The company is a leader in financial planning in America. It offers a broad range of innovative products and services to help customers save and spend their money wisely.
The Client: A Leader in Financial Planning in America
As a financial entity, the company is required to establish a rigorous risk management program, conduct thorough audits, and comply with a host of legislations and regulations. The company had already instituted programs to manage these processes, supported by localized and stand-alone systems. However, as it expanded its functions and services, the company found it challenging to conduct regular audits across the whole enterprise using these stand-alone systems.
Managing a growing list of risks and compliance regulations was also proving to be time-consuming and complex, as the company lacked a centralized framework to integrate risk inventories, control assessments and other documentation.
In response, the company felt the need to build a more collaborative framework and facilitate better workflow management for risk, compliance and audit processes.
The company was looking to implement a solution to automate and streamline risk, compliance and audit management across the enterprise. It also wanted to build a central repository of risk inventories, control assessments and other documentation for easy access and management. Moreover, it wanted to track issues and trends in real-time, improve collaboration across the enterprise and provide in-depth visibility into audit statuses, risk factors, control assessments and more.
After considering several solution providers, the company selected MetricStream to implement a risk, compliance and audit management (GRC) framework that was customized to the company’s specific requirements. MetricStream’s extensive experience with leading financial organizations was one of the reasons that prompted this selection. The company was confident that with MetricStream’s sophisticated technology, flexible architecture and powerful capabilities, it could build a strong, intuitive framework for risk, compliance and audit management.
The company chose MetricStream’s GRC platform with embedded modules for risk management, audit management, compliance management, issue management and policy/documentation management. These modules are built on a single platform, enabling the company to break down functional silos in favor of a more collaborative pattern of functioning.
The MetricStream platform also delivers end-to-end workflow automation that enables the company to eliminate manual, time-consuming processes and save on valuable resources and manpower. Powerful dashboards and reporting features enhance visibility into processes at every stage. Each dashboard comes equipped with drill down capabilities that provide a more nuanced perspective into risk, compliance and audit, enabling managers to make timely, informed decisions.
The solution also contains a centralized document repository for all GRC policies, control assessments, reports and other information. An easy search capability enables the company to search, archive and retrieve this information with speed and efficiency.
Audit management: MetricStream Audit Management Solution is a comprehensive framework designed to manage the complete audit lifecycle from audit planning and scheduling, to field data collection, development of audit reports, review of recommendations and implementation of these recommendations. The solution also provides the company with the flexibility to define and manage the entire audit universe - business units, functions, systems, processes and objects.
The solution delivers automated alerts for schedules as well as conflicts surrounding schedule timings, discrepancies, budgeting limits, etc. Company auditors can clearly define an audit plan including background, scope, objectives and client information. Fieldwork can be conducted offline if desired, and identified issues can be classified according to various parameters such as criticality, risk and process.
The entire solution is designed such that each business unit can manage their audits independently, thus enhancing responsibility and accountability. At the same time, all individual audits can be rolled back upstream to provide centralized reporting and trending. This way, the company can gain an enterprise-wide view of all its auditing activities.
Risk management: MetricStream Risk Management Solution supports a top-down risk based approach, enabling the company to focus its efforts and resources on the managing the most important risks and controls. Powerful risk heat maps and color coding charts provide a graphical overview of risk profiles, while embedded control frameworks such as COSO and COBIT enable the company to choose the best possible approach to mitigating risks.
The solution comes equipped with a powerful risk assessment methodology that allows for defining a flexible set of risk factors. Auditors can assign different types of weights for every risk factor such as dollar value, percentage and qualitative value. They can also create an extensive library of risk assessment questionnaires and surveys based on existing templates within the system.
The solution enables consistent risk tracking across the enterprise. It also delivers reports and scorecards to bring high-risk areas into focus and improve visibility into ongoing risk management efforts.
Compliance management: MetricStream Compliance Management Solution enables the company to develop, maintain and communicate compliance policies, standards and procedures. It also helps monitor compliance processes, define internal controls and demonstrate that a control has been tested as required.
The system supports consistent control assessment plans based on pre-defined criteria and checklists, and has a mechanism for scoring, tabulating and reporting the results. Assessment plans to test controls can be scheduled periodically or triggered based on the occurrence of certain events. A central repository of assessments helps determine if a specific control was tested, what the assessment results were, and if a remedial action plan is required. By consistently testing controls, the company can ensure compliance with SOX, MAR, FDICIA and other regulatory requirements.
Issue Management and Remediation: If issues are discovered during audits or compliance or control assessments, the MetricStream GRC platform automatically routes it to an Issue Management and Remediation module. The module investigates the issue and either triggers a remediation process or sends an automatic alert to the appropriate personnel. Managers can track the status of the issue in real-time at any stage in the remediation cycle through powerful dashboards.
MetricStream helps manage multiple regulations and risk factors across varying business units and locations
using a single, centralized platform
MetricStream’s integrated approach helps break down organizational silos and improve collaboration across the enterprise
MetricStream’s solutions display a high degree of sophistication to support complex organizational models while at the same time providing a user-friendly interface
MetricStream provides immediate and indepth visibility
into audit, risk and compliance data through executive dashboards, risk heat maps and control charts
MetricStream’s solutions are scalable and display a high degree of flexibility
MetricStream automates the entire workflow, improving efficiencies and saving on costs, resources and time
Isolated workflows: With thousands of advisors and customers spread across the nation, the company found it challenging to collaborate on risk, compliance and audit management. Most often, audits were conducted in independent silos and at varying intervals from each other. Similarly, risks and controls were managed in isolated initiatives. This siloed approach often led to process redundancies, which in turn, consumed far more resources, time and effort than was actually required.
Manual processes: The company’s existing systems required risk, compliance and audit data to be entered manually. Reports were also generated manually, using spreadsheets and stand-alone systems. As a result, internal auditors and managers were forced to spend significant time, effort and resources in compiling data from isolated sources, entering the data into the systems and preparing reports.
Limited visibility: The company’s existing system did not offer real-time visibility into risk, compliance and audit processes across the enterprise. Neither did it enable them to track issues and corrective actions in real-time. Consequently, crucial decision making processes were hindered until reports could be compiled manually. The reports in turn, took significant time and effort to create.
Lack of centralized documentation: The company was required to deal with a tremendous amount of documentation including control assessments, regulatory information, internal policies and audit reports. Because these documents were not stored in a single location, search and retrieval became extremely challenging.
Complex regulatory landscape: The company is required to ensure rigorous, stringent compliance with regulations such as SOX, MAR and FDICIA. Each of these regulations is complex and intensive, often containing hundreds of requirements that are subject to change. The company found it time-consuming and complex to extend these requirements across the enterprise, manage various controls and consistently monitor their effectiveness.
“We wanted a solution that could help us manage audits, risk and compliance in a proactive, efficient and consistent manner. MetricStream stood apart from other solution providers because of its extensive experience in the financial services industry, the sophistication of its product and its commitment to meet our specific requirements. We are confident that with MetricStream technology, we can improve the effectiveness of audit, risk and compliance management, thus increasing value for our customers and shareholders.” says the spokesperson of the Company.