The company’s earlier approach to policy and procedure management, compliance assessments, and control testing was through manual processes. This lack of integrated GRC processes led to siloed systems across global locations. It further created a lack of visibility into risk, compliance, and policy management and made it difficult to identify risks, control failures, regulatory compliance profiles, or issues in an effective manner.
Understanding that this approach would not support their growth and expansion plans, the company identified an urgent need for a more flexible and streamlined GRC process to support the growing business. The solution would also need to accelerate the time to value while decreasing the total cost of operations (TCO) in maintenance and support.
Keen to scale up their policy and controls compliance, the e-commerce giant outlined their goals, which included:
To achieve these business objectives, the company needed an integrated GRC solution to achieve compliance and policy management across its locations. MetricStream was selected to support its vision of an integrated Enterprise GRC. The company chose MetricStream for its ability to deliver on the promise of real-time reporting and monitoring, increased speed in processing, and insightful dashboard metrics.
The implementation kicked off with Compliance Management going live in August 2020 followed by Policy and Documentation Management which went live in March 2021. A phased implementation approach was adopted in 2021 with Operational Risk and Internal Audit followed by Third-Party Management and Regulatory Change Management.
Streamlined policy and document management
Deepened visibility into risks
Decreased policy review time
Faster issue management
Increased speed and agility in risk identification and mitigation
With MetricStream’s Compliance and Policy Management products deployed on the MetricStream Cloud,the company now has completely automated compliance and policy processes on a single GRC platform. The shift from an on-premise infrastructure to the cloud has reduced the TCO by 20%. 10+ entities now share a common platform.
The company has also gained improved visibility into organization roles and responsibilities, while reducing the cost and time on compliance planning and control testing. The standardized workflows have further improved the overall policy and compliance program processes.
MetricStream Compliance Management has simplified the process of ensuring regulatory compliance to a great extent by aligning policies, standards, regulations, and controls. Automated control assessments and testing have improved the efficiency of the control function and eliminated inefficiencies and redundancies. Reviewing and reporting time has also been positively impacted, with the company gaining a 25% reduction.
Additionally, with a unified, real-time view of the organization’s compliance status the company has seen improvement in business performance and decision-making. Regulatory Intelligence, which helps capture latest regulatory alerts and map them to areas of compliance, risks, controls, policies, and processes, has further strengthened regulatory compliance.
With MetricStream Policy and Document Management, the company has streamlined the creation and communication of organizational policies with a centralized policy portal. The automated templates and workflows have enabled the company to decrease policy review time by 15%. By mapping policies to regulations, risks, and controls, the solution provides assurance to the senior management that the company is compliant with regulatory requirements. The collection of evidence with attestations and the tracking of policy exceptions, now being simple to use, has streamlined policy management while highlighting potential risks.
MetricStream’s issue management capability, by adopting an integrated approach, now enables the company to adopt a structured and integrated approach to manage various risk and compliance issues across the enterprise and its affiliates. By leveraging AI capabilities, the intelligent issue management capability automatically classifies issues based on historical data and identifies related issues using semantic similarity. The powerful analytics working in tandem with the issue tracking and reporting functionality gives real-time visibility into issues. This has helped the company reduce the time taken to resolve issues by 20%.
The unified approach towards enterprise-wide issue and remediation management initiatives has further helped the company improve the effectiveness of assurance programs.
With MetricStream, the e-commerce giant is now achieving efficiencies in regulatory compliance, policy life cycle management, and issue management—all of which have contributed to enhancing the speed, agility, and scalability of risk identification and mitigation, regulatory management, control testing, and more. Most importantly, MetricStream has enabled the company to realize their vision of implementing an integrated Enterprise GRC program to support their fast-growing business.