×
Case Study

Latin American E-Commerce Giant Ensures Multi-location Policy and Controls Compliance with Integrated GRC

A leading Latin American online marketplace software provider, operating under five main business units, serves 174+ million users. With operations in 18 countries and territories across 3000+ official stores, the company embarked on an integrated GRC journey with a vision to utilize a single GRC platform and data model that will scale with their fast-expanding business needs.

With MetricStream Compliance and Policy Management products within our BusinessGRC suite, the company is successfully meeting these objectives. The costly and time-consuming manual data collation and aggregation in policy and procedure management, compliance assessments, and control testing has been eliminated. With the automation of issue identification, tracking, and reporting processes, the company is experiencing accuracy in management reporting —improving efficiencies on overall compliance workflows across locations.

Industry

E-Commerce

Products

A Vision for Integrated GRC

The company’s earlier approach to policy and procedure management, compliance assessments, and control testing was through manual processes. This lack of integrated GRC processes led to siloed systems across global locations. It further created a lack of visibility into risk, compliance, and policy management and made it difficult to identify risks, control failures, regulatory compliance profiles, or issues in an effective manner.

Understanding that this approach would not support their growth and expansion plans, the company identified an urgent need for a more flexible and streamlined GRC process to support the growing business. The solution would also need to accelerate the time to value while decreasing the total cost of operations (TCO) in maintenance and support.

Keen to scale up their policy and controls compliance, the e-commerce giant outlined their goals, which included:
 

  • A single data model that will unify incremental functional areas as they are layered into the GRC platform
     
  • Automation of processes with best practices for policy life cycle management, distribution, and attestation workflows
     
  • Automation of processes with best practices for compliance assessments, control testing, reporting, and issue management
     
  • Insights into risk and compliance through analytics and dashboards
     
  • Improvement in operational service delivery by leveraging the cloud
     

The Implementation

To achieve these business objectives, the company needed an integrated GRC solution to achieve compliance and policy management across its locations. MetricStream was selected to support its vision of an integrated Enterprise GRC. The company chose MetricStream for its ability to deliver on the promise of real-time reporting and monitoring, increased speed in processing, and insightful dashboard metrics.

The implementation kicked off with Compliance Management going live in August 2020 followed by Policy and Documentation Management which went live in March 2021. A phased implementation approach was adopted in 2021 with Operational Risk and Internal Audit followed by Third-Party Management and Regulatory Change Management.
 

Challenge

  • Lack of common GRC taxonomy
  • Manual processes for repetitive tasks in risk, compliance, and policy management
  • Siloed systems across global locations
  • Lack of visibility into risks, controls, and compliance areas
  • Increased cost due to on-premise infrastructure

Business Value Realized

 

Streamlined policy and document management

 

Reduced TCO

 

Deepened visibility into risks

 

Decreased policy review time

 

Faster issue management

 

Increased speed and agility in risk identification and mitigation

 

Improved Visibility and Scalability

With MetricStream’s Compliance and Policy Management products deployed on the MetricStream Cloud,the company now has completely automated compliance and policy processes on a single GRC platform. The shift from an on-premise infrastructure to the cloud has reduced the TCO by 20%. 10+ entities now share a common platform.

The company has also gained improved visibility into organization roles and responsibilities, while reducing the cost and time on compliance planning and control testing. The standardized workflows have further improved the overall policy and compliance program processes.

Strengthened Regulatory Compliance

MetricStream Compliance Management has simplified the process of ensuring regulatory compliance to a great extent by aligning policies, standards, regulations, and controls. Automated control assessments and testing have improved the efficiency of the control function and eliminated inefficiencies and redundancies. Reviewing and reporting time has also been positively impacted, with the company gaining a 25% reduction.

Additionally, with a unified, real-time view of the organization’s compliance status the company has seen improvement in business performance and decision-making. Regulatory Intelligence, which helps capture latest regulatory alerts and map them to areas of compliance, risks, controls, policies, and processes, has further strengthened regulatory compliance.

Simplified Policy Management

With MetricStream Policy and Document Management, the company has streamlined the creation and communication of organizational policies with a centralized policy portal. The automated templates and workflows have enabled the company to decrease policy review time by 15%. By mapping policies to regulations, risks, and controls, the solution provides assurance to the senior management that the company is compliant with regulatory requirements. The collection of evidence with attestations and the tracking of policy exceptions, now being simple to use, has streamlined policy management while highlighting potential risks.

Enhanced Issue Management

MetricStream’s issue management capability, by adopting an integrated approach, now enables the company to adopt a structured and integrated approach to manage various risk and compliance issues across the enterprise and its affiliates. By leveraging AI capabilities, the intelligent issue management capability automatically classifies issues based on historical data and identifies related issues using semantic similarity. The powerful analytics working in tandem with the issue tracking and reporting functionality gives real-time visibility into issues. This has helped the company reduce the time taken to resolve issues by 20%.

The unified approach towards enterprise-wide issue and remediation management initiatives has further helped the company improve the effectiveness of assurance programs.
 

Quantitative Benefits Snapshot

  • 20% minimization of TCO from an on-premise infrastructure
     
  • 15% decrease in policy review time
     
  • 10+ locations share a common platform
     
  • 20% decrease in time to resolve issues
     
  • 25% reduced time in reviewing/reporting

Conclusion

With MetricStream, the e-commerce giant is now achieving efficiencies in regulatory compliance, policy life cycle management, and issue management—all of which have contributed to enhancing the speed, agility, and scalability of risk identification and mitigation, regulatory management, control testing, and more. Most importantly, MetricStream has enabled the company to realize their vision of implementing an integrated Enterprise GRC program to support their fast-growing business.

 

Related Stories

Case Study

Safaricom Discuss their GRC Journey and How They’re Leveraging MetricStream Products for Superior Risk Management and Compliance Performance

Case Study

Non-Profit Taps MetricStream to Establish Centralized GRC System with Over 3,000 Users

Case Study

Leading Sports Footwear and Apparel Company Automates IT and Cyber Risk and Compliance

Ready to get started?

Speak to our experts