Before MetricStream, the company’s risk and compliance management processes were largely manual and fragmented. Teams used multiple disparate systems and spreadsheets to assess and monitor risks and compliance. A business merger only added to the complexity by bringing in a completely different set of risk processes, tools, and taxonomies.
These inconsistencies made it difficult for teams to aggregate, reconcile, and report risk data from across the lines of the business. Without a real-time view of risks, leaders couldn’t make informed business decisions.
The company also wanted to drive risk management discipline and principles across business units, but the lack of standardized risk tools, systems, and processes hampered this objective. That’s when the company decided to upgrade to a new risk solution.
MetricStream was chosen because its out-of-the-box Integrated Risk Solution was the most robust and easiest to use. It would enable the company to manage all its risks, controls, compliance requirements, policies, and more in an integrated and consistent manner. No more siloes or disparate systems. Everything would be housed in a single source of truth, thus improving risk visibility.
Today, MetricStream’s Integrated Risk Solution provides a single point of reference for 5,000 users to manage their policies, risks, compliance, regulatory engagements, advisory, and audits. The solution runs across all the lines of the business, linking and mapping together integrated risk processes and data on one Integrated Risk Platform - intelligent by design.
Improved risk visibility with a single source of truth
Better efficiency with simpler and more standardized risk processes
Increased first-line involvement in risk management, and better collaboration across the lines of the business
Faster risk reporting with automated workflows, and consistent and predictable data
MetricStream has helped standardize risk and compliance processes, frameworks, and standards across the enterprise. Over 20 risk event processes and six audit processes have been folded into one process each—thus saving costs and resources. Even risk-control self-assessments (RCSAs) have been reduced to a single, consistent process.
What made this possible was the company’s commitment to align its processes to MetricStream best practices, rather than changing the products to fit the company’s business process. For instance, older risk rating scales with multiple colors and six rating levels were replaced with MetricStream’s out of the box, 4-level rating scale which made risk reporting easier and more consistent.
MetricStream has also helped establish a common risk taxonomy across the lines of the business, so that everyone can communicate in a harmonized manner. Meanwhile, comprehensive risk event forms have improved the quality of risk reporting. Looking at the data, stakeholders can easily identify the root causes of risk events, as well as common themes across the business.
MetricStream’s intuitive and user-friendly capabilities have made it easier for the company to drive risk management principles into the first line of the business. Today, frontline business owners can confidently identify and report emerging risks and issues—especially since risk jargons have been simplified.
The solution also breaks down silos between the three lines, enabling them to effectively collaborate and exchange risk information. Clear lines of risk accountability and control ownership help ensure that the program functions smoothly
MetricStream is helping the company make faster and better decisions with real-time risk reporting, analytics, and intelligence. The solution delivers a comprehensive and consolidated view of risks across the enterprise. Users can slice and dice the data to uncover granular insights, and act on the risks that matter. They can also compare and correlate which business functions are doing well in their risk and compliance management, and which ones aren’t. These insights help the business improve their risk posture, and strengthen compliance with hundreds of regulations
The company accelerated time to value by deploying eight MetricStream products—including Compliance Management, Internal Audit Management, Operational Risk Management, Regulatory Engagement Management, Policy and Document Management, GRC Advisory, IT Risk and Compliance Management —in short sprints of 7-12 weeks. The project was well-planned and streamlined with both MetricStream and the customer teams working closely together to ensure a quick roll-out.
To ensure that the implementation would be successful, the company first achieved the buy-in and sponsorship of key stakeholders. It also established an operating committee to govern the program. Teams knew that while MetricStream technology would be an important enabler, the success of the program would really depend on the people and processes involved.
Right from the start, the first line was involved in the project because they would be the ones using the solution and assessing risks. A strong training foundation was built to help users understand how to perform their role, how it would differ from their previous functions, what they would need to know, and why they would need to take action. Together, these initiatives helped drive up the success of the new integrated risk program.