CIO Best Practices for Effective Board Communication

Frank Petersmark

While studying for my PhD in history I came across hundreds of examples of good and bad leadership. The one thing all good leaders had in common was their ability to clearly communicate and get people to take action. Each of these leaders had their own unique styles. For example, John Kennedy and Winston Churchill would use words, Napoleon and Henry VIII would use actions and Rosa Parks and Mahatma Gandhi would use silence.

So what does all of this have to do with how CIOs and their boards of directors communicate with each other?

One of the differences between more successful and less successful CIOs is their ability to communicate effectively with their boards. Being able to communicate effectively with your board will help make securing organizational support for IT initiatives, such as funding and resource commitments much easier, as well as achieving the strategic goals of IT, which, if aligned properly will benefit the entire organization.

Developing a common communications approach is a critical part of the CIO function. The checklist below is a great place to start for board meetings, presentations and for an IT leader’s overall communications with their board members.

  • Speak their language, not IT’s
  • Keep things simple
  • ABC – Always Be Contextual
  • Talk about organizational benefits derived, not technology functionality and capabilities
  • Present options, but clear about which one is best and why
  • Don’t hide the risks
  • Paint a picture of what the organization looks like after the effort
  • Recap and ask for support, and if necessary, sponsorship
  • Return with progress reports – good, bad, and ugly

On Thursday, September 24th at 2 p.m. (ET) I will get into more detail and provide additional insights into the best practices above. This 30 minute webinar will be open to all insurance CIOs and IT executives. To secure your spot, visit:

I would also like to invite Novarica clients who haven’t downloaded my new CIO Checklist Report: Best Practices in Board Communications for CIOs to download it today at:

Unexpected Impediments to Change

Jeff Goldberg

I heard a great story this week from a friend in insurance technology sales and he gave me his permission to retell it here. I’ll start with the story and end with the (questionable) lesson.


Back some years ago a man worked selling agency management systems and traveled down to Texas to pitch the system to a small agency. The agent in charge was an affable cowboy, fairly comfortable with his current process but willing to listen to a sales pitch. As they walked through the office, the agent introduced the salesman to an elderly woman (he called her “a lovely young lady” though she was at least 20 years his senior) who sat in front of an Underwood typewriter, her sole job to manually type up each insurance certificate by hand. The salesman, seeing an opportunity to discuss the values of the agency management software, explained that with their modern processing and document generation, all of the insurance certificates would be automatically created and printed without the need to type them up anymore.

The agent stopped him in his tracks and said, “That lady’s not going anywhere. She’s my momma.”


Needless to say, he didn’t get the sale. And surely there’s a sales lesson in there. Something about knowing your target before making a pitch. Of course, no matter how much research you’ve done there are likely to be some details you can’t discover in advance.

More interesting to me is how impediments to change can come from unexpected directions. Despite many rational and logical reasons to modernize core system technology, often companies put these decisions off for years or even decades. Sometimes it’s due to budget constraints, sometimes a company isn’t ready for the short term business disruption a big project entails, sometimes there’s a lack of understanding or belief in a modern system’s capabilities. And sometimes it’s because the person whose job will be displaced is the boss’s mother.

Six Questions For Improving Cybersecurity

Tom Benton

As I recently posted on Novarica’s blog site, “while emerging technology keeps CIOs busy during the day creating information, IT security and keeping that information protected keeps them up at night”. With last year’s Target hack and this year’s Office of Personnel Management data breach among others, CIOs and CISOs at insurance carriers are rethinking their approach to security. While in the past, the main focus has been on applying security technology to protect the data perimeter, recent attacks have highlighted the fact that the biggest vulnerabilities may be the carbon-based life forms we call employees, contractors and consultants.

A recent Harvard Business Review article highlights the recent breach of an unclassified e-mail system at the Pentagon, and discusses the U.S. Military’s emphasis on human factors to minimize cybersecurity risk. If any organization has a complex task with securing its data and communications, it’s the Department of Defense, from well-funded and persistent attackers to extremely sensitive information that must be shared in a timely manner with staff from the top to the bottom of the organization.

The article summarizes methods that the U.S. Navy propulsion program uses through their training, reporting and inspection programs, with a six-area approach that any organization can use to build a better cybersecurity culture, leading to improved security that supports the technology measure in place. For each of the six areas mentioned in the article, I’ve added a question for you to consider for your organization.

1.Integrity – The military units in the DoD have a strong sense of their mission and clearly know their role in maintaining cybersecurity. One element is expecting that all have integrity to follow security protocols and procedures, and to quickly let others know when they have made a security mistake. What is your organization more likely to do: punish someone who violates a security rule, or praise that person if they quickly come forward so that the issue can be resolved immediately?

2. Depth of Understanding – The military stresses “thorough understanding of all aspects of a system” so that those maintaining and using systems can better recognize issues when they arise and can then address them effectively. Are you ensuring that IT staff and contractors have a full knowledge of all systems and interfaces, and making sure any changes are reviewed for potential security issues?

3. Procedural compliance – The culture in military units is to know proper procedure and follow it completely, without exception. My former boss, who had previously been a captain on a nuclear attack sub as well as commander of the US Pacific fleet, told me that every sailor on the vessel followed orders immediately without question because if they didn’t someone could lose their life. Is your staff committed to following the operating procedures and keeping documentation for procedures up to date?

4. Forceful backup – This concept means that for any high risk task that at least two people, not just a single staff member, are required to complete it. Also, anyone in the unit from the most junior sailor to the commanding officer can stop the process if they see a security issue. Does your organization have the same level of attention to high risk security activities?

5. A questioning attitude – All personnel are trained to listen to their “internal alarm bells” and to act – the “if you see something, say something” culture that we hear public security officials stressing. Do you welcome questioning of your security measures by staff or are you allowing blind spots?

6. Formality in communication – Finally, the military almost has its own language around communicating orders and instructions. When orders are given, the response is to repeat the order exactly as it was given before proceeding, to ensure it was heard and understood. This formal approach minimizes miscommunication and leaves little room for making errors such as misinterpreting or changing the order. Do you have a formal approach to implementation of security, especially in areas of access to systems and working with third parties on data interfaces?

Insurance CIOs and CISOs can learn from the military’s approach to developing a strong cybersecurity culture in their organizations. A disciplined, documented and determined cybersecurity environment that backs up appropriate levels of technology can minimize risk and ensure fast and effective response when security issues arise.

Novarica is not an IT security consulting firm and does not provide specific advice on IT security matters. CIOs and other IT executives should consult one or more of the many consulting firms that provide specialized expertise in IT security issues when developing and implementing their IT security plans. Please see my report “CIO Checklist: IT Security Planning”, or contact me if you’d like to discuss strategy for implementing IT security.

Novarica Impact Awards Summit Recap

Matthew Josefowicz

Our recent Novarica Impact Awards Summit provided a forum for IT leaders to present and discuss their nominated case studies with a broad group of Novarica council members and clients.

The projects presented ranged from Philadelphia Insurance’s adoption of a legal bill review solution that delivered a multimillion dollar payback to MetLife’s successful transformation of their global trading systems. Panel discussions highlighted the importance of IT’s ability to communicate effectively with other business units in delivering impactful projects, and many cited the adoption of agile as a success factor in their projects. While most of the projects involved working with technology vendors, some focused on the adoption of new practices and frameworks, and others on custom development in both traditional platforms and in the cloud.


The panels also presented an opportunity for IT leaders to compare notes on project priorities and strategies, with many attendees noting that their organizations had faced similar challenges and worked toward similar goals. Several presenters and audience members described the importance of securing other executives and end users to act as champions throughout the organization, to speed adoption of new technology and processes.

One theme that rose to prominence this year was a focus on user experience—not just for customers, but for agents and carrier employees as well. AFBA/5Star Life incorporated the needs and requirements of more than 40 third-party administrator customers when designing a new List-Bill solution. CNA deployed an enhanced agent self-service portal for quoting and issuing endorsements, drastically improving agent experience and satisfaction. And Tokio Marine North America introduced a new analytics system to aggregate customer and agency data, empowering business users with insights into previously-unknown market segments.

Taken together, these and many other nominees represent a trend towards end-user focus. Insurer CIOs are recognizing that usability of a system by all its stakeholders must be a priority, whether a project involves cutting-edge analytics or core systems replacement. These projects have successfully balanced user needs with business and system requirements—essential for ensuring a project’s positive impact throughout the organization.


All of the nominated case studies are featured in Novarica’s Best Practices Case Study Compendium 2015, which is free to Novarica clients and council members.

Insurance Networking News was there to cover the keynote and conduct a short video interview on themes of recent impactful projects.

Project teams from nominated companies received their awards, and had an opportunity to network with each other an the other attendees.


Networking Comp

To learn more about the Impact Awards program, see

With 2016 Planning in High Gear, Special Interest Group Meeting for Large P&C Insurers Highlights Opportunities, Challenges and Risks

Rob McIsaac

Last week Novarica hosted the latest in our Special Interest Group series of CIO-oriented meetings, which in this case focused on large P&C carriers. This is a line of business facing both heightened competition and significant technology change, which is forcing thoughtful prioritization for project investment portfolios. As carriers grapple with current technical debt issues and the need to remediate aging core platforms they are concurrently needing to keep a sharp eye on a range of emerging capabilities including analytics, mobility and the potential for game changers, such as drones, to emerge as mainstream solutions.

In framing the current state of the technical space, we began our discussion by looking at spending patterns for the industry, which continue to trend in a narrow range as a percentage of DWP. Looked at another way, IT spending continues to grow by 3-4% per year overall. Given the range of new activities being required of IT, this reflects a “do more without much more money” paradigm. From our analysis this is leading carriers to move away from CapEx and toward OpEx where possible. It is also encouraging carriers to rethink what is really “core” and should be kept in IT as contrasted to what may be classified as a “chore”, which may ultimately be a utility function that can best be performed by an outside provider.

A lively discussion ensued regarding the correct way to look at IT spending by insurance companies. Although it has been an industry practice for many years, the participating CIO’s disagreed with measuring IT budget as a percentage of GWP. They felt that their budget will vary based upon major transformations and measuring budget as a percentage of GWP is misleading, at best. We explored how other industries (e.g., banking) approach this issue and why looking at something other than a unit measure focused on a top line revenue number might be more appropriate.

Data and analytics was clearly a hot topic for the carriers at this SIG. Data governance is a top of mind issue, with carriers approaching the (data) ownership issues in different ways. At the end of the day, regardless of process, IT organizations can’t do this alone but must provide enablement and support to other business units.

Another key issue carriers face is finding the right skill sets to perform the data analytics function of the future. In addition to seeking skills from some non-traditional sources (e.g., advanced degrees directly from university programs, with some carriers setting up company operation close to research universities to attract better talent), companies are working to set up internal programs to provide both an appropriate level of support and mechanisms for internal cross-pollination of human capital.

Talent in other areas is also very much a high priority issue. A key area that attracted significant attention during the discussions related to the quest for Business Analysts. One carrier mentioned a successful effort they have for hiring computer science undergrads directly into internally managed training programs which allows them to grow / groom talent for the future. Working closely with universities on curriculum can be critically important as significant differences were noted in the quality / applicability of undergrad experiences. CIO’s reported that a direct and hands on approach to understanding feeder programs can allow them to get best value. They also reported that the best sources may not necessarily be obvious; a close inspection of the talent (e.g., through the use of aptitude tests) can be very important in this regard.

Another carrier noted an interest in working with a broader community of other carriers and vendors to help build appropriate pools of skilled resources, including BA’s. Irrespective of approach to acquiring talent, the need for some of these specific skills was a recurring theme throughout the discussions.

Retirement of old platforms and realization of significant savings when “completed” was noted as a vital objective for some carriers. Maintaining the vigilance to take major transformational events all the way to “done”, which means avoiding a loss of momentum and focus, is deemed central to success and avoiding a situation where new systems deployed without retiring the predecessor platforms can actually make environments more complex, expensive and difficult to manage. Maintaining a shared IT and other business unit focus, collectively, on the financial prize can be key to ultimate success in these endeavors.

Near the end of the session, the discussion turned to BPM capabilities and experiences with them as either alternative to, or complements for, workflow capabilities embedded into core systems from leading vendors. Some success stories emerged for a variety of use cases, including for the acceleration of retirement of MS Office (or SharePoint / Lotus Notes) applications that have morphed from desktop capabilities into mission critical solutions which have actually made current environments more brittle and risky. This approach to “peeling an onion” can actually garner support from line of business organizations while building trust and confidence for broader transformational events.

As always, the format for these Special Interest Group sessions provided for a frank, open, thoughtful and (of course) private sharing of experiences and perspectives. Novarica’s belief is that 2015 will prove to be the year that the future arrived; for the carriers in Boston this week it was an opportunity to explore what it truly means to be at the tip of that spear!

Our next SIG event is going to be focused on Workers Comp carriers on September 9. Life carriers will be the focus for a SIG session on October 14.

Things are moving surprisingly fast in many quarters of the insurance industry and we are looking forward to these sessions. If you’d like to be included in a future event, please let me know directly at

CIO Series: 7 Steps to Deploy and Define a Multi-Divisional IT Strategy

Mitch Wein

It is very difficult to predict the future, yet IT is being asked to do just that by developing strategic long-term IT plans for their enterprise. Everyday IT is being asked to enable their firms by developing improved partnerships with their customers and agents, transforming internal processes into fully digital mechanisms, replacing core IT systems, all the while ensuring this is done in a secure and cost effective manner.

In order for an IT strategy to be successful though, it needs the help of key control areas like strategic planning, legal, regulatory and finance, as well as operating functions including underwriting, claims, actuarial, product development, marketing, etc. If this isn’t challenging enough, IT leaders in large organizations must be able to create a strategy that works in the context of multiple divisions, entities, and countries.

In order to provide IT executives with guidance on deploying and defining a multi-divisional IT strategy, Novarica offers CIOs the following checklist to consider when initiating a multi-divisional IT strategy project. This list is based on the direct experience of Novarica’s senior team and our CIO Research Council members.

  • Start top down across divisions and within a division, the validate bottom up.
  • Understand divisional business and IT strategy.
  • Determine cultural or local drivers
  • Consider having workshops with key business and IT representatives.
  • Do a SWOT assessment for each division.
  • Determine the senior level IT and business strategy sponsor in each division.
  • Map qualitative and quantitative benefits locally by division and measure success incrementally.

While the steps listed above are meant to be a suggestion and a start of how to go about this activity, ultimately the message is one of consensus and validation. The process used to develop a multi-divisional IT plan must be validated both at the enterprise and divisional levels, and the multi-divisional IT plan owner must take the time to gain consensus at the enterprise, business, and IT level, as well as in each division.

For more information about Novarica’s CIO Best Practices and Checklists, visit: or contact me at email for a complimentary 30 minute consultation.

New Webinars for August and September

Paul Ptashnick

We’ve been averaging two free webinars per month this year, covering topics ranging from Hot Topics in Insurance IT, Trends in Policy Administration, P/C Claims, Master Data Management, Report Rationalization, Big Data & Analytics and much more. These recordings may be viewed at: (Current clients may also download the slides).

In August and September we’ll be hosting three more webinars. These 30 minute webinars will cover trends, issues and best practices for Small Insurance Carriers, P/C Billing and CIO Board Communication. Registration is open to all insurance professionals.

Challenges and Best Practices for Small Insurance Carriers
Tuesday, Aug 11, 2015
2:00 – 2:30 PM (EDT)

Trends in P/C Billing
Tuesday, August 18, 2015
2:00 – 2:30 PM (EDT)

Best Practices for CIOs in Board Communication
Thursday, September 24, 2015
2:00 – 2:30 PM (EDT)

In addition hosting our own webinars, we frequently appear on webinars hosted by media outlets or others. For example, on August 20th, Jeff Goldberg, VP of Research & Consulting will be participating in an Insurance Networking News webinar titled “Core System Modernization: Approaches and Options”. Registration and additional information is available at:

Over the next few months we’ll be adding more webinars and meetings to our event calendar. To stay on top of the latest events, make sure to bookmark and subscribe to our Newsletter at

Emerging Technology and Commercial Lines

Jeff Goldberg

Commercial insurance is often by complex coverages, heterogeneous exposures and risks and individually negotiated and priced contracts. The selling process involves complex negotiation back and forth between the policyholder, the agent or broker, and the carrier.

Over the next few years technology will play a vital role for commercial lines insurers, as prices firm up and new insurers enter the marketplace. A few of the technology initiatives that will shape the commercial lines marketplace include:

  • Rise of the Drones. Several carriers have received waivers from the FAA to test drones for use in inspections, loss control, risk surveys, surety, and other applications. While current restrictions on overflights where people are present limit use cases, there are still applications in agriculture, commercial property (including inspection of rail lines) and other arenas.
  • Portals, business intelligence, and core claims and PAS continue to be high priority. Agent portals continue to be viewed as key elements of acquiring and retaining customers, and direct sales capabilities will be increasingly important for lower-margin products. Business intelligence and analytics are providing new competitive capabilities to improve underwriting and core systems investments continue to be critical in improving time to market and product flexibility.
  • Mobile is making inroads in commercial lines. For both loss control and distributor communication.

Although drones, IoT, robots and autonomous technology investments may get a lot of attention, most current technology initiatives for commercial lines carriers will focus on the need to improve operational efficiency by streamlining processes and creating a better environment both for employees and agents.

Novarica clients may now download the new Business and Technology Trends in Commercial lines report (Non-Clients may download a preview), which includes almost 60 examples of recent technology investments, data about the marketplace and an overview of business and technology issues at:

The Importance of Modern Insurance Billing

Martina Conlon

While billing is an area that tends to get attention only when something goes wrong, it is a critical part of insurers’ agent service and customer-service strategies. Billing presents an opportunity to fulfill a brand promise of convenience and trust. It is the primary opportunity that insurers have to interact with their best customers, and errors can be costly. Most insurers are starting to see billing for what it is: a key customer service function (rather than a purely financial function). Many insurers find that legacy billing technology limits efficiency for internal operations, effectiveness of customer service, the speed to market for new or modified billing features, and can be an obstacle in delivering capability to agents and policyholders.

A modern, configurable billing system with strong rules, tools, and workflow capabilities can address these issues and provide:

  • Improved time to market for new products with creative billing options
  • Improved customer service levels
  • Improved customer satisfaction
  • Improved agent satisfaction
  • Increased operational efficiency
  • Improved consistency in process
  • More personalized customer experience
  • Improved cash management
  • Better identification and management of delinquencies
  • Clear audit trail of activities
  • Faster ability to train new employees

In Novarica’s most recent study on budgets and projects for insurer CIOs, more than 40% of companies were planning to engage in replacements or major enhancements to their billing systems.

Insurers Plans for Billing in 2015

Insurers Plans for Billing in 2015

In a world of growing business expectations, carriers must see billing as a way to meet, if not exceed, their customers’ assumptions. With this in mind, Novarica has just released two new reports on billing to help get insurers up to speed on the latest technologies and trends.

Novarica Market Navigator: US Property/Casualty Billing is 83 pages long and includes similar detailed profiles of solutions from Accenture, CSC, Decision Research Corp, EIS Group, Guidewire, Insuresoft, Insurity, Majesco, MphasiS-Wyde, OneShield, SAP, SpeedBuilder Systems, and StoneRiver. The report is available to Novarica clients and for purchase online at:

Business and Technology Trends: Billing provides an overview of business and technology issues, data about the marketplace and 16 examples of recent technology investments in billing issues. The report is available to Novarica clients and for purchase online at:

The impact of investing in new billing solutions will be significant as insurers look to digitally transform themselves in the years ahead. For more information about the latest billing trends and solutions, register my upcoming Trends in P/C Billing webinar, on Tuesday, August 18th at 2 pm (ET).

Top Stories in Property/Casualty for July 2015

Steven Kaye

We’ve just published our Novarica Industry Intelligence Brief for Property and Casualty for July 2015. These reports highlight some of the most interesting industry stories from the past month, and present them along with Novarica commentary. Commentary is available to clients only, but we’ve posted direct links to the stories below:

  • HP Fortify found all of the ten major smartwatch brands it tested had significant security vulnerabilities. Full Story.
  • Allstate is partnering with Illinois startups and technology firms to develop solutions across the claims process. Full Story.
  • The Health Information Trust Alliance has partnered with Willis North America to develop a cyber security assurance methodology and insurance products for healthcare providers. Full Story.
  • A Bloomberg editorial suggests that vehicle manufacturers need to do a better job of addressing cyber security when building vehicles, following a demonstration by researchers of hijacking a Jeep remotely. Full Story.
  • Carriers are increasingly partnering with modeling and threat assessment firms to evaluate covereds’ cyber risks. Full Story.
  • NASA has developed a tool to help monitor potential for flooding or landslides globally, potentially enabling carriers to proactively mitigate losses. Full Story.
  • Recent deals including ACE’s purchase of Chubb, XL’s merger with Catlin, and on the distribution side Willis’ merger with Towers Watson point to a change in the kinds of mergers and acquisitions happening in the insurance industry. Full Story*. (*subscription required)
  • Auto manufacturers are limiting how much information they’re willing to share with Apple and Google, but are still open to partnering with insurers. Full Story.
  • Zubie has announced the availability of an open API enabling third parties to build applications on top of and integrate services with its connected car platform.
    Full Story.
  • ISO and the Surety & Fidelity Association of America have partnered to provide a web-based tool for fidelity and surety carriers to review and correct transaction data, as well as preparing it for submission and tracking submissions. Full Story.
  • Carriers are exploring alternative approaches to usage-based insurance, including per-trip insurance and risk zones. Full Story.

For Novarica commentary, clients can download the Brief at

Previous Novarica Industry Intelligence Briefs for Property and Casualty