Case Study

Leading Community Bank Improves Enterprise Risk Management Maturity and Efficiency through a Centralized, Cloud-based Solution

The client is a leading North American community bank. The bank operates across multiple locations, providing a range of services around personal and business banking, mortgage, and wealth management.

In its risk management program, the client has identified 200 organizational risks around various categories such as credit risk, liquidity risk, operational risk, and HR risk. Previously, these risks were managed without the support of an automated tool - users across various business units would manually perform risk assessments and risk scoring calculations, and enter their findings into various spreadsheets. Not only was this approach time-consuming, but it also resulted in risk data getting scattered across multiple spreadsheets. This made it difficult for the client to consolidate and report risks at an enterprise level.

Making matters more challenging, the bank only had limited risk management staff. The CRO often had to rely on the lead auditor and compliance manager to manage risk assessments and reporting. So from an efficiency standpoint, the bank needed a way to automate and streamline their risk management processes, as well as pull all risk related data into a single risk repository to improve top-level visibility.

MetricStream offered the capabilities to meet these demands. The company’s Enterprise Risk Management (ERM) Solution has given the client a centralized framework to manage all 200 risks across the enterprise in an integrated, standardized, and consistent manner, while automating processes for improved efficiency. Since the solution has been deployed over MetricStream Cloud, the client has realized quick time-to-value, and saved on infrastructure costs.

MetricStream also offered the client value-added services in the form of risk management advice and consulting. Seasoned risk experts in the company guided the client on how to build a centralized and formal ERM framework based on industry best practices. As a result, the client has been able to implement a cohesive, streamlined, and robust ERM program on par with that of its larger and more resource-rich counterparts in the industry.

The Solution

After considering several risk management solution providers, the client chose MetricStream to implement a comprehensive ERM solution that would enable them to document, manage, and assess all enterprise risks. The solution streamlines the risk management lifecycle, and brings together all risk and issue related data in a single solution. It also supports a federated approach to ERM, providing the client with greater top-level visibility into risks and issues, and enabling the board and management to proactively identify areas of concern and opportunity.
Below are the capabilities of the solution in greater detail:

Risk Control Self-Assessments (RCSAs)

The MetricStream solution enables risk assessments and computations based on configurable methodologies and algorithms. Users across business units have the flexibility to independently assess their risks, leaving the solution to automatically consolidate and roll up the data for enterprise-level risk reporting and analysis. A simplified, yet comprehensive RCSA interface displays all this risk data in a spreadsheet/ grid format.

Inbuilt workflow-based tools support the client in planning and scheduling risk assessments, as well as scoring the risks based on flexible algorithms, and finally routing the results for review and approval. At every stage, the client can track the status of the RCSA in real time through graphical dashboards.

During the assessment, users can measure risk based on factors such as impact and likelihood, while also defining parent-child risk relationships, and risk threshold limits. The solution helps identify each risk as a threat or opportunity, so that the client can trigger the appropriate risk response - be it mitigation, acceptance, avoidance, or ignoring. The solution also supports residual and inherent risk assessments.

When it comes to control assessments, the solution provides capabilities to design plans for evaluating the effectiveness of the controls for a particular risk. These plans can easily be assigned to the appropriate control owners based on their roles and responsibilities.

Risk Repository

The MetricStream solution allowed the client to transfer their existing library to a centralized, Web-based repository that could be accessed and viewed from across the enterprise. Users gain a consolidated view of all risk management data including risk description, severity and impact, consequences, risk rating, mitigation plans, and issues. This risk repository helps ensure that risk information is standardized across business units. It also enables risks to be mapped to the relevant processes, assets, and entities.

Issue Management

The MetricStream solution has enabled a systematic and streamlined approach to managing all issues that arise from RCSAs, audit findings, and other risk processes. The entire issue identification, documentation, prioritization, investigation, and remediation workflow is handled through the solution’s centralized framework. Automatic notifications and alerts keep the process on track, helping the client ensure that each issue is closed in a timely, consistent, and efficient manner. At every stage, users can track the status of the issue and remediation action plan. Moreover, all issue cases remain open till the action plans have been carried out, and the results have been verified for effectiveness.

Risk Reporting

MetricStream has provided the client a range of flexible risk intelligence reports that deliver complete transparency into the risk management process across the enterprise. In addition, the risk category reports have been configured to automatically roll up the child risks to the various reporting categories.

The solution also provides a number of dashboards, charts, and risk heat maps that help capture and track risk profiles. RCSAs, control ownership, issue investigation and remediation statuses, and other key data. The ability to drill down offers stakeholders access to risk and control data at finer levels of detail, enabling the client to proactively detect emerging risks, areas of concern, and new opportunities.

Cloud-based Deployment

The MetricStream solution has been deployed over MetricStream Cloud - a state-of-the-art private cloud infrastructure offering significant flexibility, scalability, agility, and low total cost of ownership. This has enabled the client to realize faster time to value from the solution without compromising on performance or security.



  • Increasing regulatory pressure
  • High costs Less than optimal efficiency
  • Need for more consistency in risk processes
  • Complexities in managing risk issues



Greater visibility into risks and issues


Increased efficiency


Better collaboration on risk processes


Minimization of manual


Improved compliance with risk regulations


Before choosing to implement MetricStream ERM Solution, the client encountered the following challenges:

  • Increasing regulatory pressure - Like all banks, the client was under pressure from regulators such as the OCC and CFPB to strengthen risk management processes, and provide evidence of how risks were being assessed and mitigated, as well as how controls were being tested.
  • High costs - Being a community bank, the client faced the dual challenge of having to manage its risks as well as the largest and best banks in the industry, despite not having as many resources to do so.
  • Less than optimal efficiency - The client assessed and managed most of its risks manually, using paper-based spreadsheets. This approach proved to be cumbersome and inefficient.
  • Need for more consistency in risk processes - Most risk and control assessments were performed in siloes where users would leverage different risk scoring methodologies and calculations. This gave rise to inconsistencies in risk data which, in turn, made it difficult to analyze risks at the enterprise level.
  • Complexities in managing risk issues - Since there was no central repository to document and view risk issues that arose from assessments or audit findings, the client found it challenging to keep track of the status of issues, and ensure that they were closed in a timely manner.

Why MetricStream was Selected?

The client chose MetricStream because:

  • MetricStream offered the dual benefit of an advanced ERM solution and risk management consulting and advice.
  • The MetricStream solution could automate and streamline risk management processes, optimizing resource-efficiency.
  • The solution would enable the client to manage the full range of enterprise risks in an integrated and cohesive manner.
  • The option of cloud-based solution deployment would enable the client to realize faster time to value at optimal costs.
  • The underlying platform could be extended to include other risk and compliance management solutions-in fact, right after the ERM solution implementation, the client has begun the next phase of implementing MetricStream Vendor Risk Management Solution.

Related Stories

Case Study

Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance

Case Study

Home Healthcare Provider Accelerates Compliance Monitoring and Risk Mitigation Across Clinical Practices

Case Study

Global Retailer Keeps Cybersecurity Risks in Check Through an Integrated Approach


Ready to get started?

Speak to our experts Let’s talk