A leading multinational energy company, with tens of thousands of employees, wanted to replace siloed audit and SOX compliance systems with a single source of truth. The objective was to build a more integrated and strategic approach to assurance by bringing internal audit closer to compliance on a common platform. With MetricStream, the company was able to achieve this goal, and manage its assurance requirements in a more holistic manner across 4,000+ users. The cloud-based platform automates assurance processes, improving the speed and efficiency of decision-making. It can also be extended across other GRC use cases and business functions to help the company realize its vision of integrated GRC.
Over the years, the company’s assurance processes had become increasingly siloed. Audit and SOX compliance data was scattered across systems, making it difficult for teams to track key risks and issues. Without a unifying platform, they couldn’t effectively coordinate and collaborate on assurance findings.
Redundancies in control data and testing efforts weren’t uncommon. What’s more, alignment between audit and compliance taxonomies was limited. This hampered efforts at comparing findings, and identifying risks. Outdated systems and manual processes only added to the challenge, making internal audit and SOX compliance a time-consuming affair. The company needed to revamp its systems, and enable a more cohesive approach to assurance—one that would help them cut across audit and compliance silos to gain a consolidated view of risks.
MetricStream emerged as the preferred choice to meet these requirements. The MetricStream Integrated Risk Platform - intelligent by design, provided a centralized foundation to integrate assurance processes, and strengthen risk visibility. Built on the platform were the MetricStream Internal Audit Management and SOX Compliance products that together helped the company streamline and automate assurance workflows, improving risk responsiveness
MetricStream offers the company a unified view of internal audit and SOX compliance across the enterprise. The platform maps risks to compliance requirements, internal controls, control tests, assessments, processes, and other data elements in a single framework. This gives users a holistic and contextual view of risk
The platform also standardizes risk, compliance, and control taxonomies, making risk reporting and communication much more consistent. Teams across assurance functions now have a common system to exchange data, and collaborate on risk findings. No more duplication of effort or information. Everything is clearly mapped and streamlined in the MetricStream Platform for optimal efficiency.
• Outdated assurance systems and manual processes
• Low visibility into risks
• Siloed systems which limited collaboration between audit and compliance functions
• Inconsistent risk and compliance taxonomies
• A real-time and holistic view of risks across audit and compliance functions
• Improved efficiency with automated assurance processes
• Better coordination and communication through a common system
• Smarter risk reporting and communication with standardized taxonomies
MetricStream Internal Audit Management is helping the company improve its audit productivity, while also identifying and responding to risks faster. Auditors can create dynamic audit plans, assign tasks, record their findings, and attach supporting evidence all in one system.
The product supports a risk-based approach to auditing, enabling teams to prioritize and direct audit resources to the areas of highest risk. Since auditing has been integrated with SOX compliance, teams across both functions can effectively coordinate control testing activities to minimize redundancies.
MetricStream also strengthens visibility into audit findings, helping the audit team deliver valued, trusted advice to the board and leadership.
MetricStream SOX Compliance Management helps the company simplify compliance monitoring by unifying risk and control data management across financial processes. The product simplifies control testing, documentation, and certifications with systematic workflows. It also helps rationalize controls, thus reducing compliance efforts and costs. Real-time reporting enables teams to deliver swift assurance around SOX compliance, strengthening stakeholder confidence.
Powerful analytics, reports, and dashboards in MetricStream give the company in-depth visibility into internal audit results, SOX compliance findings, and related risks. Decision-makers can leverage rich visualizations of the data to understand the top risks, issues, and opportunities. They can also slice and dice the information from various angles to compare findings across internal audit and compliance. The result is a strategic view of assurance that enables leadership teams to make better-informed decisions.
The company is now looking at extending internal audit and SOX compliance management from the second and third lines, into the first line. MetricStream’s intuitive and user-friendly capabilities will make it easy for the first line to take on more risk management responsibilities, thereby freeing up the second and third lines to focus on delivering better assurance and intelligence.
The company is also on track to implement other MetricStream products. MetricStream Regulatory Change Management will help the company strengthen compliance by proactively identifying regulatory changes and assessing their impact on the business. Meanwhile, MetricStream Enterprise Risk Management and Compliance Management will improve risk visibility even further, while also strengthening compliance with multiple regulations.