Case Study

Leading Sports Footwear and Apparel Company Automates IT and Cyber Risk and Compliance

As one of the leading and best-known global sports footwear and apparel brands, the company has a deep commitment to governance, risk, and compliance (GRC). It identified the need to digitize its IT Risk and Compliance management to streamline the processes, eliminate manual and repetitive tasks, and enhance overall efficiency and business resilience. The previous outdated approach and lack of a centralized database limited the company’s visibility into risks and the effectiveness of controls.

To meet its Cyber GRC needs, the company tapped MetricStream’s IT and Cyber Risk and IT and Cyber Compliance Management products running on Amazon Web Services (AWS) cloud. With the implementation, it now has a single source of truth for its risks and controls and has successfully automated and streamlined its Cyber GRC processes— enhancing visibility into its IT and cyber risk and compliance profiles, accelerating the processing of risk and compliance assessments and issues for remediation, and improving overall speed, agility and scalability.

Legacy Approach and Related Challenges

Previously, the company did not have well-defined business processes and workflows. It largely depended on manual processes and had no recourse to repetitive tasks in IT and cyber risk and compliance. Strengthening IT risk and security was a particular priority due to the COVID-19 pandemic which resulted in amplified online access.

The company, which has around 59,000 employees from over 100 countries, lacked a centralized GRC database which not only limited the visibility into IT and cyber risk and compliance profiles across the enterprise but also how risks and controls were mapped to business units, processes, and assets.

It also used error-prone manual processes and tools, such as spreadsheets for control maturity assessments. The challenges were further exacerbated due to the lack of insightful reporting and charts to identify such controls. The company also depended on inefficient manual approval cycles.

To address and overcome these challenges, the company deployed MetricStream CyberGRC products on AWS cloud including IT and Cyber Risk and IT and Cyber Compliance. With MetricStream, it now has a centralized repository of critical assets and processes in place and has digitally transformed its Cyber GRC system, making it faster, more agile, and scalable.


Aligned Business Processes and Workflows

Implementing MetricStream CyberGRC products provided an opportunity for the company to align key business processes and workflows—particularly chalking out a unified framework for business processes, risks, and controls. This standardized approach allowed it to cut across organizational silos, automate repetitive tasks in IT and cyber risk and compliance, and eliminate duplication of efforts, thereby significantly improving overall efficiency.

Centralized Repository and Improved IT and Cyber Risk and Compliance Visibility

With MetricStream, the company now has a centralized inventory of critical processes and assets as well as a full linkage of all risk, controls, and checklists. This integrated model enhanced transparency by providing a single source of truth, improved IT and cyber risk and compliance visibility, synchronized controls, and provided a holistic and real-time view of the state of IT GRC to key stakeholders, enabling the company to make faster and well-informed decisions and enhance business resilience.


  • Lack of well-defined business processes and workflow, limiting visibility into IT and cyber risk and compliance posture
  • No centralized database
  • Dependency on manual processes for control maturity assessments
  • Inefficient approach to IT and cyber risk and compliance management

Business Value Realized


Accelerated processing of
IT and cyber risk and compliance assessments
and issues for remediation


Real-time risk reporting
and monitoring, enhanced
speed, agility, and scalability of IT GRC processes


Centralized repository of critical assets and processes


Automation of repetitive tasks in IT and cyber risk and compliance


Enhanced Control Maturity Assessments

The company previously struggled with conducting quarterly control maturity assessments for advanced and baseline controls due to high dependency on manual processes, which required significant time, effort, and resources. Manual approval cycles and the lack of a centralized compliance database further added to the problem.

The sportswear giant implemented MetricStream IT and Cyber Compliance with additional configurations and extensions such as Control Maturity Evaluation workflow. This enabled it to not only consolidate compliance data in a centralized database, enabling comprehensive and real-time visibility, but also automate and streamline IT and cyber compliance management workflows. The company was able to enhance the speed of conducting IT and cyber compliance risk assessments as well as simplify the process of scheduling and conducting automated IT control tests.

Improved IT and Cyber Risk and Compliance Management Capabilities

The implementation also improved the company’s visibility and measurement capabilities into key risks by linking KRIs and enhanced speed, agility, and scalability of Cyber GRC processes based on industry best practices. It also helped the company accelerate the processing of risk and compliance assessments and issues for remediation. In addition, real-time risk reporting and monitoring along with powerful dashboard metrics significantly improved IT and cyber risk management capabilities.

Related Stories

Case Study

Major Insurance Company Uses a Holistic Approach to Engage All Lines of the Business in GRC

Case Study

Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance

Case Study

Baptist Health Care Improves Audit Efficiency and Visibility With MetricStream


Ready to get started?

Speak to our experts Let’s talk