Every year, the company assessed a range of risks, including strategic, IT, sustainability, and financial. However, the risk team conducted these assessments largely in siloes—i.e., without a common unifying tool or taxonomy— making it challenging for GRC teams to combine and consolidate the findings for stakeholders to analyze.
There was no centralized GRC database, and therefore, stakeholders found it difficult to understand how each risk or control mapped back to organizational units, processes, and assets. In addition, most risk assessment, internal audit, and compliance activities required significant time, resources, and effort to manage since everything was done manually.
Faced with such challenges, the company started looking for a solution that could increase automation, create a more efficient resource model, facilitate continuous audit, and enable greater collaboration with GRC teams throughout the organization and build trust with external stakeholders. It implemented MetricStream’s integrated GRC products out-of-the-box for internal audit management, risk management, and compliance management. The company chose MetricStream as it offered unique capabilities and features including real-time reports and dashboards, automated alerts and notifications, structured workflows, and more.
Before going live, it conducted multiple use case scenario testing and trained more than 50 business users in issues management. The internal audit team was the facilitator of the whole program and was the first to use the solution, which was then rolled out to the risk team.
The product, built on the MetricStream Platform and running on the Amazon Web Services (AWS) cloud, has helped the company digitally transform its GRC program, gain a more real-time and forward-looking view of risks, while also increasing the speed and agility of internal audit management.
Within the MetricStream Platform, the company has built an integrated data model of all risks mapped to strategic objectives, controls, internal policies, regulations, processes, and other data elements. This has made it easier for users to gain a big-picture view of the GRC universe, while also plugging any gaps that might exist.
Flexible relationships are maintained among audit universe elements as well—every organization is linked to its processes, every process to its controls, and every control to an audit checklist.
Higher internal audit productivity and lower costs as a result of digitization
A unified and contextual
view of risks to strengthen decision-making
Faster closure of audit issues
Increased speed and agility with GRC processes based on industry best practices
Through the deployment of the MetricStream products, with integration to Robotic Process Automation (RPA) and Tableau analytics, the company has achieved increased visibility and measurement into key risks by linking key risk indicators (KRIs), and improved speed and agility with GRC processes based on industry best practices. RPA automatically fills GRC elements for audit checklists from the stores. MetricStream integrated with Tableau provides analytics to support fast and agile decision-making around risk and compliance.
Using the MetricStream product, the company has completed more than 200 risk assessment tasks in one year. Each team has its own responsibilities for managing, monitoring, or providing assurance around risks, while the oversight of the whole risk framework remains with the board.
This framework includes risk calculation formulas, risk definitions, taxonomies, and measurement criteria – all of which are embedded in the MetricStream product. As a result, the company now has a common risk understanding, as well as a common tool and language to measure risks. Through the product, users can assess their risks in relation to their respective business objectives. The findings are then efficiently rolled up to stakeholders to inform and guide decision-making. Users can access risk assessment tasks and reports anytime, anywhere, as long as they are connected to the corporate network.
With MetricStream, the company has completely digitized its internal audit engagements, thereby minimizing the need for paper. Close to 200 audit proposals have now been implemented.
What’s more, internal audit costs have gone down significantly, enabling the company to realize millions of euros in benefits. The audit team’s productivity has also witnessed a massive jump. Issues are now closed faster than before. And audit plans are more focused on high-risk areas. Powerful graphical audit reports enable stakeholders to get a clear view of the risks and controls they need to keep an eye on.
Operating in one of the most highly regulated industries, building healthy relationships with regulators is one of the top priorities for the company. Towards this goal, it is implementing the compliance management product from MetricStream. When complete, it will enable users to effectively monitor thousands of stores against 20+ areas of compliance. The product will also help accelerate control assessments and minimize the costs of compliance. Users will be able to gain a clearer picture of compliance issues and close them proactively. Furthermore, running on the AWS Cloud delivered scalability and security.
Overall, MetricStream has helped the company to automate and digitize various audit, risk, and compliance processes and adopt a more systematic and structured approach to these critical business functions. The implementation enabled it to close issues 80% times faster than before and has doubled the productivity of the audit team. Most importantly, MetricStream helped the gaming giant to connect the international enterprise with integrated risk assurance so they can thrive and grow their business.
“One of our biggest risks is responsible gaming risks. GRC technology can help us a lot in tracking this risk instantly, and taking measures to mitigate it,” Group Audit Director at the company.