In its risk management program, the client has identified 200 organizational risks around various categories such as credit risk, liquidity risk, operational risk, and HR risk. Previously, these risks were managed without the support of an automated tool - users across various business units would manually perform risk assessments and risk scoring calculations, and enter their findings into various spreadsheets. Not only was this approach time-consuming, but it also resulted in risk data getting scattered across multiple spreadsheets. This made it difficult for the client to consolidate and report risks at an enterprise level.
Making matters more challenging, the bank only had limited risk management staff. The CRO often had to rely on the lead auditor and compliance manager to manage risk assessments and reporting. So from an efficiency standpoint, the bank needed a way to automate and streamline their risk management processes, as well as pull all risk related data into a single risk repository to improve top-level visibility.
MetricStream offered the capabilities to meet these demands. The company’s Enterprise Risk Management (ERM) Solution has given the client a centralized framework to manage all 200 risks across the enterprise in an integrated, standardized, and consistent manner, while automating processes for improved efficiency. Since the solution has been deployed over MetricStream Cloud, the client has realized quick time-to-value, and saved on infrastructure costs.
MetricStream also offered the client value-added services in the form of risk management advice and consulting. Seasoned risk experts in the company guided the client on how to build a centralized and formal ERM framework based on industry best practices. As a result, the client has been able to implement a cohesive, streamlined, and robust ERM program on par with that of its larger and more resource-rich counterparts in the industry.
The Solution
After considering several risk management solution providers, the client chose MetricStream to implement a comprehensive ERM solution that would enable them to document, manage, and assess all enterprise risks. The solution streamlines the risk management lifecycle, and brings together all risk and issue related data in a single solution. It also supports a federated approach to ERM, providing the client with greater top-level visibility into risks and issues, and enabling the board and management to proactively identify areas of concern and opportunity.
Below are the capabilities of the solution in greater detail:
Risk Control Self-Assessments (RCSAs)
The MetricStream solution enables risk assessments and computations based on configurable methodologies and algorithms. Users across business units have the flexibility to independently assess their risks, leaving the solution to automatically consolidate and roll up the data for enterprise-level risk reporting and analysis. A simplified, yet comprehensive RCSA interface displays all this risk data in a spreadsheet/ grid format.
Inbuilt workflow-based tools support the client in planning and scheduling risk assessments, as well as scoring the risks based on flexible algorithms, and finally routing the results for review and approval. At every stage, the client can track the status of the RCSA in real time through graphical dashboards.
During the assessment, users can measure risk based on factors such as impact and likelihood, while also defining parent-child risk relationships, and risk threshold limits. The solution helps identify each risk as a threat or opportunity, so that the client can trigger the appropriate risk response - be it mitigation, acceptance, avoidance, or ignoring. The solution also supports residual and inherent risk assessments.
When it comes to control assessments, the solution provides capabilities to design plans for evaluating the effectiveness of the controls for a particular risk. These plans can easily be assigned to the appropriate control owners based on their roles and responsibilities.
Risk Repository
The MetricStream solution allowed the client to transfer their existing library to a centralized, Web-based repository that could be accessed and viewed from across the enterprise. Users gain a consolidated view of all risk management data including risk description, severity and impact, consequences, risk rating, mitigation plans, and issues. This risk repository helps ensure that risk information is standardized across business units. It also enables risks to be mapped to the relevant processes, assets, and entities.
Issue Management
The MetricStream solution has enabled a systematic and streamlined approach to managing all issues that arise from RCSAs, audit findings, and other risk processes. The entire issue identification, documentation, prioritization, investigation, and remediation workflow is handled through the solution’s centralized framework. Automatic notifications and alerts keep the process on track, helping the client ensure that each issue is closed in a timely, consistent, and efficient manner. At every stage, users can track the status of the issue and remediation action plan. Moreover, all issue cases remain open till the action plans have been carried out, and the results have been verified for effectiveness.
Risk Reporting
MetricStream has provided the client a range of flexible risk intelligence reports that deliver complete transparency into the risk management process across the enterprise. In addition, the risk category reports have been configured to automatically roll up the child risks to the various reporting categories.
The solution also provides a number of dashboards, charts, and risk heat maps that help capture and track risk profiles. RCSAs, control ownership, issue investigation and remediation statuses, and other key data. The ability to drill down offers stakeholders access to risk and control data at finer levels of detail, enabling the client to proactively detect emerging risks, areas of concern, and new opportunities.
Cloud-based Deployment
The MetricStream solution has been deployed over MetricStream Cloud - a state-of-the-art private cloud infrastructure offering significant flexibility, scalability, agility, and low total cost of ownership. This has enabled the client to realize faster time to value from the solution without compromising on performance or security.
