Case Study

Enterprise Risk Assessment & Management Tools: Aligning Risk Management to Corporate Goals

The Client: A Fortune 500 company

As a global organization based in the US, the company has a robust product portfolio, multiple distribution channels and a complex regulatory scenario.

The company has a strong corporate governance model, and strives to follow a clear set of values and policies that guide employee behavior. Being an industry leader, the company offers high-quality products to its customers. The company believes in strong ethical value, focused management, and efficient operations that can support the dynamic decisions required in a globalized world


The company initiated the process of selecting a robust risk and compliance management system by evaluating various enterprise risk management solutions in the market, the yardstick being robustness of the solution, quality of the application, implementation capabilities, and the cost of ownership. After extensive evaluation, MetricStream emerged as their preferred choice. The key driver for choosing MetricStream was the unique combination of enterprise-wide risk- and internal controls platform, and specific functional modules that support compliance requirements. MetricStream's Risk Assessment tool and methodology can assist an organization in identifying, assessing and managing enterprise-wide risks.

MetricStream’s Risk Analysis and Risk Self Assessment Module provided the company with a strong centralized risk framework, allowing it to better align and coordinate risk management and internal control activities for improved performance. It supported risk assessment and computations based on configurable methodologies and algorithms giving a clear view into the company’s risk profile and enabled its risk champions to prioritize their response strategies for optimal risk/reward outcomes. As put by a senior board member, “For the first time the company had a complete inventory of the organization’s risk. That helped us recognize early on that MetricStream solution is well conceived and tremendously efficient”.

MetricStream’s highly automated Reporting Module replaced the time-consuming and labor intensive task of consolidating all the investigative risk information, and reporting it to the authority concerned. The solution enhanced their risk reporting capabilities - providing the ability to track risk profiles, control ownership, assessment plans, and remediation status on graphical charts; and tools like executive dashboards and drill-down for an easy way to access the data at finer levels of detail. In addition to pre-configured standard risk reports, the solution provided them with flexibility to configure ad-hoc or scheduled reports to view metrics on a variety of parameters such as by process, by business units, by status, etc. Quarterly and monthly trending analysis along with the ability to drilldown into each report and dashboard to see the underlying details enabled their risk managers and process owners to stay in constant touch with ground reality and progress on risk management programs. Automated alerts for events such as exceptions and failures eliminated any surprises and made the process predictable. MetricStream’s robust risk platform provided core services and capabilities such as automatic email notifications and alerts, roles-based information routing, real-time analysis of data on reports, and ability to slice-anddice statistics by a variety of parameters such as product lines, sites, and customers.

MetricStream's Loss Management module enabled the company's risk managers to track loss incidents and near misses, record amounts, and determine root causes and ownership. MetricStream provided statistical and trend analysis capabilities, and enabled end-users to track remedies and action plans. The Key Risk Indicators (KRIs) provided capabilities for tracking risk metrics and thresholds, with automated notification when thresholds were breached. The solutions have been deployed on the MetricStream Enterprise Compliance Platform, an integrated framework for driving effective risk management and corporate governance. By improving operational efficiencies in risk management systems, the company has lowered the cost of compliance and created a transparent environment for proactively identifying, tracking and resolving potential risks/issues.


As the company’s global reach extended and regulatory requirements proliferated, so did the company’s vulnerability to an array of risk challenges. Following an in-house, manual ERM review, the company identified significant challenges, including maintaining accountabilities for risk and control, and establishing consistency in risk management and internal control activities.

Factors such as limited reporting and data analytics, lack of collaboration between teams at different sites, manual and inefficient follow-up on action items, and time-consuming data gathering for risk reports underscored risk initiatives the organization needed to address. Legal and regulatory requirements drove the need for a more robust approach to risk management. At the same time, executive management and the board wanted to have a ‘complete picture’ of the company’s risk profile. The recognition of the fact that much of company’s risk exposure was not covered led the senior management to look for an innovative comprehensive solution that could help them identify the gaps or inefficiencies in their risk coverage; list the areas involved in risk assessment and management; revamp the approaches used to achieve these ends; apply a maturity risk model to help identify current and desired future states; and develop plans to help close gaps and overcome inherent inconsistencies.

Why MetricStream was Selected?

Robust Enterprise Compliance Platform with a broad set of functional modules that serves as the foundation for the company’s risk management and compliance needs

Powerful reporting for internal data analysis as well as customer reporting

Ability to configure off-the-shelf modules to adapt to best practices and incorporate specific business processes followed in the company

Multi-site web-based access with collaboration tools to support teamwork

Low total-cost-of-ownership


  • Enabled Consistent Reporting: 
    MetricStream ensured complete visibility into the entire risk profile. This transparency made risk management a predictable process in the company while lowering the potential liabilities and risks. It provided bird’s eye preview of all risk management related data - detailed info of risks and their corresponding controls and assessments, results from individual assessments.
  • Integrated Risk Management Efforts:
    MetricStream helped the company adopt an integrated approach so that all its fragmented risk management initiatives are integrated, and aligned with the broad corporate goals.
  • Identified and Assessed Key Risk:
    Exposures: MetricStream enabled the organization to identify, measure, monitor, and control its inherent risk exposures of the business at all levels.
  • Affirmed Strength to Internal Controls: 
    MetricStream provided a powerful mechanism for affirming the strength of the internal controls and adherence to regulatory policies.
  • Enhanced Efficiency:
    These solutions provided a systematic mechanism for managing surveys and certifications in a consistent, reliable and predictable manner. It ensured accountability by enforcing the flow of information and records, and documenting attestations and representations at appropriate stages.

Ready to get started?

Speak to our experts Let’s talk