With its presence in over 145 locations, the company started building business continuity plan strategies globally couple of years ago. In the process, it realized the need to manage operational risks to limit the likelihood of any business disruption.
As an initial approach, the company started managing operational risks with excel spreadsheets, rolling them out to all sites. However, the approach soon turned out to be inefficient as it became extremely difficult to manage risks, do consolidations, define mitigation strategies, in addition to roles, responsibilities, and ownerships through individual excel spreadsheets.
The company was also struggling with disparate risk definitions and siloed processes.
To overcome these challenges, the company started looking for a structured and organized risk management tool to consolidate all risk registers and streamline risk and issue management with clear action plans and ownerships. The company chose MetricStream for its ability to facilitate automated workflows and streamlined processes and establish a centralized data model that helps storing all risk and control data at a central place.
The company implemented MetricStream Enterprise Risk Management out-of-the-box and mapped the processes of risk management teams to it. As a result, it has benefited from common risk language and taxonomy with standardized definitions across the organization. There is improved accuracy of data leading to increased harmonization and agility in risk mitigation and issue resolution. The company has also gained increased visibility into risks and key issues with clear and faster reporting.
“Keeping the solution simple was one of our main criteria for selecting an ERM/ORM solution. The ease of use of the MetricStream product is what caught our attention as well as the fact we can evolve to more complex structures when we will be mature enough. The implementation has helped us strengthen decision-making process with clearer visibility into key risk areas and effectiveness of controls,” the Chief Risk Officer at the company said.
Previously, the company had inconsistent risk taxonomies and definitions which led to limited visibility and understanding of risks by different business units. In addition, siloed systems and processes and use of spreadsheets made data normalization and aggregation extremely difficult, resulting in incomprehensive information which hampered overall risk identification and mitigation activities.
Using MetricStream, the company was able to standardize risk taxonomy across the enterprise, which facilitated a cross-organizational risk understanding. In addition, a centralized risk repository, which maps risks to policies and controls, provided a single source of truth and a 360-degree view of the organization’s overall risk and compliance posture. The clarification of roles, responsibilities, and accountability has further strengthened the effective enforcement of risk management program and standardization.
Common risk language and single source of truth
Identical risk reporting at any level of the organization / location
Streamlined issue and mitigation actions management
Unified tool for managing various risks, improved accuracy of risk data, and enhanced risk visibility
Earlier, the company lacked complete visibility into risks with each location and business unit having their own way of risk reporting. With the implementation of the MetricStream product, it now has standardized reporting across all organizational levels and locations. With MetricStream’s multi-dimensional risk aggregation and other dashboards, the senior management and board now have better risk visibility at multiple levels of organizational hierarchy as well as at the enterprise level. They are also better equipped to quickly identify the underlying factors for risk events and take better decisions on risk mitigation plans by knowing control effectiveness.
In addition, interactive dashboards, advanced heat maps, and reports offer the company deeper risk insights, thereby strengthening its risk foresight and driving agility and risk-based decision making.
Previously, the company had several different ways of managing risks--every single function performed risk assessments on their own with their own definitions-- which often led to inconsistencies and redundancies. With MetricStream, it now has all cross-functional risks and associated details such as risk description, category, hierarchy, and ownership at one place, which has helped streamline the risk assessment and management process.
The company aims to implement MetricStream in all other functions that are still using spreadsheets. MetricStream technology will enable it to have different risk assessments models and algorithms, which will help meet the majority of the risk management needs.
With MetricStream, the company now has a systematic issue management process which streamlines documenting, investigating, and resolving all issues related to risk, compliance, and controls. It has improved visibility on the issues faced either in sites or across the organization at any level. As a result, it has become much easier to define relevant mitigation actions and see their positive impact on the next risk assessments.
Overall, MetricStream has helped the company to effectively tackle risks by enhancing the harmonization and agility in risk mitigation, issue resolution, and mitigation actions processes. In addition, increased visibility into risks and key issues with clear identification and faster reporting has bolstered partner confidence in the company.
“Facing different types of risks on a daily basis is part and parcel of doing business. MetricStream’s centralized and automated approach has helped us gain a comprehensive view into cross-functional risks and understand risk relationships and accountabilities, thereby enabling us to make risk-aware business decisions,” the Chief Risk Officer at the company added.