an important RMIS selection criterion. This is in sharp contrast to the more than 80% of respondents who considered service issues, such as ease of use and quality of technical support, to be important.

Quality of data within RMIS

13. What are the financial and other data verification procedures employed by my RMIS vendor? How often is the data verified? What financial "benchmarks" are taken?: Complete data verification procedures should be involved each time your database is updated with more current data. All data verification procedures should be written into your RMIS service contract. Performance clauses with financial penalties for non-performance should also be contractually defined.

14. Does documentation exist that explains how the data is loaded and verified into my RMIS? Who is responsible for creating verification reports? How often can I get copies of these reports?: A data verification procedures manual should be provided which outlines the step-by-step verification process to be used. The RMIS vendor should then supply a detailed set of verification reports (in writing) to the user after each database load and update (on a monthly or quarterly basis).

15. What else can my RMIS vendor do to protect the quality of my data?: After basic verification tests, a vendor's account service representative should review the database to determine if the results are reasonable and acceptable. Only human intervention can discover the more subtle errors appearing as unusual new claim activity and lost or duplicated records. In addition, the service representative should compare new record counts, changes and other criteria to previous months' activity to judge if the results are reasonable. Any suspected discrepancies that are discovered should be investigated and corrective actions taken.

16. How can I edit and correct the information supplied by my insurers and TPAs?: To ensure a risk management information system's loss runs match those developed by insurers and TPAs, it is often necessary to correct non-financial errors such as bad location codes, misspelled claimant names and erroneous codes. To quickly make these changes, a RMIS needs an edit loop that allows users to send changes back to insurers and TPAs on a daily basis.

17. If my database contains financial discrepancies, can my RMIS vendor identify each individual difference by claim?: Any discrepancy between a data supplier's hard copy loss run financials and your RMIS financials should be fully investigated, documented and resolved. Discrepancies should be associated with individual claims to insure maximum database integrity.

18. What can a risk management department do to ensure the quality of a RMIS?: A RMIS is only of value if your risk management department makes a strong commitment to using it. There must be a commitment to maintaining the data and a commitment to utilizing the reporting capabilities. It is often helpful to select individuals as designated users and make them responsible for putting the system to use in your department. In addition, other employees should be encouraged to develop a level of RMIS knowledge appropriate to their responsibilities. Maintenance of the RMIS

19. Who is responsible for maintaining the interfaces between my data suppliers (carriers, administrators, etc.) and my RMIS vendor?: Many vendors will supply this service and develop a working relationship with your data suppliers.

20. Is my claim data updated on a daily cycle?: Although monthly data updates are acceptable for financial, actuarial and cost allocation applications, a daily update capability is required for risk control, safety, claims administration and data quality control. The RMIS should allow you to make both these monthly and daily updates. In addition, it should allow you to set exception criteria based on reserve size, payment amount, or nature of injury so that you will be immediately aware of any claims requiring special attention. Since many reports require the stability of a fixed evaluation date such as month-end, the system must have the flexibility to use such designated evaluation dates. This will prevent report content from changing with daily data updates.

RMIS back-up and recovery procedure

21. What system back-up and recovery procedures does my RMIS vendor utilize?: All data contained within your RMIS should be copied onto magnetic tapes and/or other computer readable storage medium on a regular basis. If the RMIS "goes down" (becomes unavailable)for an extended period, procedures must be in place to allow the use of an alternative back-up site for the RMIS.

22. How often is my data completely backed-up?: Data should be backed-up ("copied") and moved to off-site storage facilities on at least a weekly basis (nightly is not an unreasonable expectation).

23. How long is the backed-up data retained?: This "backed-up" data should be retained for at least six (6) months (preferably for a year).

24. Am I able to audit these procedures, on a periodic and/or unscheduled basis?: To insure that your vendor's RMIS back-up and recovery procedures work properly, you should test them in a non-critical environment (when you don't really need these precautionary procedures).

25. Does my RMIS provider protect my existing database during system updates?: Because an update can damage the quality of an entire database, it is important to find a RMIS vendor that copies your system before making updates. Then following each update, a check should be made to ensure the database agrees with the tape and control totals.

RMIS security measures

26. What security measures are in place safeguard my data within the RMIS?: Data security should be a critical component of any RMIS and should consist of multiple levels of account and user identification password security. Access passwords should be changed, at minimum, each time either your firm or your RMIS vendor has a change in personnel on your account.

27. Does my RMIS allow me to share information on a selective basis?: Security dictates the importance of controlling who has access to your RMIS. However, there will be others (operational divisions, brokers, law firms) who could benefit from having access to all or part of your central database. A RMIS should allow you to decide who these additional users are and to what extent they can access your system. This sharing of information is particularly important to operational divisions who have financial and risk control responsibilities for their operation.

RMIS capabilities and features

28. Does the RMIS contain the financial transaction and audit trail loss history for each claim record within the database? If yes, is this information available for case reserve development and IBNR activity calculation?: This is a critical feature of any RMIS. Financial audit trails are necessary to determine case reserve changes and loss development patterns. This audit trail should be available for each individual claim in order to maximize the reliability of your firm's specific loss development factors.

29. Is my risk management department using my RMIS more broadly than just monitoring claims?: A risk management information system has more applications than just computerized claims monitoring. It can also be used to monitor exposures, policies, locations, risk control, safety, medical costs and litigation. A RMIS used to its full potential will also have a host of users outside the risk management department, such as operating divisions and even brokers and legal counsel.

30. Does my RMIS give me the information support services I need to self-administer my workers compensation and liability?: Organizations seeking to self-administer all or part of their claims programs require a RMIS with data entry, check writing and special reporting capabilities. Equally important, these functions must be integrated with other insured or TPA programs to provide a common risk management database.

31. Am I able to report on policy years of arbitrary duration or start date?: Since risk managers may need to report on a calendar year, company fiscal year, and on a policy experience year basis, it is important for the RMIS to readily support such flexible "period" determination. It is also useful to be able to report according to accident date, report date and close date.

32. Am I able to restate losses as of prior periods for comparative performance analysis?: A RMIS should allow you to specify earlier report date (s) so that you can get an accurate comparative performance analysis that evaluates prior period (s) as of equivalent point (s) in time (i.e., this year versus last year with both six months into the year). It should allow you to move the entire database evaluation date to run reports or perform an analysis as of an earlier point in time.

33. Can my RMIS provide reports detailing the quality and timeliness of my service suppliers' data?: Yes, a RMIS should have the ability to monitor the performance of your claims administrators, insurers, brokers and defense attorneys. By comparing vendor performance against established objective criteria, reports can be generated assessing quality control issues and developing trends. RMIS graph-plotting capabilities can be helpful in communicating these results.

34. Can I obtain consulting assistance from my vendor to help me interpret the output of my RMIS? Does this include loss reserve analysis and forecasting?: Not all RMIS vendors can offer consulting services to interpret RMIS output data. Yet for several RMIS vendors, this is a major portion of their business activities. Make sure to ask your vendor to supply references and samples of this consulting service.

35. Is the information in my RMIS getting to the people who can use it to help control costs?: The value of a RMIS can never be fully realized unless the information is put to use at all levels of your organization. Field operations may need direct, on-line access to a risk management information system in order to carry out their own risk management duties. Utilizing information made available on a timely basis, they can assume responsibility for their own claims administration and safety programs and thus become active participants in cutting risk management costs.

36. Can a RMIS show how my loss performance compares to others' in the same industry?: Some RMIS providers do encourage a selective exchange of data that will allow all participants to assess their loss performance relative to specific industries. As a result, it is important to seek a RMIS provider that: *encourages the exchange of loss performance data; *has access to a large number of claims over a wide range of industries. This information provides valuable insight into risk control investments.

RMIS expansion and modification features

37. Will the RMIS support financial and organizational consolidations which result from merger, acquisition and divestiture activities? If yes, what is the cost for such modifications?: The RMIS must be able to accept the financial, organizational and insurance program changes which will result from mergers, acquisitions and or divestitures. Your RMIS should grow and change as your firm's business evolves, without incurring major reprogramming costs. To ensure a system has this kind of flexibility, review the vendor's experience in making program changes. Also review the costs connected with these changes.

38. Will I be able to use my RMIS to monitor risk programs on a global basis?: In the near future, international business will require a RMIS to be flexible enough to adapt to the many legal and social differences that exist between countries. With designs to accommodate these differences already underway, you need to review your vendor's international capabilities now.

39. How often and at what costs are improvements to the RMIS made available to me?: As research and development and new technologies yield advances in hardware, software and data communication, it is reasonable to expect your RMIS vendor to supply enhancements and new capabilities on a regular basis. General system improvements should be available at moderate costs. Examining a vendor's past ability to provide timely, reasonable priced updates should give you an indication as to what their future performance in this area will be.

40. How can I be sure my organization won't outgrow our RMIS?: One of the keys to finding a RMIS that you won't outgrow is selecting a RMIS vendor that is committed to future improvements. Another key is finding a system that is flexible enough to grow and adapt to changes in your organization (even unforeseen changes such as mergers, acquisitions and divestitures). Some RMIS vendors offer consulting services that can help you select a system based on an analysis of your current requirements and a projection of your future needs. They can help determine whether an off-the-shelf or custom-designed risk management information system would be best for your organization long-term.

41. How can I get a RMIS to run on my own computers without incurring the expense of developing and maintaining it myself?: Through licensing, some risk management information systems are available to run on in-house computers. Licensing a RMIS eliminates the in-house expenses incurred during the nine months to a year it generally takes an internal development team to build and test their own system. In addition, it frees you from having to perform the difficult and time-consuming role of system designer.

In the event you do choose to build your own in-house system, it is important that you confer with an experienced RMIS consultant (some RMIS vendors offer such consultation services). A consultant can help you develop a system that handles your current data collection requirements and makes provisions for your future information needs. They can help you create a system that successfully brings together insurance, finance, accounting, operations, legal, and loss prevention and control--a task often too specialized for internal data processing staff. Most important, they can often help you avoid some costly mistakes that only prior experience teaches.

Managing risk control information

42. How can a RMIS help with the identification of risk control problems?

Because some of the claims data routinely entered into RMISs also relates directly to risk control, carefully designed ad hoc reports can yield important insights into a company's risk control opportunities. For instance, a report listing workers compensation injuries by location, severity and loss cause (three items usually captured for claims management purposes) might be a quick way to track down an organization's biggest loss generators.

On the down side, many RMISs are extremely limited in their risk control functions because they cannot be modified to handle any risk control data beyond that normally captured as claims information. Ironically, they are unable to accommodate the very accident details that would be most useful in reducing losses.

For this reason, it is important to select a RMIS that can be customized to accommodate risk control information, including any exposure-based data that is unique to your individual operations. An experienced risk control consultant can often be helpful in determining what additional risk control information you need. (There are several ways of actually entering this risk-control-related data --by people within your organization using standard PCs connected via modem to the RMIS; by a 800-HOT-LINE telephone call; or by transfer of data from other systems.)

Once properly customized, the RMIS becomes a powerful diagnostic tool that gives you a clear picture of what changes to control activities will be required to effectively reduce the number and severity of losses.

43. What can a RMIS customized to accommodate risk control information do that a standard claims information system can't?

The claims-oriented system concentrates on transmitting information about the consequence of loss, while the system customized with risk control capabilities will also provide direction in the prevention of loss.

As a result, a claims information system is limited to dealing primarily with financial information (such as who was injured, how badly, at what medical cost, and other information pertinent to the financial resolution of the loss).

A risk-control-oriented system, on the other hand, performs all the functions listed above but is also able to focus on additional information that is usable for accident prevention analysis. This includes items such as the time of day the accident occurred, the age of the injured employee, length of employment, length of time in the job assignment, training received, employee fitness level, and the physical conditions, such as lighting, noise levels, products involved, work pace, and so forth.

In addition, customized systems are oriented to identifying trends and influencing factors that will allow the organization to prevent or eliminate exposures that cause or contribute to accidents or losses to both employees and third-parties. As the graphic on the previous page demonstrates, these prevention and elimination functions are critical components of a balanced risk management approach.