Metricstream Logo

AI-First Connected GRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

webinar

MetricStream Ranked #1 in Operational Risk and Audit Categories

Learn More

Discover Connected GRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Your Insight Hub for Simpler, Smarter, Connected GRC

Download this report to explore why cyber risk is rising in significance as a business risk.

Explore the forces reshaping governance, risk, and compliance in 2026

Download the eBook

Learn about our vision and mission

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

What's New in MetricStream's AI-Powered GRC: Faster, Smarter, More Intuitive

5 min read

Introduction

The latest release of MetricStream delivers a sweeping set of enhancements designed to make governance, risk, and compliance faster, smarter, and more connected than ever.

With AI woven deeply into every product area and a modernized user experience across the board, this release is built to help GRC teams do more with less, act on insight instead of instinct, and stay ahead of regulatory change.

Here's a look at what's new.

What's New at a Glance

Capability AreaKey New FeaturePrimary Benefit
AI GRC PlatformModel Gateway & LLM ConfigurationConnect any LLM with governance and data residency controls
AI GRC PlatformSummarization & Open Prompt APIsEmbed AI into any GRC workflow with built-in guardrails
Risk & ComplianceAI-Powered Control Description RefinementAuto-generate audit-ready control narratives using proven frameworks
Risk & ComplianceCollaborative Control TestingReal-time multi-user testing with locking and commenting
Survey & AssessmentsAutomated Red FlagsInstant detection of out-of-threshold responses across all modules
Regulatory Change MgmtAI Alert Applicability AssessmentAuto-classify alerts as applicable, not applicable, or uncertain
Regulatory Change MgmtAI Regulatory SummarizationConcise summaries of alerts and linked documents
Policy ManagementNew Policy Portal & Hierarchical EditorUnified policy hub with five-level nesting support
Business ContinuityEnhanced BIA & BCM PlansClearer RTO/RPO views and integrated Gantt charts
IT/Cyber RiskCompliance Monitoring ScorecardConsolidated control testing status with drill-down
Platform-WideBulk Reassignment, Offline AssessmentsFewer manual steps, no data loss during org changes

AI that Works Where You Do

At the heart of this release is MetricStream's expanding AI GRC Platform — a purpose-built foundation that brings responsible AI to every corner of your GRC program.

  • The Model Gateway & LLM Configuration lets organizations connect any internal or third-party large language model through a centralized, governed gateway. You choose which models your teams use, with built-in enforcement of data residency, compliance, and cost policies.
  • Two new Inference APIs — for Summarization and Open Prompt — transform how teams interact with data. Whether it's generating concise summaries of complex data sets or embedding AI intelligence directly into any GRC workflow, these APIs accelerate decisions with governance and guardrails applied automatically.
  • Underpinning it all is a comprehensive AI Governance & Trust Framework that includes prompt guardrails, PII masking, model observability, audit logging, evaluation pipelines, and proactive alerting. It's enterprise-grade AI you can deploy responsibly, with the auditability and confidence regulators and boards expect.

Smarter Risk & Compliance with AI-Powered Controls

Across Enterprise & Operational Risk Management, Regulatory & SOX Compliance, IT/Cyber Risk, Internal Audit, and Regulatory Change Management, a powerful new capability stands out: AI-Powered Control Description Refinement.

Using proven frameworks like 5Ws, STAR, SCQA, and PEEL, AI automatically rewrites control descriptions into clear, consistent, audit-ready narratives. Teams can select their preferred tone — professional, formal, or detailed — and the result is a control library that meets industry standards without the manual effort.

Paired with Collaborative Control Testing, multiple users can now test controls together in real time with built-in locking and commenting. No more bottlenecks. No more version confusion.

Automated Red Flags: Catch Exceptions Before They Escalate

A game-changer for survey and assessment workflows, Automated Red Flags instantly surfaces out-of-threshold and high-risk responses the moment they come in. Available across Regulatory & SOX Compliance, Policy & Document Management, Third-Party Management, and Internal Audit, this feature works with all major response types — Checkbox, Dropdown, Radio Button, Yes/No, Amount, Number, and more — with manual flagging supported for text, attachment, and tabular responses.

The result: reviewers never miss a critical exception, and teams focus their time where it matters most.

Regulatory Change Management, Supercharged

Keeping up with regulatory change just got dramatically easier. Two new AI capabilities transform how teams triage and interpret incoming alerts:

  • AI-Generated Alert Applicability Assessment instantly classifies each regulatory alert as applicable, not applicable, or uncertain — based on your organization's parameters — and explains every decision in plain language.
  • AI-Generated Regulatory Summarization scans alerts and all linked documents (via RSS, email, or manual ingestion) and produces concise summaries tailored to your coverage areas.

Both features offer configurable prompts so compliance teams can tune AI behavior to their specific business context.

A Reimagined Policy & Document Management Experience

Policy teams will love the new AI-powered user experience — a ground-up redesign featuring simplified, role-aware navigation, redesigned landing pages, improved templates, guided authoring, and streamlined workflows.

The enhanced Policy Portal brings everything together — discovery, attestation, announcements, and exceptions — in one unified, tab-based interface. And a new hierarchical policy editor supports five levels of nesting, making it easier than ever to author and review complex policy documents.

Business Continuity, Modernized

Business Continuity Management receives a modernized UI/UX with a more task oriented, intuitive experience and improved visibility into key BCM activities.

The Enhanced Business Impact Analysis provides clearer views of critical recovery metrics — Recovery Time Objective (RTO), Recovery Point Objective (RPO), Maximum Tolerable Period of Disruption (MTPD), and impact ratings. 
Meanwhile, improved Business Continuity Plans now support integrated Gantt charts and clearer hierarchical plan structures, helping organizations identify recovery gaps faster and stay operationally ready.

IT, Cyber Risk & Compliance: Full Visibility into Testing

A new Compliance Monitoring Requirement Test Status Scorecard gives IT and cyber risk teams a consolidated view of compliance testing — showing results across all mapped and tested controls for any reporting period. Outcomes are summarized as Not Tested, Pass, Fail, and Not Applicable, with drill-down capability to uncover gaps, prioritize testing, and keep compliance programs on track.

Internal Audit: Sharper Scope, Faster Reviews

Internal Audit teams benefit from Enhanced Audit Scope Management, making it easier to define and manage what's in and out of scope for each engagement — alongside the cross-platform AI and automation capabilities that streamline control testing, issue remediation, and survey exception management.

Platform-Wide Productivity Boosters

Several enhancements span the entire MetricStream platform:

  • Bulk Reassignment of Assessments — transfer entire portfolios of assessment tasks in a single action during reorgs or staff changes.
  • Offline Risk Assessments via Excel — complete assessments offline and sync automatically with no duplicate entry or data loss.
  • Real-Time Landing Report Refresh — teams always see the latest status without waiting.
  • Bulk Review & Update of Issues — select multiple records and update them in one action with full timestamped audit trail traceability.

Summary

The latest release embeds AI-powered capabilities and governance into every workflow while making the platform simpler and faster to use. Whether you're managing enterprise risk, tracking regulatory change, governing third parties, or running internal audits, this release helps your team work smarter, move faster, and stay compliant with confidence.

Ready to explore what's new? Schedule a demo now

Frequently Asked Questions

The release includes AI-powered control description refinement, automated red flag detection in surveys, AI-generated regulatory alert summarization and applicability assessment, and a new Model Gateway for connecting internal or third-party LLMs. All of the above are governed by a built-in AI Trust Framework.

The AI-Powered Control Description Refinement feature automatically rewrites control descriptions using structured frameworks (5Ws, STAR, SCQA, PEEL) to produce clear, audit-ready narratives, reducing manual effort and improving consistency across the control library.

MetricStream’s Automated Red Flags feature monitors incoming survey and assessment responses in real time and instantly flags any response that falls outside defined thresholds or meets high-risk criteria — supporting multiple response types including checkbox, dropdown, yes/no, and numeric inputs.

The MetricStream AI Governance & Trust Framework is an enterprise-grade guardrail layer built into the platform that includes prompt controls, PII masking, audit logging, model observability, and alerting, ensuring AI outputs meet regulatory and internal governance standards.

The April 2026 updates span Enterprise & Operational Risk Management, Regulatory & SOX Compliance, IT/Cyber Risk, Internal Audit, Policy & Document Management, Third-Party Management, Business Continuity Management, and Regulatory Change Management.

Pat McParland

Patricia McParland VP – Marketing

Pat McParland is VP of Product Marketing at MetricStream. She is responsible for creating product messaging, product go-to-market plans, and analyzing market trends for MetricStream's cyber compliance and third party risk product lines. Pat has more than 25 years of financial data and technology marketing experience at Fortune 1000 brands as well as startups and has led product and marketing teams at Dow Jones and Dun & Bradstreet. She has a BA from the College of William and Mary and lives in Summit, New Jersey.

 

Related Resources

Blog
Blog
5 mins
Patricia McParland
What's New in MetricStream's AI-Powered GRC: Faster, Smarter, More Intuitive