The Client: Optimizing Sarbanes-Oxley Compliance
The company’s commitment to quality and excellence sets it a class apart from competition. Being a regulated company, it strives to follow regulations and mandates including SEC regulations, SOx compliance, and many other governance, risk, compliance, ethics, and business conduct related policies and procedures.
The MetricStream solution was selected following an exhaustive competitive evaluation. Recalling the selection process, the CIO of the organization comments, “We tested MetricStream, and found that the solution had distinct capabilities to provide an enterprise-wide internal controls platform for financial and non-financial controls, with implementation focusing specifically on SOX controls.”
The organization wanted to entirely replace their existing risk and compliance system by mapping all business flows to the MetricStream solution. The total timeline from project kickoff to implementation was less than nine weeks. The deployment steps, covered in this timeframe, included:
Standardizing Internal Controls: The MetricStream solution provided a central repository for all types of company’s control systems, including those for operational efficiency, regulatory compliance, and financial reporting. The solution provided standardized tests for internal controls with automated scoring & reporting to ensure that internal controls were tested in a consistent manner across all operations within the company and over time.
Implementing Standard Documentation: The MetricStream solution established an integrated document repository (DMS) to store documents pertaining to processes and controls across all subsidiaries. The solution also implemented a well defined review process to ensure that only people with the right authorization could update and review the documents.
Simplifying Change Management: The MetricStream solution enabled sharing of documented risks and controls across processes - allowing them to rationalize and reduce their documented controls, and simplify their change management process.
Automating Issue Management: The solution automated the company’s issue management process to provide complete visibility into the entire lifecycle of issues – from identification through root cause analysis to remediation.
Enhancing Reporting Capabilities: The MetricStream solution featured executive dashboards which provided enterprise-wide visibility into the internal controls and processes, and highlighted the high-priority cases that needed to be addressed. The solution provided complete real-time visibility into exception data with analytics for trend analysis. Reports for status tracking, scorecards and compliance dashboards could be readily accessed. Flexible reports with drilldown capability provided statistics and data by a variety of parameters such as business units, processes, and divisions.
Enabling Operational Testing: The MetricStream solution established testing as an integral part of the enterprise-wide processes and controls. The ability to export information from reports into spreadsheets simplified the overall operational testing process. The solution easily replicated reports such as Program Progress and Deficiency Status that were popularly-used but manually created in Excel previously.
Establishing SCAR and CAPA: The MetricStream solution provided a comprehensive SCAR and CAPA solution that enabled the company to streamline quality management processes across their supply chain. Based on the industry standard 8D methodology, the solution supported identification, evaluation, segregation and disposition of non-conforming material as well as case investigation, tracking, and remediation.
Leveraging Compliance Online: The organization leveraged the tremendous value offered by the MetricStream’s ComplianceOnline.com. The company was able to use the portal to effectively implement and adopt compliance programs through online training, alerts, vertical search, discussion forums, and best practices library services. As the CIO further states, "The flexibility and richness of the MetricStream solution including integration with ComplianceOnline were the key reasons for choosing MetricStream. We are happy with our selection and initial results."
The company embarked on a comprehensive compliance and risk management plan to enhance operational effectiveness across its principal subsidiaries. A close scrutiny of existing organizational architecture, however, revealed that the company’s existing system for managing risk, controls, and reporting had a number of limitations. With no collaboration or co-ordination between different risk- control groups, the company managed regulatory changes in silos, focused narrowly on compliance, and used compartmentalized regulatory controls. The internal control structure was not sustainable, which made the implementation of changes a daunting task. Due to limited analytics and reporting capabilities, the company’s executive management struggled to obtain a comprehensive view of the overall risk environment. Lack of systematized operational testing led to a significant manual activity and paper-based documentation. The system lacked issue management capabilities. Issues scenarios were tracked in a separate MS Access database, increasing its vulnerability. Moreover, the company identified the need for an integrated platform for its global supply chain, which could encompass the SCAR process and consolidate the supplier-related processes and systems.
One of the senior board members explains, “We needed a solution that could serve as the centerpiece of our SOX compliance efficiency efforts, and provide a comprehensive platform for design, test, reporting, disclosure, and remediation of internal controls to support effective risk management.”
Robust Enterprise Compliance Platform, with a broad set of functional modules. that serves as the foundation for the company’s risk management and compliance needs
Enhanced collaboration amongst control groups to enable company control risk, drive business performance, and inspire stakeholder confidence
Standard Internal Controls and Processes that enable setting up clear roles and accountabilities for internal controls, including responsibility for the defining, documenting, testing, and monitoring of controls and the remediating of problems
Ability to configure off-the-shelf modules to adapt to best practices and incorporate specific business processes followed in the company
Powerful reporting for audit data analysis as well as risk reporting
Low Total Cost of Ownership