The Client: One of the World's Largest Producers of Oil and Gas
The company manages some of the world’s largest reserves of crude oil and gas, as well as market service support centers across multiple continents.
Home to thousands of employees, the company is sharply focused on assuring their health and safety. Wellness programs and state-of-the-art healthcare centers are supplemented with regular health inspections at all company, industrial, and supplier facilities. A separate department has been introduced to ensure the safety of employees and the general public by identifying hazards, controlling them, and educating personnel on safety measures.
The company is also committed to protecting the environment and reducing the environmental footprint of fossil fuels. Its environmental protection department provides leadership on environmental issues, and ensures that employees comply with a broad array of regulations including sanitary codes, air and water quality standards, waste management procedures, and oil spill contingency plans.
Given the company's sharp focus on internal and external regulatory compliance, audit management plays a key role. The company follows a stringent audit process that was initially supported by localized systems. But over time, audit reporting grew increasingly complex and time-consuming, as did resource management. In response, the company decided to strengthen its audit management system with a more collaborative, integrated technology framework.
As auditing demands increased, the company found that its audit management systems could not keep up. Instead it required a framework that could automate audit management, provide real-time insights into audit results, and enhance collaboration across the enterprise. The framework also had to be flexible enough to scale up to meet business requirements and GRC demands.
The company chose MetricStream solutions because they demonstrated the capability to meet the above requirements. Having been implemented in some of the largest global energy enterprises, MetricStream solutions are renowned for their ability to improve the efficiency and efficacy of audit management. Powerful capabilities such as built-in remediation workflows, process automation, enterprise-level reporting dashboards, and offline audit recording features enable organizations to implement best practices for optimal audit execution.
MetricStream delivered the company a complete audit management solution, designed to function in compliance with international standards for auditing. It was quick to implement and roll out, and fully compatible with external systems.
Centralized audit management: MetricStream provided the company the tools to define and manage the entire audit universe - business units, functions, systems, processes, and objects. Auditors can mix and match any of these elements to determine multi-hierarchical and multi-dimensional relationships. User-friendly interfaces enable a wide range of data to be entered based on predefined templates and inspection criteria.
Because the solution is built on a centralized platform, the company can control and monitor the entire audit lifecycle from a single vantage point. The solution is designed such that individual audits can be conducted independently by each department, and then rolled back upstream to provide an enterprise-wide view of audit results and trends. Thus, auditors and managers gain clear visibility into audit activities across the organization at all times.
Risk assessments: The MetricStream solution enables risk-based audits which help the company assess risks, and then prioritize its audits, focusing on those areas that need closer monitoring. The solution provides advanced tools for risk assessments, as well as a powerful audit advisor and risk scenario analysis capabilities which leverage operational and risk metrics to deliver intelligence for risk-based auditing.
Sophisticated risk heat maps and color coding charts provide a graphical overview of risks and enable managers to determine the appropriate mitigating measures. The solution also comes equipped with a library of risk assessment questionnaires and surveys based on existing templates. Together, these tools enable the company to ensure that audits are planned in a systematic, data-based, and collaborative manner.
Comprehensive resource planning: The solution allows the company to create a 5-year plan for its audits, and allocate resources across all audit engagements for that period. This helps in identifying gaps between the requirement for and availability of resources. It also helps audit managers plan recruitment or training activities to fill those gaps. Thus auditors are prepared well in advance for any upcoming audits in the next five years. The tool also provides the flexibility to prepare annual audit plans, and accordingly distribute resources. Using the solution, the company can regulate resources efficiently, schedule audits, assign work, and control budgets.
An easy-to-use graphical interface enables yearly audit calendars to be drawn up based on periodic or ad hoc schedules. Team managers can view the resource pool, estimate efforts, assign resources and request for more depending on the pre-allocated budget and requirements. Auditors, in turn, can maintain timesheets of their assignments, and indicate future tasks.
Seamless audit lifecycles: MetricStream Audit Management Solution provides end-to-end functionalities to manage the complete audit lifecycle - from audit planning and scheduling, to field work and data collection, to the analysis of audit findings, to the implementation of audit recommendations. It supports all types of audits including internal audits, operational audits, IT audits, supplier audits, and quality audits.
Using the solution, auditors can record, track, and monitor qualitative and quantitative findings across different business units, locations, and operations. The findings can be stored along with detailed observations and recommendations in pre-defined formats. All data can be accessed from a centralized data repository, allowing multiple auditors to work on the data simultaneously.
The company can leverage the solution's offline capabilities to conduct audits at remote refineries and other locations. Later, it can synchronize the data with the central online repository. Once the audit findings are compiled together, they are automatically routed along with recommendation reports to the audited entity. Built-in workflows enable the company to easily review audit responses and provide options to initiate remedial actions.
Automated alerts are delivered whenever an audit schedule arises, timings collide, or budgets are exceeded. Advanced tracking capabilities enable the company to monitor the audit process and measure its progress against milestones for timely execution.
Enhanced reporting and visibility: MetricStream Audit Management Solution contains powerful reporting features and dashboards to monitor audit management across the enterprise. Using the solution, the company can gain real-time visibility into audit processes and easily track audit statuses, data, history, and results. The solution enhances enterprise-wide transparency and instantly provides the required information for critical decisions on risk and audit management.
The solution is equipped with numerous out-of-the-box reports. It also provides the flexibility to create new or ad hoc reports and forms using the in-built and easy-to-use Reports Wizard tool.
Executive dashboards provide statistics by a variety of parameters including auditees, schedules, calendars, reports and remedial actions. The dashboards can be drilled down to study data at finer levels of detail.
Closed-loop issue management: MetricStream Audit Management Solution enables the company to follow a seamless issue remediation process. Issues that arise during audits are automatically routed through an identification, investigation, and remediation cycle.
The solution is designed in a closed-loop manner to ensure that repeat issue incidents do not occur. Issue investigation and remediation can be tracked from a central point, thus enabling easy collaboration and teamwork especially on exception cases. Automated alerts keep the process on track till the issue is closed.
Manual constraints: The company used manual processes and spreadsheets to manage audits across the enterprise. However, spreadsheets are often vulnerable to security issues, as well as data entry and calculation errors. Moreover, they require tremendous time and effort to manage. Auditors at the company found themselves spending excessive time and resources on basic audit functions such as recording findings, collating and organizing the data, and preparing reports. Tracking and monitoring audit management as well as issue remediation also proved to be complex.
Limited collaboration: Audits at the company were conducted in isolated silos with limited information-sharing between business units and departments. Each department followed an independent process to conduct, manage, and report audits. As a result, redundant or duplicate audits tended to occur. In the process, valuable manpower, effort, and time were wasted.
Complex resource planning: The company had to manage a large number of auditors scattered across different parts of the enterprise. It became increasingly complex to prepare an audit calendar allocating assignments to each auditor, budgeting resources, planning time, and tracking work plans. Compounding the issue, some auditors were located in different time zones. Synchronizing audits across these zones and ensuring that resources were leveraged effectively and efficiently proved to be a significant challenge.
Limited transparency: The company's existing systems were limited in their ability to provide complete and real-time visibility into enterprise-wide audits. Without the right information at the right time, auditors and managers found it increasingly difficult to take actionable decisions regarding risk and compliance management.
Lack of scalability: In the awareness that oil production and refining is an extremely risk-ridden business, the company was fully committed to tracking and mitigating risks wherever possible. However, given the complexity and vastness of the enterprise, it found that its existing systems were unable to efficiently meet the growing number of risks and regulatory demands.
MetricStream enables the entire audit universe and audit lifecycle to be managed and monitored from a single platform.
The MetricStream platform can be scaled up to meet growing audit demands. It can also be extended beyond audit management to span the entire gamut of GRC functions.
The MetricStream solution is an easy-to-use but rich application, replete with powerful dashboards, embedded best practices, and automated functionalities that improve the efficiency of audit management.
The MetricStream solution provides real-time, actionable audit insights for critical business decisions.
The MetricStream solution can be integrated with existing ERP systems such as SAP.
MetricStream provides a solution-centered approach rather than a product centered-approach, which enables it to work in close association with the company and customize its solution to specific organizational requirements.