The Client: A Leading Mid-sized Financial Services Institution
The client is a well-capitalized organization, poised for rapid growth. Yet, like many other mid-sized financial services institutions, the client faces the challenge of balancing numerous complex risks and regulatory compliance pressures with limited resources and lean IT infrastructure. Moreover, the organization’s operations are dispersed across multiple locations, making it difficult to harmonize risk taxonomies, or consolidate risk reports in a cohesive top-level risk view.
In deciding to upgrade their risk management infrastructure, the client chose MetricStream due to the company’s extensive track record in successfully enhancing risk management programs for multiple mid-sized financial services institutions. MetricStream implemented its risk management solution for the client, helping them integrate enterprise-wide risk management processes and data in a centralized, Web-based framework that has improved top-level risk visibility, and enhanced collaboration on risk-control self-assessments, risk mitigation, issue remediation, and risk reporting.
The solution has provided the capability to be integrated with a predefined risk and control library from RiskBusiness, a leading international risk advisory firm with proven experience in designing and delivering leading risk practices. RiskBusiness’ content has enabled the client to establish standardized and consistent risk taxonomies and Key Risk Indicators (KRIs) based on industry standards and best practices.
The solution was deployed within a matter of weeks due to the flexibility of the MetricStream GRC Cloud. MetricStream added further value by calling in its risk experts to closely guide the client in strengthening their risk management program based on industry best practices.
MetricStream Risk Management Solution has provided the client with a single, centralized system to identify and assess risks and controls, investigate and remediate any issues that arise, and roll up risk data from across business units and locations to support decision-making at the enterprise level. The solution also offers access to RiskBusiness’ pre-loaded risk library which has helped the client centralize and harmonize risk definitions across the enterprise.
Below are the capabilities of the MetricStream solution:
The solution supports RCSAs at multiple levels of the client organization, including the corporate level, business unit level, and process level. These assessments, which are based on configurable methodologies and algorithms, provide a clear view into the client’s risks, enabling the risk management team to determine the most appropriate risk mitigation and control strategies.
The solution streamlines the entire RCSA lifecycle - right from planning and scheduling, to implementation, review and approval, and reporting. It also supports both quantitative and qualitative risk scoring based on various factors, including risk impact and likelihood. Users at various levels of the organization can independently assess their risks, leaving the solution to automatically consolidate and roll up the data for enterprise-level risk reporting and analysis. Meanwhile, powerful risk analytics coupled with graphical dashboards enable the client to closely track each stage of the RCSA in real time, and proactively spot recurring issues.
Through the MetricStream solution, the client can access the RiskBusiness taxonomy library – an online encyclopedia of standard, operational risk classification structures, as well as a KRI library --a framework of 2,000 pre-defined operational risk indicators. MetricStream seamlessly mapped these libraries to the client organization’s hierarchy, structures, risk categories, and business functions/ activities. The client has thus been able to standardize their risk language across departments, business units, and locations, and enhance their ability to report and interpret risk data.
Any issues that arise from risk assessments, audits, or other risk processes are routed by the MetricStream solution through a systematic process of investigation, root cause analysis, and remediation. Automatic notifications and alerts keep the process on track, helping the client ensure that each issue is closed in a timely manner. At every stage, the status of issue management action can be tracked in real time.
Powerful dashboards, charts, score cards, and heat maps in the MetricStream solution provide quick and real-time insights on risk management, while highlighting high-risk areas. The solution also provides flexible reporting capabilities that automatically consolidate risk data, and populate predefined reporting templates. Users can efficiently track risk profiles (at various levels of the organization), results of RCSAs, control ownership, issues, successes, failures, and trends. The ability to drill down helps the client view risk and control data at finer levels of detail.
Before implementing the MetricStream solution, the client encountered the following challenges:
The client chose MetricStream for the following reasons;
MetricStream brings to the table a track record and industry expertise that spans both large and mid-sized financial services organizations - its solutions are bring leveraged by some of the biggest and best-known firms, as well as leading mid-sized companies in the financial services industry
The MetricStream solution integrates with the comprehensive and industry-leading RiskBusiness risk library.
Not only does MetricStream provide advanced solutions, but it also guides organizations in building a formal and robust ERM program based on industry best practices.
The MetricStream solution is flexible (can be mapped to each organization’s unique structures and requirements), as well as sustainable.
The underlying GRC platform is extensible, so that other MetricStream solutions can be seamlessly integrated - the client is already keen to implement MetricStream solutions for Operational Risk Management (ORM), compliance management, and audit management.