Solution
After considering various solution providers, the client chose MetricStream to deliver a comprehensive operational risk management solution deployed over the MetricStream GRC Cloud. The solution enables the client to manage operational risks, controls, and losses in an integrated and streamlined manner. It also automatically aggregates and rolls up ORM data to provide a comprehensive, top-level view of risks. With multi-lingual support capabilities, the solution can easily be used by native speakers of Finnish, Swedish, and English.
Since the solution was deployed over the private MetricStream GRC Cloud, it has helped the client realize faster time-tovalue, while also providing the benefits of reliability, scalability, and high security.
Below are the capabilities of the solution that are enabling and supporting the client:
Risk Assessments: Using the solution, the client is able to streamline inherent and residual risk assessments, and capture all the risk results in a central repository. During each risk assessment, authorized users have the flexibility to add or delete risks, and view previous risk assessment ratings. The solution also supports a unique risk scoring logic which takes into consideration risk likelihood, as well as Euro impact and reputational impact, to calculate the overall risk value. This has enabled the client to gain a better, more contextual understanding of their risks. Once the risk assessments are completed, the solution provides comprehensive reports on the risk profile of the organization.
Central Risk Library: Previously, the client’s risk data was scattered across legacy systems. But with the MetricStream solution, the company has a centralized risk library to consolidate and map operational risks, controls, losses, processes, and other data elements. This integrated approach has improved the client’s risk visibility, and helped them establish a more consistent risk taxonomy across the organization.
Compliance Management: The solution enables a systematic and consistent approach to control selfassessments, as well as control testing and monitoring, thereby allowing the client to effectively evaluate the effectiveness of their controls in mitigating operational risks. The solution also supports both planned and ad hoc compliance reviews. Graphical reports and dashboards provide a snapshot of compliance selfassessments and tests, and highlight issues that need to be addressed on priority.
Loss Management: The MetricStream solution offers the client a central system to capture loss data at various organizational levels, and roll it up to the corporate level as an overall loss profile. The solution consolidates data from various loss events, and enables users to map this data to risks, processes, controls, and other data entities for enriched loss analysis and reporting. It also enables a streamlined process for loss evaluation, investigation, and tracking, as well as a complete root-cause analysis that drives the client to take the most appropriate remedial actions.
Powerful dashboards allow the client to track losses across multiple dimensions from quarter to quarter, and year to year, so that they can spot trends and recurring problems, and resolve them swiftly. In addition, the solution automatically maps loss events to the associated risks, and aligns them to Basel II risk categories to facilitate consistent compliance.
To combat loss events due to unreported fraud or other unethical activities, the solution provides an intuitive, centralized system for whistle-blowers across the organization to log a loss or risk event, anonymously. It captures essential details of the loss, supports review and analysis, and facilitates a consistent process to investigate the loss event, leading to corrective and preventive action.
Issue Management: Any issues that arise from the client’s risk assessments, control testing, or even audits are routed by the solution through a systematic process of investigation, root cause analysis, and remediation. Advanced dashboards help track the status of the issue in real time, while automated alerts keep the process on track, and help ensure that the issue is resolved in a timely manner.
Multi-Lingual Support: Given that the client is based in Northern Europe, the solution provides dynamic MultiLingual Support (MLS) capabilities for Finnish, Swedish, and English speaking users. Based on Java i18n standards and Oracle-supported UTF8 encodings, the solution’s MLS capabilities enable information such as forms, labels, reports, and alerts to be converted into the local users’ preferred language, thereby making it easy for them to view and understand the risk data.
Risk Reporting: The solution generates a range of reports and dashboards that enable the client to track operational risks, losses, controls, issues, and associated processes in real time. These reports roll up operational risk data at various organizational levels, and also provide drill-down capabilities to view the data at finer levels of detail. Powerful tools help users slice and dice through the risk data to identify critical risk patterns and trends.