Case Study

UK Investment Management Firm Standardizes and Simplifies Integrated Risk Management

A leading financial planning and investment advisory firm that manages billions of pounds in assets has selected MetricStream to help manage its substantial risk management requirements. After a merger and subsequent demerger, the firm recognized its risk and compliance management program had become siloed, inconsistent, disbursed, and indefensible. The firm selected MetricStream’s products to enable a connected and integrated approach to GRC, modernize its risk management systems, automate critical processes, workflows, and reporting, and deliver program confidence with improved risk visibility to its executives, board, and relevant stakeholders.

The Quest for a Better Risk Solution

Before MetricStream, the company’s risk and compliance management processes were largely manual and fragmented with separated teams, data systems, and reporting. Teams used multiple disparate systems and spreadsheets to assess and monitor risks and compliance. A business merger only added to the complexity by bringing in a completely different set of risk processes, people, tools, and taxonomies.

The company wanted to drive risk management discipline and principles across business units, but a lack of standardized tools, systems, data, communications protocols, and processes hampered this objective.

The inconsistencies made it difficult for teams to aggregate, reconcile, and report risk data from across the lines of the business. Without a real-time view of risks, leaders couldn’t make informed business decisions. Faced with these challenges, the company decided to upgrade to a new risk solution.

MetricStream was chosen because its out-of-the-box solution was the most robust, easiest to use, and supported by an active consultative and services team. It would enable the company to manage all its risks, controls, compliance requirements, policies, and more in an integrated and consistent manner. No more siloes or disparate systems. Everything would be housed in a single source of truth, thus improving risk visibility.

From Many to One

Today, MetricStream’s solution provides a single point of reference for 5,000 individual users at this financial advisory firm to manage their policies, risks, compliance, regulatory engagements, advisory, and audits. It runs across all the lines of the business, linking and mapping together integrated risk processes and data on the MetricStream Platform.

Prior to the implementation, the organization had 20 different approaches to capture risk events. With MetricStream, it adopted one, market-standard approach to replace the previous 20 costly, duplicate, and ineffective approaches.


  • Multiple disparate risk and compliance systems
  • Lack of a unified risk view
  • Need to strengthen the risk culture

Business Value Realized

  • Improved risk visibility with a centralized risk repository
  • Better efficiency with simpler and more standardized risk processes
  • Increased first-line involvement in risk management, and better collaboration across the lines of the business
  • Faster risk reporting with automated workflows, and consistent and predictable data
  • Saved significant amount of money by replacing 20 ineffective, duplicate processes with MetricStream's market standard approach to identify and assess risks

Higher Efficiency, Lower Costs

MetricStream has helped standardize risk and compliance processes, frameworks, and standards across the enterprise. Over 20 risk event processes and six audit processes have been folded into one process each—thus saving costs and resources. Even risk-control self-assessments (RCSAs) have been reduced to a single, consistent process.

What made this possible was the company’s commitment to align its processes to MetricStream best practices, rather than changing the products to fit the company’s business process. For instance, older risk rating scales with multiple colors and six rating levels were replaced with MetricStream’s out of the box, 4-level rating scale which made risk reporting easier and more consistent. This enabled the organization to make better risk-informed business decisions.

MetricStream helped establish a common risk taxonomy across the lines of the business, so that everyone can communicate in a harmonized manner. Meanwhile, comprehensive risk event forms have improved the quality of risk reporting. Looking at the data, stakeholders can easily identify the root causes of risk events, as well as common themes across the business.

Getting the First Line Involved

MetricStream’s intuitive and user-friendly capabilities have made it easier for the company to drive risk management principles into the first line of the business. Today, frontline business owners can confidently identify and report emerging risks and issues—especially since risk jargons have been simplified.

The solution also breaks down silos between the three lines, enabling them to effectively collaborate and exchange risk information. Clear lines of risk accountability and control ownership help ensure that the program functions smoothly

Comprehensive Risk Intelligence

MetricStream is enabling the company make faster and better decisions with real-time risk reporting, analytics, and intelligence. The solution delivers a comprehensive and consolidated view of risks across the enterprise. Users can slice and dice the data to uncover granular insights, and act on the risks that matter. They can also compare and correlate which business functions are doing well in their risk and compliance management, and which ones aren’t. These insights help the business improve their risk posture, and strengthen compliance with hundreds of regulations.

Quick Deployment

The company accelerated time to value by deploying eight MetricStream products in short sprints. The project was well-planned and streamlined with both MetricStream and the customer teams working closely together to ensure a quick roll-out and adoption.

Strengthening Adoption

To ensure that the implementation would be successful, the company first achieved the buy-in and sponsorship of key stakeholders. The company also established an operating committee to govern the program. Teams knew that while MetricStream technology would be an important enabler, the success of the program would really depend on the people and processes involved.

Right from the start, the first line was involved in the project because they would be the ones using the solution and assessing risks. A strong training foundation was built to help users understand how to perform their role, how it would differ from their previous functions, what they would need to know, and why they would need to take action. Together, these initiatives helped drive up the success of the new integrated risk program.


Ready to get started?

Speak to our experts Let’s talk