Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

ERM: Improve Quality, Competitiveness, and Costs Through Proactive Management of Risk

May 21, 2004 2-min. read

Key Highlights:

  • Agenda Overview:

    • The presentation covers the managed care industry, an overview of Blue Cross Blue Shield of North Carolina (BCBSNC), the company’s conversion efforts, implementation of the Sarbanes-Oxley Act (SOX), and the execution of Enterprise Risk Management (ERM).

  • Managed Care Industry Context:

    • The industry comprises twenty public companies serving 80 million members, with the Blue Cross Blue Shield Association serving 90 million members.

    • There are 43 million uninsured individuals and 40 million Medicare beneficiaries, totaling 253 million people.

  • Blue Cross Blue Shield of North Carolina (BCBSNC):

    • Company Goal: To deliver quality, innovative services.

    • Customer Promise: Simplify, Assist, Empower.

    • 2003 Highlights:

      • Members Served: 2.9 million across all 100 North Carolina counties.

      • Claims Processed Per Day: Over 140,000, totaling nearly $6 billion.

      • Customer Calls Per Day: Over 11,000.

      • Providers in Network: Over 36,000.

      • Employees: Over 3,200.

    • Growth Metrics:

      • Significant growth in membership and revenue from 1999 to 2003.

  • Conversion Efforts:

    • BCBSNC reviewed best practices of public companies, including compliance with SOX, in anticipation of converting to a for-profit entity.

    • The decision was made not to convert; however, compliance with SOX continued to be pursued.

  • Implementation of Sarbanes-Oxley Act (SOX):

    • Internal Control Evaluation Process:

      1. Plan & Scope the Evaluation.

      2. Document Controls.

      3. Identify & Correct Deficiencies.

      4. Assess Controls.

    • Key Deliverables:

      • Documented business processes.

      • Identified risks and controls, including gaps.

      • Risk & Control Matrix detailing risks, controls, control objectives, assessments, owners, financial statement impacts, and gap references.

  • Execution of Enterprise Risk Management (ERM):

    • Risk Prioritization:

      • Risks are prioritized by process, considering the likelihood (frequency) and magnitude of impact (approximate cost of event).

    • ERM Objectives:

      • Improve quality, competitiveness, and costs through proactive management of risk.

      • Ensure compliance with regulatory requirements.

      • Enhance decision-making processes.

      • Protect and create value for stakeholders.

This presentation provides an in-depth look at BCBSNC’s approach to implementing SOX and ERM, highlighting the importance of proactive risk management in improving organizational quality, competitiveness, and cost efficiency.

Click for a link to the presentation.

Citation: “ERM: Improve Quality, Competitiveness, and Costs Through Proactive Management of Risk” ERM Initiative. May 21, 2004.

More From Enterprise Risk Management Initiative

How do you effectively communicate risk insights to a board of directors?

Approaches to Communicating Risk Insights
cover fo 2024 global risk oversight

2024 Global State of Risk Oversight: Managing the Rapidly Evolving Landscape
photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks