Over the years, the company’s assurance processes had become increasingly siloed. Audit, SOX, risk, compliance, and policy-related data was scattered across systems, making it difficult for teams to track key risks, such as trading, financial, sanctions, Environment, Health, and Safety (EHS), and other issues. Without a unifying platform, they couldn’t effectively coordinate and collaborate on assurance findings.
Redundancies in control data and testing efforts weren’t uncommon. What’s more, alignment between audit and compliance taxonomies was limited. This hampered efforts at comparing findings, and identifying risks.
Outdated systems and manual processes only added to the challenge, making the processes extremely time-consuming business functions. The company needed to revamp its systems, and enable a more cohesive approach to assurance—one that would help them cut across audit, risk, controls, and compliance silos to gain a consolidated view of risks across business units and geographies.
MetricStream emerged as the preferred choice to meet these requirements. The MetricStream Platform provided a centralized foundation to integrate GRC processes, and strengthen risk visibility. Built on the platform were the MetricStream Internal Audit, SOX Compliance, Enterprise Risk, Regulatory Compliance, and Policy and Document Management products, which together helped the company streamline and automate workflows and enhance overall efficiency and resilience.
The products were implemented out-of-the-box with some minor changes to best fit their requirements. The company has a dedicated business unit that leverages Compliance Management, Policy and Document Management, and Enterprise Risk Management, while another part of the business is using Internal Audit and SOX Compliance products. It uses surveys for inherent and residual risk assessments.
With the implementation, the company has successfully completed over 300 risk assessments with results aggregated through automation. It has also considerably cut down on the efforts by consolidating metrics across 3,000 controls.
A real-time and holistic view of risks across audit and compliance functions
Improved efficiency with automated assurance processes
Better coordination and communication through a common system
Smarter risk reporting and communication with standardized taxonomies
MetricStream offers the company a unified view of risk, internal audit, SOX, compliance, and internal controls across the enterprise. The platform maps risks to compliance requirements, internal controls, control tests, assessments, processes, and other data elements in a single framework. This gives users a holistic and contextual view of risk.
The platform also standardizes risk, compliance, and control taxonomies, making risk reporting and communication much more consistent. Teams across assurance functions now have a common system to exchange data, and collaborate on risk findings. No more duplication of effort or information. Everything is clearly mapped and streamlined in the MetricStream Platform for optimal efficiency.
MetricStream Internal Audit Management is helping the company improve its audit productivity, while also identifying and responding to risks faster. Auditors can create dynamic audit plans, assign tasks, record their findings, and attach supporting evidence all in one system.
The product supports a risk-based approach to auditing, enabling teams to prioritize and direct audit resources to the areas of highest risk. Since auditing has been integrated with SOX compliance, teams across both functions can effectively coordinate control testing activities to minimize redundancies.
MetricStream also strengthens visibility into audit findings, helping the audit team deliver valued, trusted advice to the board and leadership.
MetricStream SOX Compliance Management helps the company simplify compliance monitoring by unifying risk and control data management across financial processes. The product simplifies control testing, documentation, and certifications with systematic workflows. It also helps rationalize controls, thus reducing compliance efforts and costs. Real-time reporting enables teams to deliver swift assurance around SOX compliance, strengthening stakeholder confidence.
The company has to ensure compliance with a plethora of regulations across jurisdictions, including those from the European Banking Authority in the EU, the Securities and Exchange Commission (SEC) in the U.S., and others. MetricStream Compliance Management has helped the company strengthen compliance by proactively identifying regulatory changes and assessing their impact on the business. Using the product, it can not only track the regulatory changes but also manually test the impact and ascertain how it needs to be implemented. Furthermore, the company is also better equipped to manage internal controls as well as identify issues and track them to closure.
With MetricStream, the company now has a centralized repository to store and access the latest policies. The product has helped streamline and simplify the creation and communication of organizational policies. In addition, mapping policies to regulations, risks, and controls have significantly strengthened compliance while highlighting potential risks.
To conclude, powerful analytics, reports, and dashboards in MetricStream give the company in-depth visibility into risks, internal audit results, SOX compliance findings, and regulatory changes, and internal controls. Decision-makers can leverage rich visualizations of the data to understand the top risks, issues, and opportunities. They can also slice and dice the information from various angles to compare findings across risk, internal audit, compliance, and more. The result is a strategic view of the company’s overall governance, risk and compliance (GRC) posture that enables leadership teams to make better-informed decisions.