Insights & Articles

Featured Solution Briefs

Detecting and Preventing Human Trafficking in Supply Chain
The call across the food & beverage industry is to get certified to one of the several Global Food Safety Initiative (GFSI) scheme options to ensure safe and high quality food. GFSI-benchmarked schemes require higher safety standards than what the government regulatory bodies enforce and certification to a GFSI approved schemes will help to drive food safety programs and processes toward FSMA compliance. Read this article to learn how adherence to GFSI approved schemes can take you one step closer to meeting FSMA Mandates.

Complying with HIPAA Omnibus Rule: Key areas of focus for Healthcare Providers
The HIPAA Omnibus Rule marks a significant update to the privacy and security obligations of providers with respect to patients’ protected health information. The MetricStream solution provides ability to effectively manage and automate HIPAA/HITECH compliance and to streamline all other compliance aspects ranging from preparing policies and procedures, to assessing and analyzing risks, managing audits, identifying gaps, and remedying issues.


Strengthening Corporate Governance Using a Risk-Intelligent Framework 
Risk management is no longer just about complying with regulations. Instead, it’s about creating proactive risk management processes to consistently identify, manage, mitigate, and document risks. Read this article to learn more about how technology can help build better governed and more resilient organizations.

Demystifying the Risk-Based Approach to Cloud Computing 
“How do you ensure the right data is moved to Cloud? How do you ensure the right security controls are implemented in Cloud? How do you mitigate all types of risks faced in Cloud? Implementation of a risk based approach can enable enterprises to address all these issues and reinforce data confidentiality, integrity, and availability and stay ahead in the competition.”

The Evolving Role of Internal Audit in Assessing the Efficiency of Business Operations 
The evolving Internal Audit function has the potential to not only enhance compliance with internal controls, but also enable business value preservation and creation. This insight discusses the changing role of Internal Audit, and introduces best practices to effectively detect and manage new and emerging risks.

A Strategic Makeover for Internal Audits 
Management teams and boards are increasingly looking to auditors to help them balance risks and opportunities, and make better-informed business decisions. In other words, audits are no longer just a compliance tool, but an important strategic asset. Discover how you can build a more effective audit program with a strong strategic focus.

6 Ways to Strengthen Policy Management 
Since policies play a critical role in supporting and strengthening an organization’s success, it is imperative to have a formal and well-thought-out policy management process. Learn about the key steps you can take to build a more effective approach to policy management.

Strengthen Your Health and Safety Culture with Impactful Systems  
Health and safety management isn’t just about meeting compliance requirements, or avoiding litigation. It’s about creating an environment where employees actively participate in achieving optimal levels of health and safety. Learn how your organization can effectively journey up the maturity curve to foster a safer and healthier work culture across the enterprise.

9 Best Practices to Jumpstart your Third-Party Management Program  
While companies increasingly rely on third parties to lower costs and accelerate time-to-market, most third-party relationships come with multiple risks such as information security risks, regulatory compliance risks, and reputational risks. Learn how to keep these risks in control, and strengthen third-party management with these nine best practices.

5 Questions to Ask Before Creating a Successful Health & Safety Plan  
A comprehensive Health & Safety (H&S) plan is critical not only to protect employees, but also to improve productivity, and minimize downtime costs. Whether you’ve already created such a plan, or are just getting started, here are five key questions to ask, in order to ensure that your H&S plan is optimally effective.

3 Proactive and Easy Steps for SOX Compliance  
SOX compliance management can seem like a daunting task even to the best of companies. However, with a few key steps, you can effectively simplify and strengthen your SOX compliance processes. Read this article to know more about building a successful SOX compliance program.

The Power of Key Risk Indicators (KRIs) in Enterprise Risk Management (ERM) 
With the global risk landscape constantly evolving and organizations striving to achieve their objectives, there is a high demand for relevant and timely risk information. Key Risk Indicators are critical predictors of unfavorable events that have the potential to adversely impact organizations. They also provide invaluable insights to monitor change in the level of risk exposure, and provide organizations early warning signs to prevent incidents and crisis. This article highlights key aspects to consider for defining effective KRIs, and how monitoring of appropriate KRIs can safeguard your organization from operational, reputational and other risks.

Are Your Stores Ready for the Holiday Season? 
With holiday season just around the corner, it is imperative for every retailer to make sure that their store processes, systems, and staff are working in harmony and ready for busiest time of the year. Read this article to find out how a store audit program can help.

Role of Internal Audit as Business Advisor 
Internal Audit has undergone a dramatic change in its objective from assessing oversight to delivering insight and foresight towards business functions. This article provides an insight on the role of Internal Audit in the form of an advisor adding value, apart from its role as assurer and assessor for developing key business decision and risk based strategies.

How Enterprise GRC Strenghtens Security Intelligence 
One of the key GRC challenges that Risk and InfoSec professionals face today is gaining a consolidated view of risk, compliance and internal controls across the enterprise. To achieve this, organizations are moving away from a siloed approach, towards an integrated enterprise GRC program with well-structured and visible risk reporting frameworks, unambiguous control systems, streamlined infose risk management processes, all of which can improve accountability and communication.

Enterprise-wide risk management in energy and utilities sector 
Due to the inherent and volatile nature of the business in Energy & Utility sector, organizations have to tackle the complexities of performing real-time risk measurement and mitigation. They also require risk-intelligent approach to survive the challenges posed by the economic and geo-political fluctuations. In order to execute and control their risk strategy, energy and utilities organizations must adopt a sound risk methodology, with the necessary flexibility to enable them to generate more profits.

Creating a Culture of Compliance Across Your Supply Chain 
Companies are increasingly engaging suppliers in emerging markets for cost-savings and efficiency, but with these benefits come multiple compliance risks. Looking beyond supplier compliance management as just as a necessary, regulatory-mandated activity, but also as something that can generate value for the business, organizations should create a culture of compliance across the supply chain. 

“Playing the Internal Audit Card in Changing Business Environment using 5 Critical Technological Capabilities” 
This article highlights the 5 core technology capabilities that help deliver value from Internal Audit in terms of reduced operational cost; improved visibility, and consistent and timely decision making process.

Building the Right Foundation for Governance, Risk, and Compliance (GRC) 
This article explores some aspects of what a GRC foundation would look like and how we would build it today while keeping it open for the future.

Bringing GRC Federation into IT Security
GRC, by definition, involves bringing together governance, risk and compliance disciplines from across an increasingly complex, extended enterprise with deep interlocks to customer and supplier eco-systems. The article identifies steps organizations can take to establish an integrated GRC and security approach using a ’federated’ model.

FDA Inspections: Face the Challenge Through Proactive Preparation
This article provides insight on FDA's inspection from Entry to Exit and how Life Sciences companies can adopt the 3I approach of "Implement-Inspect-Incorporate" instead of Retrospect. The article also discusses the Quality System Inspection Technique (QSIT) used by FDA for inspections and how technology can be leveraged to be better prepared.

Is your internal audit fit for the future? 
The Internal Audit function has moved beyond the traditional assurance model owing to the dynamism in the business environments and has progressed to a transformational role as a "Strategic partner". Hence there is a need for systematic makeover of Audit functions within organizations to drive this advantage for business decision making. This article highlights the key areas for transformation to enable internal audit function to deliver greater value to an organization for gaining competitive advantage.

Increased supplier ownership for sustainable social compliance
Increasing supplier ownership is key to performance of social compliance programs. Implementing a successful and sustainable social compliance program requires companies to ensure that there is ownership across the entire supply chain. Companies need to understand the root cause of factory noncompliance, and then focus on capacity building and training, both internally and externally, to solve the problems.

CPA Journal - "Effective Audit Report Writing"
In this recently published CPA Journal article Gaurav Kapoor and Connie Valencia discusses about creating & structuring an effective audit report, aligning your audit reports to your business objectives, and addressing multiple audiences. 

Strengthen IT Auditing with COBIT
MetricStream's latest insight on "Strengthening IT Audit with COBIT" will provide guidance on how you can leverage COBIT for effective execution of IT Audits & integrating it within the General IT Audit process.

Banks Need Better-Rounded Boards
This article, written by Susan Palm, Vice President of Industry Solutions at MetricStream, highlights how community banks are missing out on opportunities for driving success by not having seasoned board members whose experience and skill sets align to the bank's challenges. The article discusses the importance of the role of board members and why it is key for them to work hand in glove with the management to drive growth. With new regulations being introduced, The board of directors of banks of all sizes are under tremendous regulatory scrutiny and pressure to add value to the organization and this can be only achieved if the board members have a well-rounded experience in the industry. 

The Auditor’s Role in Adding Organizational Value - Aligning various aspects of GRC auditing to fulfill the new responsibilities
This articles talks about how auditors can contribute to streamlining GRC program by evaluating its effectiveness and aligning various aspects of GRC auditing, thereby fulfilling the new responsibilities and adding immense organizational value. 

Social Media and HIPAA Compliance: Balancing Benefits and Risks
Compliance Today, a leading publication of the Health Care Compliance Association, published this article on the topic "Social Media and HIPAA Compliance: Balancing Benefits and Risks" co-authored between Jim Sheldon-Dean, Director, Lewis Creek Systems and Vidya Phalke, PhD, CTO at MetricStream Inc. 

Add Business Value and Gain Competitive Advantage
Article published in Sox Journal: discusses about how implementing an ongoing, sustainable and cost-effective strategy supported by adequate technology can bring true competitive advantage and business value 

Demystifying a Mature and Cost-effective SOX Program 
Article published in Sox Journal: sharing insights on how the growth and evolution of businesses' compliance with financial, reporting and operational requirements, including those imposed by regulations as well as those adopted pursuant to Sarbanes-Oxley, present significant challenges to business executives and about the ways to simplify it. 

CPA Journal - "The Transformation of Internal Auditing"
In this recently published CPA Journal article Gaurav Kapoor and Michael Brozzetti share their views on "Audit’s Role in Enterprise-wide Transformational Change" 

Laying the Groundwork for Your GRC Journey
A leading healthcare products manufacturer successfully embarks on the path towards building a robust, collaborative, and harmonized approach to GRC, supported by an integrated technology infrastructure

Five Tips: How to measure the value of your internal audit department
Measuring the performance of an organizational process is second nature to internal auditors. But measuring the performance of the internal audit department is a different ball game altogether. Connie Valencia CIA, CCSA, principal with Elevate Consulting and Gaurav Kapoor COO with MetricStream offer five fundamental ways to verify the value of IA.

Internal Auditors: Step up to the plate
The article published in the “IIA magazine” recently, written by experts, discusses how internal auditors have the opportunity to play a fundamental role in directing company strategy and enabling it to move forward into a new era of profitability. 

Are You Ready for the HIPAA Compliance Audits?
The Health Care Compliance Association (HCCA)’s leading magazine “Compliance Today” publishes articles written by experts belonging to various fields from the Healthcare and Life Sciences Industry, sharing insights on compliance, ethics, information security and privacy related issues that are relevant concerns in these industries.

Six Steps to Implementing a Risk-based Approach to Regulatory and Reliability Compliance in the Energy and Utilities Industry
The energy industry is in a state of intense transformation due to the forces of technology, competition and regulation. As the industry adapts to these changes, company personnel are seeking to maintain their value proposition for their customers in a climate of uncertainty and risk. Regulatory compliance, once a footnote in the company annual report, has now become a major driver of profits and shareholder return.

Cloud Presents Healthcare Providers with Challenges for HIPAA Compliance
Read this interesting MetricStream insight that brings out the challenges that cloud computing offers the healthcare industry in addition to the increased regulatory vigilance.

Maximizing the Value of a Risk-Based Audit Plan
An effective risk-based audit plan overcomes all the limitations by viewing risks through the prism of strategic objectives, which enables a more targeted and efficient audit

Technology Transforms the Healthcare Industry
This article looks at the role of regulations like HIPAA, through the implementation of Electronic Health Records, and now the Patient Protection and Affordable Care Act (PPACA) has played in bringing technology in the fore front in the healthcare industry.

Basel II: Building Risk-resilient Banking Systems
When Barings Bank declared bankruptcy in 1995, the world was stunned. As Britain's oldest merchant bank, Barings had weathered disasters like the Great Depression and Two World Wars - only to be later brought down by a single man in a small office in Singapore. By the time Barings uncovered his actions, it was too late. Leeson had cost the bank over $1 billion. Learn More about this.

Risk Management : A Fresh Assessment
Aligning risk management to strategic goals yields more accurate and focused results. Integrating a strategy-based risk model with compliance, audit and governance processes, and confidently walking the tightrope of risks, will build resilience and keep stakeholders and customers happy.

Fundamental Practices of Internal Audit Function
This article discusses how to plan an effective internal audit program focusing on risk assessment and key risks to be considered, which will help in appropriate resourcing of internal audit efforts, tied to board level issues and significant areas of the organization that can be impacted by the financial wellbeing of the organization. 

Challenges to PCI Compliance
With the burgeoning popularity of online shopping and banking, credit card transactions are flourishing. Consequently, credit card fraud is on the rise. To combat this growing menace, the Payment Card Industry Data Security Standard (PCI DSS) was developed. The standard is mandated by leading credit card institutions like Visa and MasterCard. The article describes key challenges in PCI compliance and how businesses that engage in card payments should protect cardholder data and maintain the highest levels of information security. 

Internal Audit Software Application, Continuous Auditing Systems
After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real. By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.

Alarming Rise in Automotive Safety Issues
Quality issues in automobiles can not only result in commercial implications for the manufacturer, they also become life-threatening for customers and can severely damage reputation of the automotive company. In order to manage such crises, automakers need to comply with the Transportation Recall Enhancement Accountability and Documentation (TREAD) Act and diagnose the impairment, thus nullifying further recurrence of the impairment.

ISO 31000: Streamlining Risk Management to Achieve Corporate Goals
The new ISO 31000 Risk Management standard provides a universally recognized paradigm for risk professionals to clearly define terminologies, establish formal processes, understand the context of their efforts, and evaluate opportunities vested in taking risks. MetricStream's ERM approach is well aligned with the overall approach and the guidelines of ISO 31000.

Audit Performance Measurement
While the Internal Audit function is gaining popularity as a guardian of good corporate governance and the leader of business performance, measuring the Internal Audit’s performance can play a critical role. Regulators and investors are demanding increased scrutiny of an organization’s operation, making the Chief Audit Executive’s (CAE) job more complex and challenging.

Effective Governance through Internal Auditing
Internal Audit supports the Board of Directors (BoD) and its committees by independently assessing the effectiveness of an organization’s system of internal controls as well as compliance with statutory, legal and regulatory requirements. Given the importance the BoD attaches to this role, organizations are making every effort to adopt Internal Audit across the enterprise for better management of risk and effective compliance with regulation.

Contact Chat Request a demo Download RFP Template