ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close

The Client: Leading Consumer Goods Company

 

Overview

Headquartered in the U.S., the client has a large team of lead auditors and guest auditors who perform internal audits for operations and subsidiaries spread across multiple countries and continents. While this audit team previously had an audit management system in place, they struggled with challenges related to ineffective automation, multiple siloes of information, and a lack of collaboration across audit projects and activities.

When the team decided to implement a new audit solution, MetricStream was chosen because of their ability to offer a solution that could not only improve the effectiveness and efficiency of audit programs, but could also be extended to manage other global GRC initiatives. The client would eventually be able to bring together / integrate all GRC processes and systems. This unified approach would provide a host of benefits to the client– most importantly, giving them complete visibility into enterprise risks and the compliance environment which, in turn, would enable stakeholders to make informed strategic decisions.

In the first phase of the project, the client implemented MetricStream’s solution for audit management and compliance assessments. The solution has helped the client unify all global internal audit and compliance assessment processes, entities, and data. This integration has enhanced audit/ compliance coordination and collaboration across business units and geographies, and has also improved top-level visibility into the status and findings of audits and compliance assessments. The solution has also enabled a systematic and automated approach to the audit and compliance assessment lifecycle, helping the client minimize redundancies, accelerate workflows, and improve overall efficiency.

READ MORE
Resource
Solution

MetricStream Audit Management Solution was seamlessly configured to meet the client’s comprehensive requirements for audit planning and scheduling, audit execution, analysis of findings, issue management, follow-up, and reporting. The solution has streamlined, integrated, and automated global audit processes and compliance assessments. It has also improved audit visibility, coordination, and control.

Below, in greater detail, are the capabilities of the solution:

Centralized audit universe
The MetricStream solution provides a common, global audit library which maps the client’s auditable entities to the corresponding risks (with parent-child relationships), controls, audit processes, questions, procedures, and other critical information. This centralized and tightly-mapped data model makes it easy for the audit team to understand the relationships between different audit elements (e.g. the type of risks relevant to each auditable entity). It has also helped standardize the risk and control language across the global enterprise. Since the audit universe can be accessed from anywhere across the world over the solution’s web-based interface, auditors can easily refer to the information whenever required.

Audit planning and scheduling
The MetricStream solution has been configured to enable audit planning at the organizational level. All that auditors need to do is to select the organizations within the enterprise that need to be audited. The more specific details such as the type of auditable entities and risks are only selected during the time of audit execution. This approach makes the audit plan more dynamic, and provides the flexibility for auditors to make changes to the plan even after it is published.

When the audit team creates the plan, the solution helps them determine which organizations need to be audited, and in what time-frame. Accordingly, the audits are scheduled and routed for review and approval.

For each audit plan, the MetricStream solution provides a list of options for audit supervisors to select the specific auditable entity that needs to be audited, along with the related risks.  Once this data has been updated and finalized, the solution facilitates the creation of audit work papers.

Audit project management
The MetricStream solution provides “audit project management” functionalities for lead auditors and audit supervisors to manage audit projects, edit audit scopes, change audit schedules, and perform other top-level audit process functions.

The solution has also facilitated a novel approach to store, handle, and identify “business contacts” (users who are not part of the audit team but are involved in the audit process in some way). The solution automates the search and selection of such users, and enables audit data or roles to be assigned to them as required.

Audit execution
During the audit execution phase, the MetricStream solution enables auditors to enter qualitative and quantitative data in the system, and attach evidence of findings. This data is then routed to the lead auditors for review and approval. An offline audit briefcase allows for audit findings to be entered even in remote sites where there is no connection to the corporate network. These findings can be later synchronized with the central audit repository when the auditor is able to connect to the network.

Compliance assessments
The MetricStream solution supports compliance control assessments and testing performed by the audit team, as well as assessment teams and business control facilitators. The solution helps them test each control, and document their findings. Advanced reports roll up these findings to provide enterprise-level visibility into which controls are not working, what issues could arise, which areas of the business are at risk, and other key findings. This data is then routed to the MetricStream issue management module for investigation and remediation. Alongside, a centralized control library standardizes and simplifies the control assessments by mapping all controls to the relevant processes, organizations, auditable entities, risks, questions, and procedures.

Audit task reassignment
In the client organization, the vast size and scope of each audit requires more than one auditor to work on a single audit task. In other words, each audit task is distributed among multiple auditors. Every time an auditor completes his/ her portion of a task, it can be reassigned to the next auditor without any loss of data. This way, the next auditor can seamlessly pick up from where the previous auditor left off. Each task is smoothly reassigned through the MetricStream solution till the last designated auditor completes the task, and routes all the data for review and approval.

Issue management and follow-up
All issues that are identified and documented during the audit process are routed by the solution’s underlying workflow engine through a streamlined process of issue investigation and resolution. Automatic alerts and notifications are sent to the appropriate personnel to implement audit recommendations, and keep the process on track.

The solution also enables follow-up audits to track the status of issues or non-conformances that were identified in a previous audit. The audit team can create an audit checklist, and use it to determine if an issue has been effectively closed, and if corrective/ remediation action has been initiated and completed as recommended.

Audit reporting and closure
The MetricStream solution provides a rich range of audit reports with complex tables and color coded charts to efficiently track the status and findings of each audit. Powerful dashboards with drill-down functionalities offer real-time visibility into the audit process, and throw light on various audit statistics and trends.

The audit process remains open in the MetricStream solution till (a) all work papers have been completed, approved, and closed, or cancelled (b) at least one audit report is published. When the report comes out, the solution enables auditors to select business contacts who need to be notified. An automatic alert is then sent to these contacts with details of the report.

 
 
 
Challenges

Before upgrading to MetricStream’s solution, the client encountered the following challenges:

  • Audit assignments, emails, and alerts had to be manually sent to each and every auditor/ auditee.
  • Audit processes were not optimally streamlined or efficient.
  • Information on audits, auditable entities, risks, controls, and processes, was scattered across multiple repositories.
  • There were challenges to manage and track audit processes at a global level to identify gaps and areas of concern.
  • Audit systems and processes were managed separately from other GRC initiatives - very little or no coordination and integration meant that multiple redundancies occurred across the GRC environment.

 

Why MetricStream was Selected?

The client selected MetricStream for the following reasons:

Integrated platform
MetricStream’s GRC platform provides the extensibility for companies to progressively implement multiple GRC solutions that can be linked with each other to seamlessly share information, and to build an integrated and agile GRC environment.

Scalable, web-based approach
The MetricStream solution spans organizational functions and users across multiple locations. As the organization grows, the MetricStream solution can also scale up to meet their needs. A web-based interface makes it easy for teams across the globe to communicate with each other, view tasks, share information, and perform other collaborative activities.

Configurability
The MetricStream solution provides the configurability to meet each client’s specific needs and processes. It can be seamlessly mapped to various organizational structures, risks, controls, testing processes, auditable entities, and other elements.

Role-based security
Role-based authorization and access controls help keep a check on who gets to access what information in the solution. For instance, guest auditors have limited data access compared to internal auditors. These controls keep information secure.

 

 

Benefits
  • Streamlined audits, minimal redundancies
    All audits and compliance assessment processes -- right from start to finish – have well-defined workflows mapped to a specific set of tasks and personnel. This systematic approach has minimized inefficiencies and duplication of effort.
  • Real-time and in-depth audit visibility
    The MetricStream solution cuts across organizational and geographic silos, bringing together all global audit and compliance assessment processes and data on a common platform. This enhances audit collaboration and information-sharing, and enables real-time audit tracking across multiple countries.
  • Informed decision-making
    At a glance, audit supervisors and other stakeholders can identify high-risk areas in the company, as well as under-performing controls, unresolved issues, and other key insights. This helps them make proactive, informed, and actionable decisions.
  • Improved audit productivity and resource-efficiency
    The MetricStream solution has replaced manual tools, emails, and phone calls with automated workflows, notifications, and alerts. This has helped the audit team reduce their involvement in administrative tasks, and focus on more critical activities such as analysis of audit findings.

 

 

lets-talk-img

Ready to get started?

Speak to our experts Let’s talk