The Client: One of the Largest Gas Processing Company

Overview

To maintain the highest possible standards of safety, while maximizing the production of natural gas, the client had established rigorous risk and audit programs. However, the vastness, complexity, and scale of the company’s operations made it challenging for them to gain an integrated view of risk at the enterprise level, or track the progress of audits across various processes and locations. As time went by, it became increasingly important for the company to have this kind of visibility, so that they would be able to proactively identify and address emerging risks, issues, process gaps, and other areas of concern.

After considering several options, the company selected MetricStream to help them consolidate their Enterprise Risk Management (ERM) and audit processes in a common framework for greater risk visibility and better process control. The company also wanted to streamline, standardize, and automate their ERM and audit processes for increased efficiency.  MetricStream helped them achieve these goals with its GRC platform and solutions which could be seamlessly mapped to the company’s unique organizational structure and business requirements, and could also be extended in the future to manage other GRC requirements.

Download the Case Study

Solution

With the help of MetricStream’s integrated GRC solution, the company has been able to bring together all ERM and audit processes and data in a single system where they can be tracked, measured, and managed in a better way. The solution enables a systematic, work-flow based approach to risk assessments and scoring, and enables real-time risk tracking at various levels of the organization. It also supports risk-based audits, automates audit workflows, and streamlines issue investigation and remediation.

When the company was first looking around for a GRC solutions provider, they evaluated many vendors, but eventually selected MetricStream because of the MetricStream solution’s platform-based approach. The platform is highly scalable, and can support an increasing number of transactions and users, as well as increasing data volumes.

Below in greater detail are the capabilities of the solution:

Risk identification and assessment
The MetricStream solution provides a single point of reference for the company to identify, document, and assess risks at various levels - be it the organizational level or the individual process level. Well-defined workflows help ensure that each risk assessment is conducted systematically and efficiently without redundancies or duplication of effort.

Risk scoring
Using the MetricStream solution, the company is able to calculate and maintain two types of risk scores - the first based on MetricStream’s inbuilt scoring methodologies and algorithms, and the second based on specific accounting and audit standards prescribed by the government. The first score is used by the company to measure and monitor their risks internally, while the second score is used to communicate risk findings to external entities and regulatory authorities. The MetricStream solution has been configured to support automatic calculations for both types of risk scores so that the company can effectively rank their risks, and prioritize mitigation strategies for optimal risk-reward outcomes

Risk and control library
Not only does the MetricStream solution help identify and analyze risk, but it also supports the implementation and documentation of controls to mitigate these risks. All controls, tests and evaluation data, as well as risks, and results from individual assessments, are stored in a centralized library where they can be easily viewed and accessed. This library has helped establish a common and consistent risk language across the enterprise which, in turn, makes it easy to track risks at any level of the organization.

Audit management
The MetricStream solution provides a common framework for managing multiple types of audits, including quality audits and compliance audits. The solution seamlessly integrates enterprise risk data, enabling auditors to identify which areas of the organization are high-risk and therefore need to be audited first. Once this has been done, the solution streamlines the complete audit lifecycle beginning with risk assessments, and extending to audit planning, scheduling, fieldwork, reporting, review and implementation of audit recommendations.

Issue management
The MetricStream solution helps the company follow consistent and closed-loop processes for identifying, tracking, and reporting control failures, performance deviations, and other risk and audit related issues. Each of these issues is automatically captured by the solution, and routed for investigation, root cause analysis, and remediation. At every stage, collaborative, web-based functionalities support communication and teamwork on issue resolution.

Reporting
Advanced and flexible risk heat maps, charts, analytics, and reports in the MetricStream solution enable the company to stay abreast of risks and their impact on the enterprise. The solution is designed such that risk assessment data from various processes and business units is automatically aggregated and rolled up to provide enterprise-level risk oversight. Every week, the solution supports performance reporting which keeps the management team informed of where the organization stands in terms of risk management, controls, issues, and action items. In addition, powerful dashboards enable real-time tracking of the status of risk and audit processes.

Integration with HR management system
Through MetricStream’s proprietary “Infolets” or connectors, the solution integrates with the company’s HR system which maintains the complete details on users, departments, and business functions.  If there is a change made to any of this data (e.g. users are changed, new departments are formed), the MetricStream solution automatically tracks and reflects this change in its own corresponding data. This saves the company considerable time and effort, and also helps ensure that any HR related modifications are seamlessly integrated into the relevant risk and audit data.

Challenges

Before upgrading its systems, the client faced the following challenges:

  • A need for streamlined and well-defined workflows for ERM and audits
  • Paper-based manual audit processes which were time-consuming and cumbersome
  • Variations in risk assessment and audit methodologies, which resulted in multiple complexities when the data had to be consolidated
  • Limited visibility into enterprise risk due to siloed and disconnected risk reporting processes across organizational functions
  • The use of several different issue management systems across organizational operations, which made it difficult to track the status of issues and action items at the enterprise level
  • Slowdown in decision-making processes due to the time it took for the management team to gather sufficient risk, audit, and issue insights

Why MetricStream was Selected?

The company chose MetricStream for the following reasons:

MetricStream’s ability to integrate all GRC processes on a common platform

The ability of various MetricStream solutions/ modules to integrate with each other and with other enterprise systems, thereby supporting information-sharing and collaboration

A centralized repository to capture, maintain, and track risks, controls, tasks, audits, recommendations, and other critical data

The flexibility of the solution to be configured to the company’s unique risk scoring requirements, as well as different levels of risk visibility 

Configurable automated alerts and notifications, as well as systematic escalation processes

Benefits

  • A single system to manage multiple processes
    The MetricStream solution provides a one-stop destination for up to 3,500 users in the organization to manage enterprise-wide risks and controls, as well as different types of audits and issues. This integrated approach improves cross-functional collaboration, minimizes operational redundancies and inefficiencies, and makes it easier to track and control risk and audit processes.
  • Standardized risk assessments and scoring
    The MetricStream solution has helped the company establish consistent risk assessment and scoring processes across the enterprise. It also offers the flexibility to be configured to Middle Eastern government-mandated risk scoring requirements. Pleased with this capability, the company has been recommending MetricStream to other organizations in the Middle East.
  • Real-time visibility into risks
    The MetricStream solution contains a variety of reporting tools which capture enterprise-wide data around risks, controls, and issues in real time. The solution also enables the same risk to be viewed at different levels -- be it the group level, department level, or division level. Sophisticated analytics help derive meaningful insights from this data so that the management team is empowered with the right information at the right time to make effective decisions.
  • Increased cost-efficiency
    The MetricStream solution automates multiple workflows round risk scoring, risk reporting, issue management, and audit management. As a result, the company has been able to get rid of many manual processes, and save time, resources, and efficiency.
  • Robust security access controls
    The MetricStream solution has been designed with specific role-based access criteria, as well as advanced authentication and data encryption capabilities which help ensure that users can only access data that they are authorized to.
  • Platform extensibility
    The MetricStream solution is built on a GRC platform which provides the extensibility to go beyond ERM, audits, and issue management. In fact, the company is already in the process of implementing additional MetricStream solutions for Corrective Action/ Preventive Action (CAPA), incident management, compliance management, and Business Continuity Management (BCM).

Request a demo Download RFP Template Pricing Contact