A reasoned overview of the beneftis derived from tracking vendor incoming certificates of insurance.

1. eSolutions Group
Aon 360 eSolutions Magazine (Q1 / Q2 2006) – Pages 21 – 22 – Jan 2006
Incoming Certificates of Insurance—To Track or Not To Track, What is the Answer?
By Barry Scott, Director, Aon eSolutions Certificate Management Group
The process of tracking certificates of insurance can be overwhelming, time consuming, and
complex. Some organizations are adamant as regards tracking Incoming Certificates for all
Vendors, Contractors, Tenants etc. (Vendors), while others are indifferent. What is the right
answer? Does Generally Accepted Accounting Practices (GAAP) or the Sarbanes-Oxley Act of
2002 (SOX) require Incoming Certificates of Insurance be tracked? What is the most efficient /
cost effective methodology to perform this process? How does an organization select an
Incoming Certificate tracking solution?
As we seek to answer the question – to track or not to track incoming certificates, let’s first
understand the basic requirements of Generally Accepted Accounting Practices (GAAP) and the
Sarbanes-Oxley Act of 2002 (SOX).
 GAAP are imposed on companies to ensure investors have a minimum level of financial
reporting consistencies. GAAP cover such things as revenue recognition, balance sheet
classifications, and share measurement.
 The Sarbanes-Oxley Act of 2002 is designed to protect shareholders and the public from
accounting / financial reporting errors and fraudulent business practices for U.S. listed
companies; this is especially critical as the majority of the financial reporting processes take
place in back-office systems, with much of the occurring in standard desktop applications
such as spreadsheets and e-mail. Two key components of SOX have caught corporate
executive’s attention – i) Section 404 of the act requires management of the publicly held
companies and their outside auditors report on the effectiveness of the company’s internal
controls, and ii) Section 302 of the act mandates that executives must sign the annual
external auditor certified “internal control” evaluation and financial reporting documents.
 Based on the above requirements overview, as well as discussions with several corporate
executives, neither GAAP nor SOX explicitly require organizations to track Certificates of
Insurance. However, many smart financial mangers continue to look for opportunities to
leverage Section 404 compliance efforts to enhance their overall business reporting
processes. This is especially true for multinational companies who are using SOX
implementations as a vehicle to increase process and reporting consistency across their
business functions and geographies.
So, if GAAP nor SOX require tracking certificates of insurance, then why invest the time or bear
the costs to perform this process? What is the benefit to my company?
 First, based on discussions with over 250 companies during the past 24 months, Aon
has learned that most organizations are looking to go beyond the letter of the law,
especially in light of the corporate / financial confidence issues occurring in 2001. As a
result, most publicly traded organizations are considering ways to eliminate "knowledge"
gaps regarding their financial exposures. Many CFO’s, Legal Counsel, Risk Managers,
and Procurement Departments, believe that Tracking Incoming Certificates of Insurance
is a substantive way to improve organizational control structures and enhance their
Sarbanes-Oxley compliance / reporting measures.
 Secondly, in today’s highly competitive marketplace, every organization is looking for
ways to reduce operating expenses / losses, while increasing profitability. Organizations
th
Aon eSolutions Certificate Management Group  1000 North Milwaukee Ave., 4 Floor  Glenview, IL 60025

2. eSolutions Group
who aggressively track incoming certificates of insurance, are frequently able to reduce
financial losses and litigation costs by transferring high risk and/or high frequency
exposures to their Vendors (indemnitors).
 Finally, standard operating procedures for most companies require that every Vendor
signs a Contract which details the product / service requirements, financial obligations,
indemnifications, and other pertinent aspects of their engagement. The Contracts
protect both organizations by defining the relationship, and frequently include a listing of
the insurance coverages / limits required to conduct business with the procuring
organization. However, the benefits of a signed Contract are dramatically hindered if the
procuring organization never implements the key control process designed to reduce
their litigation and financial exposure – the Requesting and Tracking of Incoming
Certificates of Insurance from each Vendor.
Therefore, if an business determines that Tracking Incoming Certificates is an important control
factor for their organization, a key question must still be answered – What is the most efficient /
cost effective methodology to perform this process? Tracking certificates can be as simple as
confirming that your organization has received a certificate from a Vendor, or as complicated as
evaluating all elements of your risk management program (this may include confirmation that
the Vendor’s insurance coverages / limits are in synch with your organization’s Contractual
requirements).
The least expensive / time consuming process is to capture any Incoming Certificates that may
be requested / provided by an organization’s Vendors. However, if this process is deployed, the
organization can only presume that their Vendor has some type of insurance coverage, which
may or may not provide the requesting organization the ability to transfer their high risk and/or
high frequency claims to their Vendor (indemnitor).
Two of the most common models utilized to track Incoming Certificates is to access a proven
Certificate Tracking application that allows your organization the ability to perform this process
with the organizations internal resources (Self Service) or to outsource the entire requesting /
tracking process to an experienced Incoming Certificate Tracking company (Outsourced). Both
models provide an organization with the ability to identify if an Incoming Certificate is compliant
with their Contractual requirements. However the time requirements and experience levels
required to support a Self Service program are frequently usually not considered a core
competency of most organizations; also the additional resources required to perform the Self
Service tasks are usually adversely impacted by organizational budget constraints. As a result,
most multinational companies have determined that an Outsourced program, managed by
licensed insurance professionals, will provide their organization with the maximum benefits that
can be realized by Tracking Incoming Certificates of Insurance.
The following two case studies illustrate the importance of implementing a comprehensive
Incoming Certificate management solution:
Case Study #1
A 75-year-old transportation company contracted with Aon eSolutions ‘outsourced certificate
tracking team’ in June 2000 to track incoming certificates for all Vendors (Indemnitors) servicing
this organization’s facilities and equipment. In October 2003, a janitor working at one of the
company’s facilities was struck and killed by a drunk driver. The janitor killed in this accident
actually worked for a Vendor who was not directly contracted to provide services for this
transportation organization. After some investigation, it was determined that the janitor’s
th
Aon eSolutions Certificate Management Group  1000 North Milwaukee Ave., 4 Floor  Glenview, IL 60025

3. eSolutions Group
company was actually a sub-contractor for an approved Vendor of the transportation company.
Though the transportation company had some loss protection, as they had a Contract with the
approved janitorial Vendor, they also minimized their financial / litigation costs by evidencing an
Incoming Certificate from the approved Vendor naming the transportation company as an
additional insured. As a result, the transportation company made a successful motion to
remove themselves as defendants and was able to defer all defense costs to the Vendor.
Case Study #2
A 120-year-old national retail / grocery store chain contracted with Aon eSolutions ‘outsourced
certificate tracking team’ in June 2000 to track incoming certificates for all merchandise and
service Vendors (Indemnitors). In early 2005, a customer purchased a bottle of peppers from
one of this chain’s stores. As they were eating the peppers out of the bottle, they ingested a
shard of glass, which caused injury to the customer’s mouth and throat. After some discussions
between the retail / grocery store chain, the chain’s TPA, and Aon, it was determined that the
manufacturer had a valid Contract with the retail / grocery store chain which provided some
protection from loss (as the Vendor Contract required insurance). However, all agreed that the
retail / grocery store chain could greatly minimize their financial / litigation costs if they could
evidence an Incoming Certificate from the approved Vendor, especially if they were named as
additional insured. As Aon was tracking all Incoming Certificates against the specific Indemnitor
insurance requirements of the retail / grocery store chain (of which additional insured was one
condition), they were able to retrieve an Incoming Certificate of Insurance for the contracted
Vendor. As the retail / grocery store chain was able to secure the Incoming Certificate of
Insurance, they were able to tender the claim to the manufacturer who accepted their tender
and agreed to pay all legal expenses incurred in the defense of this case. The manufacturer
(Vendor) also agreed to pay any judgment / future settlement. The retail / grocery store chain
realized a savings in excess of $50,000.
In evaluating the optimal Certificate Tracking solution, consider these questions:
 If you are currently tracking certificates, what problems are you having with your current
certificate tracking method? Does the system / process utilized meet your current /
future needs?
 Does the solution provide all of the required features necessary to accurately monitor
insurance coverages, limits, insurance company ratings, renewal dates, etc.?
 Does your current solution handle correspondence, certificate storage and retrieval?
 Do you have sufficient resources necessary to track your incoming certificates?
 Do you currently have the ability to control day-to-day decisions regarding Vendor
compliancy?
 Can your application / hardware store large amounts of data on-line? For how long?
 Is your Board of Directors confident they have taken all possible steps to reduce
litigation costs and/or minimize financial exposure?
Remember, the process of tracking Incoming Certificates of Insurance supports Corporate and
Risk Management objectives, while reducing an organization’s exposure to financial loss and
costly litigation. Additionally, for organizations requiring signed Vendor Contracts, tracking
Incoming Certificates of Insurance allows the organization the ability to monitor the insurance
standards of their Vendors and enforce the agreed upon Contractual standards.
th
Aon eSolutions Certificate Management Group  1000 North Milwaukee Ave., 4 Floor  Glenview, IL 60025