The Client: The Largest Electric Utilities in the US

Overview

The company is a major integrated energy company engaged in power production, transmission and distribution involving natural gas, power and other energy related products. It is one of the largest electric utilities in the US.

The company faces multiple compliance requirements from a number of regulatory bodies that impose regulatory oversight and reporting requirements. Industry regulations from FERC, NERC and state and regional public service commissions combined with cross-industry regulations like Sarbanes Oxley (SOX) impact all business functions operationally as well as strategically. These compliance requirements affect a large number of business processes with many specialized processes being designed solely to meet specific regulatory guidelines. The cost of ensuring compliance in terms of time and resources is substantial. Moreover, the risk of noncompliance and other enterprise risks have to be constantly monitored and mitigated for ensuring business performance and continuity. 

Download a Case Study

Challenges

The company had internally developed an application for managing SOX and Enterprise Risk Management (ERM) processes using Microsoft Access and SQL Server technology. The system was designed to capture SOX and other risks, associated controls, control test plans, issues to highlight deficiencies when controls failed testing and were deemed unreliable and action plans to resolve the issues.

In the last few years, the company experienced a significant increase in the number of compliance requirements to be met as well as additional scrutiny by the various regulatory bodies to determine that the company does in fact comply with those requirements. As the internally developed application was designed for a narrow set of compliance requirements, the increasing regulatory demands started bringing forth the limitations of the application and its inherent approach.

As newer processes and record keeping was required, they were setup manually outside of the system as the application could not be extended. For example, the system could not map compliance process to the general ledger balances maintained in PeopleSoft and the financial statements managed in the Cognos applications. Keeping the automated processes in synch with the manual processes became a major overhead as new accounts were created.

The internal application allowed for a simplistic and linear organizational setup and did not support the varying reporting relationships and information flows between testers, process owners and those who managed the overall compliance process for their business units.

The compliance surveys and certifications across various departments, locations and business units involved manual distribution, gathering and consolidation of responses. Lack of automation made this activity excessively tedious and error prone with a number of documents being physically circulated and manually signed in the company.

The internal application did not support the periodic cycles and frequency of activities and record keeping for ongoing compliance leading to inefficient data reentry activities. Moreover, the application did not enforce appropriate authorizations to limit users from viewing information and records that they did not have privileges for - violating key compliance principles.

Benefits

  • Efficiency:
    The overall resource requirement and processing times for compliance programs is expected to come down substantially due to an integrated compliance framework mapped to organizational structure and responsibilities. The automated workflows will take information and cases through the assessment, investigation, reporting and closure process without delays. Email notifications, task list, and case status reports on the users' homepage will keep pending tasks on top of the mind improving responsiveness and proactive participation.
  • Compliance:
    There will be a significant reduction in the risk of noncompliance as all the regulatory standards and requirements will be clearly identified and mapped to the processes, controls, activities and documents needed for compliance. Well-defined and automated assessments, issue reporting and remediation management workflows will ensure sustainable compliance.
  • Visibility:
    With MetricStream, the company executives as well as functional managers will have complete visibility into compliance programs at their respective levels of responsibilities. This transparency will make compliance and risk management a predictable process.

Contact Chat Request a demo Download RFP Template