The Client: Manufacturing Giant
Increasing business complexity, regulatory authority, globalization, and media reach are some of the many factors that are driving companies to take issues pertaining to ethics very seriously. This involves not only using ethical products and practices in business, but also ensuring that customers, suppliers, and all other stakeholders are aware of the policies in place. There have been many occurrences in the recent past where unethical practices followed by a company has not only led to its financial downfall, but has also severely eroded its value, respect, and image in the industry. With the Foreign Corrupt Practices Act (FCPA) becoming stronger and more stringent, companies have become increasingly conscious of the effectiveness of their internal controls and processes.
Designated as one of the "World's Most Ethical Companies", the client required to reinforce ethics into the corporate culture and strengthen internal control procedures. Each year, employees of the client complete the Ethics Certification Process and certify their compliance with the Company's Code of Business Conduct and underlying policies. They are also given the freedom and are encouraged to report any exceptions to the company policy that they might have experienced or observed. Each exception is reviewed, documented, and investigated according to Company policy by the client's Internal Audit and Law Department.
After extensive evaluation of various Corporate Compliance and Ethics solutions in the market, the client selected MetricStream for its Ethics Management solution. MetricStream was chosen because it provides a flexible framework to streamline business ethics programs, ensure adoption of ethical practices, monitor business ethics compliance, improve accountability, and communication on the same. Built on a centralized Governance, Risk and Compliance (GRC) platform, the MetricStream solution also brought to the table an integrated approach for managing the complete spectrum of regulatory mandates such as the SOX, FCPA, UK Anti-Bribery, OSHA as well as corporate requirements such as HR policies and procedures, privacy policies, and IT security norms.
For the client, MetricStream implemented continual audit of their internal controls and communication processes to identify risks, validate compliance with corporate business ethics policies, and remedy deficiencies in a timely manner. The solution also supports policy documentation, change management, communication processes, and training and awareness programs.
MetricStream Compliance and Ethics Management Solution provides the following capabilities that ensure fulfilling the business objectives of the client:
MetricStream GRC Platform: The MetricStream solution provides a single, comprehensive, and integrated enterprise platform to administer, manage, and control compliance and ethics related aspects of a company. The platform has the ability to map complex organizational hierarchies and support end-to-end ethics management in a company, from creating certification questionnaires to tracking employee response, assessing risks, and recommending mitigation plans. The solution provides capabilities for creating and organizing relevant training programs for employees.
Risk Assessment and Analysis: The MetricStream solution provides a centralized framework to easily document and manage all ethics related compliance risks. Configurable embedded methodologies and algorithms enable both qualitative and quantitative risk assessments, helping decision-makers gain a clear view into the client's risk profile and prioritize their risk-response strategies.
Ethics Management and Control Assessments: The MetricStream Ethics Management solution helps the client define and maintain a centralized structure of the overall ethics and control hierarchy, including processes and assets in scope, risks for the processes and assets, controls to address the risks, and mechanisms to address the controls. Leveraging the built-in reporting engine, the solution facilitates control assessments based on predefined criteria and checklists with capabilities for scoring, tabulating, and reporting results.
Risk Monitoring: The MetricStream solution contains powerful capabilities that offer real-time visibility into ethics management processes, risk profiles, assessment plans, and other important ethics compliance related data across the client's enterprise.
Survey Management: The MetricStream solution provides a structured process of survey setup, distribution, and response management which simplifies the end-to-end survey administration and management processes. The survey management functionalities are seamlessly integrated with the issue management and resolution module as well as the powerful reporting engine.
Issue Management: The MetricStream solution enables the client to adopt a systematic approach to identifying, investigating, and resolving issues arising from ethics and compliance. The solution captures relevant information about each issue, and routes it out for in-depth investigation and development of a corrective action plan.
Need for a Higher Ethics Management Maturity: In order to adhere to the highest standards of business ethics with rigorous compliance procedures and controls, the client needed an enterprise level solution that could match the expectations of their Global Reporting Initiative (GRI) for Ethics Certification. The goal of the GRI was to develop a consistent way for business units around the world to voluntarily report on the ethics compliance of the economic, environmental, and social components of their businesses with the least complexity.
Difficulty of Ensuring Ethics Compliance across the Global Enterprise: The client required a single and seamlessly integrated enterprise platform that could manage the entire ethics management process end-to-end, from administering ethics programs to employees and recording employee responses to monitoring ethics compliance levels and automatically designing mitigation plans.
Inadequate Leadership Visibility into Ethics Management: The key decision-makers in the company, especially the ethics and compliance office, needed to gain high-level visibility into the ethics processes of the company and compliance levels. They needed critical reports and metrics to develop a clear ethics management strategy, mitigate risks effectively, and drive ethical norms into the DNA of the company.
Need for Re-enforcement of Ethics Management Processes Using More Mature Technology: The client required re-enforcement of its Ethics Management Processes in terms of ease of application administration, integration across the global enterprise, and integrated compliance assessment functionalities. They needed a solution that would effortlessly map complex business hierarchies and reduce time taken to manage and configure the application.
Limited Success of the Global Reporting Initiative for Ethics Certification: The client already had a Global Reporting Initiative for Ethics Certification in place but improper implementation and maintenance led to limited success of the program. The client wanted a robust enterprise solution that could add on other functionality to the existing GRI in terms of ethics and compliance management, risk assessment, monitoring, and issue management.