MDOS: Enabling Resilient GRC for Dynamic Enterprises

Introduction

In today’s digital-first world, companies continuously organize and reorganize via corporate divestiture, diversification, merger, or acquisition to gain efficiencies and market share. Re-structuring, changes to roles and responsibilities, updates to project teams, addition of third parties, and more happen continuously. As the organization evolves and changes its footprint, its internal structure becomes increasingly complex with multiple layers of hierarchy. These hierarchies could span across business units, business functions, geographical locations, legal entities, and similar dimensions.

In a multi-hierarchical organization, it is critical to maintain continuous visibility into the risks and compliance functions at the granular level during and after the transition. While each of the underlying dimensions can be viewed independently, it is critical to understand their points of intersections, interdependencies, and interplays. As the organization restructures, it is important to not forget the impact of these changes on the risk and compliance aspects.

A robust GRC process should be able to function with these multi-hierarchical structures:

• Risk teams, business management, and business functions should be able to view and manage risks across the enterprise, i.e., have visibility into the risk data sliced by business, region, risk category, or global function
• Business functions should be able to report risks across locations, regions, and businesses
• Business units should be able to manage risk and perform compliance checks across the locations they operate in
• Regions should be able to manage risk and carry out compliance activities across the businesses operating within their region

An organization model such as the Single Dimensional Organization Structure (SDOS) falls short of meeting these requirements that arise in a dynamic hierarchical organization. SDOS typically supports a relatively flat structure with little access to the granular data and cannot adapt to the dynamic changes. Clearly, it is time for a complete redesign of the compliance modeling from grounds-up.

Enter the Dynamic MDOS

Realizing the growing needs of a complex multi-hierarchical organization, MetricStream built MDOS - Multi-Dimensional Organization Structure (patented), capability in their industry-leading MetricStream Platform. This innovative functionality supports multifarious organizational structures with a flexible data model that supports up to six dimensions. Using MDOS, enterprises now have the ability to set up several multi-hierarchy configurations that map directly to their real-world hierarchical structures. Each of these multi-hierarchy structures can now be treated as a dimension of the overall organizational makeup.

These dimensions are fully configurable: users can decide what dimensions they want to include depending on their needs.

Given an enterprise, a user can map up to six dimensions (or attributes) like company, legal entity, business function, location, line of defense, restrictions, language, or any other. Each dimension can be linked to the organization’s single source of data.

For example, a company “ABC” with operations across say Europe, can select function, location, and legal entity as the dimensions. Now the user will be able to select any combination of the three to view the relevant details, for instance, the compliance function in Germany for its subsidiary, the “XYZ” legal entity.

The MDOS framework also allows consolidating various similar but siloed functions under one common corporate unit. As an example, a business conglomerate owns, say eight different companies, with each company having its own HR department. For one HR function, navigation of eight different organizational units would be required. With MDOS, all HR units can be consolidated into a single HR entity under a common corporate functional unit without any loss of granularity. Clearly, this drastically reduces the complexity and makes compliance monitoring simpler.
 

MDOS enables:

• Managing complex organizational structure

MDOS helps reduce the number of nodes in the organizational hierarchy by eliminating duplication without sacrificing the details. The platform ensures completeness and avoids issues due to the lack of mutual exclusivity in the current structure

• Selecting values from any combination of the dimensions

Users have the flexibility of selecting values from any combination of dimensions in a unified single screen. This helps in accurately gauging the organizational risk profile and performing the risk assessments for a specific dimension. This functionality is key to creating customized reports for actionable insights

• Visibility into the hierarchical structure

The framework provides a hierarchical visualization of the organization structure to the users. It also gives the users the ability to search on each dimension instead of an expensive ‘contains’ search.

• Setting granular privileges for the business needs

In this framework, users are mapped to an MDOS Organization Role combination, and access is driven based on this mapping.

MetricStream has recently secured patent rights for MDOS. It is the only GRC platform capable of modeling complex, multi-dimensional organizational structures. This facilitates setting up specific and targeted risk response and restrictions across the enterprise.

MDOS assists companies in rapidly re-tooling their GRC solution in response to an organizational change, thus minimizing downtime and preserving visibility into risk and compliance functions. The framework also provides useful add-ons like MDOS widget, granular access control mechanisms, Universal Search with MDOS based security.

As an example, a large financial institution in North America with more than 300 decentralized organizations across eight geographical regions recently deployed the MetricStream Platform supported by the MDOS capability. With the implementation, the company went from the previous 310 organizational units to a rationalized structure with 113 organizational units and saw a 30 percent improvement in reporting and analytics for legal entities and a lower overall cost of ownership.

“Change is constant in the business environment and systems need to ebb and flow with major organization changes or organizations will be left vulnerable in transition.”

- Vidyadhar Phalke, Chief Technology Evangelist, MetricStream