Case Study

Largest South African Retailer Accelerates Maturity of Operational Risk, Controls, And Policy Management Processes With MetricStream

The largest supermarket retailer in South Africa, operating over 3,000 supermarkets in 16 countries worldwide, wanted to streamline its risk, control, and loss management activities across the organization. The company had a clear vision and objective – establishing an integrated enterprise risk universe with related controls, providing a single view of risks and a precise view of the estimated and actual losses resulting from control failures. 

The retail giant chose MetricStream as the technology partner to implement its integrated risk management strategy. The initial phase of the implementation was completed in FY 2023, which saw the rollout of four MetricStream BusinessGRC products – Operational Risk Management, Policy & Document Management, Internal Audit Management, and Business Continuity Management. With MetricStream, the company has successfully automated and streamlined its risk processes as well as increased its maturity in managing risk relationships, thereby driving broad risk aggregation and more informed risk-based decision-making.

Embarking on the Transformation Journey

As Africa’s biggest supermarket group, it is critical for the company to manage risks effectively as any operational disruption can result in significant losses. To make better informed, risk-aware decisions, it identified the need for contextual risk information and decided to level up its risk strategy.

The company understood that it has to go through a lot of organizational change and employee training to achieve its goal. It was also clear about one thing -- it didn’t want to go via the point solutions route that makes it difficult to aggregate and analyze data and scale up to meet growing demands.

Along those lines, the retailer chose MetricStream to implement the integrated approach to risk management. Built on top of the MetricStream Platform, MetricStream’s BusinessGRC products automate and streamline workflows across the risk, policy, survey, internal audit, and business continuity management lifecycles while coordinating all activities throughout the enterprise via a single system. The system assigns formal accountability and responsibility at all levels that can be tracked and monitored.

MetricStream has not only enabled the company in its change management journey but also helped it mature its risk management program in the process.


  • Lack of a unified view of risk across stores and processes
  • Difficulty to visualize and understand the interconnectedness between risks, related controls, etc.
  • Weak internal controls over financial reporting
  • Reliance on manual and cumbersome approach to data analysis using Excel sheets

Business value realized

  • Single, connected view of all organizational risks
  • Effectively managed over 3,600 risks and 3,100 controls
  • Automated 1,500 firm-wide policies, frameworks, and documents management
  • Streamlined internal financial controls management with a well-defined process for attestations
  • Faster and more accurate data analysis driving efficient decision-making

Single View of Risk

With the implementation, the retailer now has a centralized risk repository and standardized risk and control taxonomy across the enterprise. The repository helped it gain a 360-degree view of risk by establishing formal relationships between various risks, controls, objectives, areas of compliance, regulatory bodies, references, issues, internal audit findings, internal loss events, continuity arrangements, and documented information. This further enabled broad risk aggregation and more risk-aware decision-making. The centralized repository also acts as a single source of truth that helps ensure data integrity and consistency.

Streamlined Management of Organizational Risks and Controls

MetricStream helped the company streamline its risk management activities and processes by bringing together all related data to create a reusable library of risks, associated controls and assessments, key risk indicators, loss incidents and near-misses, issues, and remediation plans – in a single solution. Today, the company uses MetricStream Operational Risk Management to manage more than 3,600 risks and over 3,100 controls.

Before starting its GRC journey with MetricStream, the company performed a Gartner ERM maturity self-assessment in 2021 to verify its maturity. It was at Level 3 based on the 2021 maturity assessment. It aimed to achieve an overall maturity assessment of Level 4, which it successfully achieved in 2023.

Structured Policy and Document Management

With MetricStream, the company adopted an automated approach for end-to-end management of firm-wide policies and documents from creation, review, approval, communication, storage, and maintenance to obsolescence and retirement of policies. Using MetricStream Policy and Document Management, the company is looking to streamline the management of 1,500 policies, frameworks, and documents across the enterprise. 

Comprehensive Survey Management

The retail giant is using MetricStream Survey Management not only for performing general surveys but also for attestations. It ran quarterly attestations for about 1,000 internal financial controls using the tool and generated a 260-page report for the CFO in less than an hour. The company has successfully formalized, implemented, and automated internal financial controls, which are controlled and supported by a formal review and attestation program.

Efficient Reporting to C-Suite

The company is leveraging MetricStream’s integration with Power BI to generate powerful reports that provide business intelligence to the top management and leadership in an efficient manner. These reports are helping drive important conversations on topics such as internal loss events. The retailer has a well-defined roadmap for 2024 and beyond that is focused on further improving the maturity of various risk, compliance, internal audit, and business continuity processes and optimizing the use of MetricStream products to derive the maximum value. It is also looking to expand its risk management program to the

Looking Ahead

The retailer has a well-defined roadmap for 2024 and beyond that is focused on further improving the maturity of various risk, compliance, internal audit, and business continuity processes and optimizing the use of MetricStream products to derive the maximum value. It is also looking to expand its risk management program to the extended enterprise for a more holistic approach. Furthermore, given the significant information technology (IT) component in its business operation with everything going digital, the company is also considering adopting an integrated approach for managing IT and cyber risks going forward.


Ready to get started?

Speak to our experts Let’s talk