ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Case Study

Fortune 1000 Insurance Company Rationalizes Organizational Structure with MetricStream’s MDOS

An insurance and financial services giant, headquartered in Canada, with a complex organization structure spanning various regions and business units, was facing issues with modelling their organization structure and authorization policies. It implemented MetricStream’s patented innovation on Multi-Dimensional Organization Structure (MDOS) which enables swift re-tooling of GRC solution in response to an organizational change, thereby minimizing downtime, enhancing the visibility of risk and compliance functions, and enabling true agility for corporate systems.

READ MORE

Industry

Banking and Financial Services

Insurance

Products

MetricStream Platform

BusinessGRC

Bottlenecks with Legacy Organization Framework

Prior to MDOS, the company used a traditional approach to streamline its organizational hierarchy. It chose the hierarchy primarily based on risk reporting relationships while also reflecting the human resources and financial reporting hierarchies. It resulted in approximately 310 organizations within the overarching five-level organizational structure:

Level 1: Top of the house structure, providing visibility into all child organizations within the enterprise. This is where all the reports roll up to.

Level 2: Offers a regional view which also includes the oversight functions.

Level 3: The Divisional level (or the company level for European and Reinsurance companies).

Level 4: The line of business level (or the divisional level for European and Reinsurance companies).

Level 5: The Departmental level.

The company, with its many layers, regions, dual reporting relationships, and so on, found the legacy framework to be inefficient as it led to a number of duplicate functions or lines of business both within a region and across all regions. It also made it difficult to search and report, control granular data access, and maintain and accommodate changes to the organizational structure. It also made it difficult for risk and compliance data aggregation at various levels of its complex organization structure.

To overcome these challenges, the company started looking at ways in which it could optimize the organizational structure and implemented MetricStream MDOS.

MetricStream MDOS offers a more robust organizational structure with a flexible data model that supports up to 6 dimensions. Enterprises can setup multiple multi-hierarchy structures mirroring their actual organizational multi-hierarchy structures with each multi-hierarchy structure as a dimension. The MDOS dimensions are fully configurable, meaning that organizations can decide what dimensions they want to use depending on their needs and organizational structure. This means that for one owner organization there could be six dimensions or attributes such as company, legal entity, function, location, line of defense, restricted, language, and others.

Each dimension could be linked to the organization’s golden source of data. The dimensions don’t come pre-populated out-of-the-box and any company can define up to 6 dimensions that are relevant to their business model.
 

Challenge

  • Convoluted and rigid organizational structure
  • Duplication of organizational nodes
  • Lack of well-defined business processes and workflows
  • Inability to restrict data access
  • No insightful reporting
  • Inefficient risk assessment processes

Business Value Realized

 

Rationalized organizational structure with elimination of duplicate organizational nodes

 

Unified, single screen visualization of organizational structure simplifying node selection

 

Flexibility to maintain independent dimensions

 

Simpler maintenance compared to the legacy organization framework

 

Aggregation of risk data at any level of the organization

Setting it Up

The financial giant evaluated MDOS between April and June 2019 to understand this capability and what benefits it could engender. This was followed by sandbox prototyping, deciding the dimensions, data migration, and training sessions. The company went live with MDOS in November 2019. It chose two dimensions –

  • Legal entity: To identify the legal entity to which the organizational units belong. This helps to streamline regulatory reporting where they have to report by the legal entity.
     
  • Function: To segregate between Internal Audit and Compliance in order to prepare for those two areas sharing the Internal Audit module.

Rationalized Organizational Structure

With the implementation, the company rationalized organizational units to reduce it to 113 from 130 organizational units mapped in the MetricStream Platform, successfully eliminating node duplication and redundancies. In the new structure, Level 1 is still the top of the house, but Level 2 has been replaced by key functions or lines of business and Level 3 represents sub-functions and departments.

Streamlined GRC Data Governance and Reporting

MDOS helped the company close three key gaps related to GRC data governance and reporting by enabling a clear segregation of access (view and report) between the three lines of defense, reporting for legal entities, and access restriction to privileged and confidential information. This has helped to streamline and improve risk and compliance management activities across the locations they operate in.

MetricStream enables the organization to perform risk assessments for specific business units, functions, locations, etc., generate detailed reports, and provide actionable insights.

Flexibility with Reporting

MDOS offers the company a lot of flexibility with reporting which didn’t exist with the traditional approach. It provides additional filtering capability in reporting that allows to filter all the dimensions as well, meaning that instead of just focusing on a particular owner organization, the company can now look at any combination. In other words, the company can now run reports on a particular legal entity regardless of the organization, look at all of the issues pertaining to a particular location or function, such as all risk-related issues, compliance-related issues, etc.

This feature enables the customer to efficiently measure organizational risk exposure by slicing, dicing, and aggregating the data at any defined level of the organization.

With MDOS, the company has successfully optimized its organizational structure. The implementation has helped ensure that their GRC solution continues to provide a common view of the organizational hierarchy while improving risk and compliance decision-making, even with constant changes in the organizational design. The result was a 30 percent improvement in reporting and analytics for legal entities and a lower overall cost of ownership.

Related Stories

Case Study

Latin American E-Commerce Giant Ensures Multi-location Policy and Controls Compliance with Integrated GRC

Read More readmore
Case Study

Safaricom Discuss their GRC Journey and How They’re Leveraging MetricStream Products for Superior Risk Management and Compliance Performance

Read More readmore
Case Study

Non-Profit with 3000 Employees Taps MetricStream to Establish Centralized GRC System and Enhance its Overall Risk Awareness

Read More readmore
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk