Project Description



Healthcare insurance provider


Excellus – This healthcare insurance provider is part of a $6.6 billion family of companies that finances and delivers health care services across upstate New York and long term-care insurance nationwide.


To replace a cumbersome and inefficient spreadsheet process with a system that can aggregate risks from a unique bottom up approach across multiple business units and show the risk relationships between those units in order to address regulators’ needs, as well as to support true enterprise-wide risk management.

Previous System

Excellus is in a type of business that demands both quantitative and qualitative risk and is heavily regulated. ORSA (Own Risk and Solvency Assessment) requires that Excellus combines these two methods of risk assessments, which Excellus knew could not be done effectively or efficiently with a spreadsheet-based process. ORSA is a set of processes constituting a tool for decision-making and strategic analysis. It aims to assess, in a continuous and prospective way, the overall solvency needs related to the specific risk profile of the insurance company. According to the Society of Actuaries in the January 2014 Health Watch, the ORSA mandate is to prevent subsidiaries from taking on excessive risk. Insurance groups writing at least $1 billion in direct written and non-affiliate assumed premium are also subject to ORSA.

Excellus, being a distributed company, has many lines of business. So, it was critical that the risk data would need to be aggregated into a single perspective of risk from risk assessments which had to be carried out across each business unit. In order to aggregate these risks, Excellus first created the master list of risks it determined through surveys, knowing that this list needed to be flexible and adaptive to the changing risk profiles of the business units and the business as a whole. It then enabled the business units to select risks that are applicable to their operation and let them assess risk in relation to their size and their part of the overall organization. Excellus then searched for a software that would allow them to do this calculation and aggregate the risk information together in multiple tiers throughout the organization.

Riskonnect Solution

Riskonnect provided Excellus with a methodology for identifying and assessing risks across multiple business units and implemented an aggregation algorithm that makes sense. So the board sees the top risks and gets a high-level view and as you go deeper in the organization, Excellus risk managers can view risks that are relevant to that level in the organization. With Riskonnect, Excellus’ risks are now being managed at the most appropriate level within the organization rather than a strict top-down approach.


Excellus has completed its first discussions with the ORSA regulators and passed the test in a very short time. In fact, Excellus is expanding and enhancing the program based on the feedback received. To pass the ORSA use test, the insurer must demonstrate that its risk assessment serves as an integral part of management’s business planning process. Excellus was able to demonstrate this using the data gathered and the methodology encompassed in the Riskonnect GRC (Governance, Risk and Compliance) cloud-computing solution.

The data above is sample data for illustration purposes only.

All Risks can be assessed using multiple criteria and with multiple levels of aggregation of scores (note: actual scoring methodology is confidential). Riskonnect GRC provides a simple user interface, easy to understand graphics with drill-down functionality, and real-time data with fully integrated mobile capability to support the organization’s ERM (Enterprise Risk Management) process:

Features Riskonnect’s Fully configurable GRC Heat Map:

  1. Simple 5×5 matrix uses a Red, Yellow, Green key to clearly define areas of concern for Risk Owners.
  2. Easy to use filtering allows Risk Managers and Owners to drill into the data.
  3. All data is real-time and immediately available for reporting/viewing purposes.

The data above is sample data for illustration purposes only.

Throughout the system, seeing the relationships between the relevant Objects helps drive the communication and discussion of risk. Riskonnect GRC displays complex organizational risk relationships, and how each risk is ranked in order of likelihood and potential impact to an organization, as compelling graphics that are drillable for the granular detail. Risk Relationships are mapped using an elegant branching graphic that clearly demonstrates how each risk is interrelated.

Take Riskonnect for a Test Drive

Discover why we’re the leaders in Risk Management Information Systems by scheduling a demo today!