Gaining visibility into and control over the multitude of internal and external risks is one of the top priorities of corporations today. With a recent jump in regulatory mandates and increasingly active shareholders, many organizations have become sensitized to identifying areas of risk in their business, be it financial, operational, IT, brand, or reputation related risk. They are looking to systemically identify, measure, prioritize, and respond to all types of risk in the business, and then manage any exposure based on business strategies and priorities.
MetricStream provides an integrated and flexible framework for documenting and assessing risks, defining controls, managing assessments and audits, identifying issues, and implementing recommendations and remediation plans. The risk management system also includes powerful risk analysis and monitoring tools such as configurable risk calculators and risk heat maps.
Risk Assessment and Analysis
MetricStream Risk Management Solution provides a centralized risk framework to document and manage all risks faced by an organization. It supports risk assessment and computations based on configurable methodologies and algorithms, giving a clear view into each organization’s risk profile, and enabling managers to prioritize their response strategies for optimal risk/reward outcomes.
Controls Design and Assessments
Once the key risks have been identified and prioritized, MetricStream Risk Management Solution leverages the COSO framework to help define a set of controls that mitigate those risks. The solution also allows associated policies and procedure documents to be attached for reference. Assessment plans to evaluate and ensure the effectiveness of the controls can be designed and assigned to owners based on roles and responsibilities.
Using the solution, risk officers and process owners across the organization can efficiently manage risk assessment programs to ensure the effectiveness of controls. The system supports assessments based on predefined criteria and checklists, and has a mechanism for scoring, tabulating, and reporting results.
A repository of all assessments, with an easy search capability, ensures that users can check to see if a specific control was tested. They can also view the assessment results, and determine whether or not remedial action is required.
MetricStream Risk Management Solution provides seamless integration with MetricStream Internal Audit Management Solution for streamlining the audit management process in the organization. The solution provides the flexibility to manage a variety of audit-related activities, data, and processes to support risk management. It also supports the complete spectrum of audits, including internal audits, operational audits, IT audits, supplier audits, and quality audits.
The solution provides a single framework to manage the complete audit lifecycle, beginning with audit planning and scheduling, and extending to the development of standard audit plans and checklists, field data collection, development of audit reports and recommendations, review of audit recommendations, and implementation of those recommendations.
The solution is equipped with advanced capabilities such as built-in remediation workflows, time tracking, email based notifications and alerts, risk assessment methodologies, and offline functionalities for conducting audits at remote field sites. These capabilities enable organizations to implement best practices for efficient audit execution, and ensure integration of the audit process with the risk and compliance management system.
Issue Management and Remediation
For issues arising from the assessment and auditing processes or from external events such as loss events or “near misses,”MetricStream Risk Management Solution provides seamless integration with MetricStream Issue Management and Remediation Management modules. Once issues are identified, documented, and prioritized, a systematic mechanism of investigation and remediation is triggered by the underlying workflow and collaboration engine.
The solution supports the triggering of automatic alerts and notifications to appropriate personnel for investigation and remedial task assignments. The issues remain open till the action plan is carried out and results have been verified for effectiveness. Managers can track the status of issues as they automatically move from one stage to the next based on the organization’s risk management procedures.
Executive dashboards provide enterprise-wide visibility into the risk management process and highlight issues that need to be addressed. The solution also has the ability to track risk profiles, control ownership, assessment plans, remediation status, etc. on graphical charts that can be accessed globally and display real-time information. The ability to drilldown provides an easy way to access the data at finer levels of detail.
In addition to pre-configured standard risk reports, the system provides tremendous flexibility by enabling stakeholders to configure ad-hoc or scheduled reports. These reports can be used to view metrics by a variety of parameters such as by process, by business units, or by status. The system also provides quarterly and monthly trending analyses with the ability to drilldown into each report and dashboard to see the underlying details. This enables risk managers and process owners to stay in constant touch with the ground reality and progress on risk management programs. Automated alerts for events such as exceptions and failures eliminate any surprises and make the process predictable.