Prior to MetricStream, the investment institution was managing risk and audit across multiple departments largely with spreadsheets, which are manual, time-consuming, and error-prone. The management did not have an integrated view of their risks nor actionable and timely audit intelligence, which hampered decision-making.
As a rapidly growing and dynamic organization with archaic processes, any hierarchy changes required tedious manual intervention from the audit and risk teams. The lack of integrated workflow and non-standard control testing processes across functions led to errors in reporting, which had inconsistencies and took much longer to be generated through a manual process. Consolidation of these reports not only took time but also hindered complete visibility into areas of concern resulting in delayed and ineffective business decisions.
The organization chose MetricStream to help it establish a single integrated platform for managing risk, audit, and compliance functions while providing independence and flexibility to each team to configure workflows relevant to them. MetricStream’s federated data model ensured data consistency across business functions and aided in aggregated reporting. The implementation has enabled the organization to make more confident, risk-aware decisions with timely and data-driven insights. They also have a consolidated single source of issues and action management for efficient issue resolution.
The organization embarked on its GRC journey with MetricStream in 2020. Phase 1 involved the implementation of Operational Risk, Policy and Document, and SOX Compliance Management while Internal Audit was deployed in Phase 2. They have recently been upgraded to the latest product release and moved from On-premises to Cloud-hosted services (AWS, Bahrain).
The organization was managing risk, audit, and compliance activities across multiple departments through a manual and siloed approach. Disparate and non-standardized workflows and data led to multiple versions of the truth, making it difficult to aggregate and analyze consistent data at the enterprise level. One of the key objectives of the organization to embark on the GRC transformation journey was to standardize their GRC program on a single platform.
With MetricStream, the investment institution now has a gold source of data with a centralized repository that enables it to map risks on a many-to-many basis to controls, functions, processes, and more. This essentially means that while each business unit or department can perform their own risk assessments, the results can be rolled up and aggregated at the enterprise level, providing the top management with a single, consolidated view of risks. The implementation has helped the organization to transform raw data into actionable insights, thereby enhancing visibility into risk relationships and providing audit intelligence.
Single source of truth
Comprehensive visibility into
Greater efficiency with automated and streamlined assurance processes
Improved management of issues and actions
Previously, the organization had complex and manual internal audit processes, which made providing timely audit intelligence a daunting task. With MetricStream Internal Audit Management, the internal audit team can plan and schedule audits by identifying auditable entities based on their risk ratings and manage audit workpaper and findings in a systematic manner. The product has also established structured processes for generating audit reports. Intuitive dashboards provide real-time access to audit intelligence for efficient decision-making.
MetricStream helped the organization replace its manual approach to issue and action management with a more automated and systematic approach. Consolidating all issues and actions into a single source has helped enhance the efficiency of the resolution process. The product has improved the transparency of the processes with clear accountabilities as users can now track the status of issues and actions end-to-end at any given point of time.
MetricStream SOX Compliance Management has helped the organization ensure compliance with SOX by establishing a centralized framework that ties together risk and control data management across financial processes. It now has systematic workflows for planning and scheduling risk assessments, control testing, documentation, and SOX certifications. Real-time reporting and comprehensive dashboards with drill-down capabilities further strengthen visibility into compliance processes.
With MetricStream Policy and Document Management, the organization now has a centralized repository to create, store, and access all the organizational policies. It has established well-defined processes to effectively create and communicate policies and associated changes. Furthermore, the product has helped map policies to regulations, risks, and controls, thereby enabling the organization to strengthen compliance and quickly identify areas of concern.
Overall, MetricStream BusinessGRC has empowered the state-owned fund to advance on the GRC maturity curve with better risk visibility, improved assurance, and robust compliance processes. It has enabled the organization to overcome the shortcomings of manual processes and make data-driven and risk-aware decisions