The Client: One of the largest food processing and distribution companies in North America

Overview

The client conducted multiple types of risk assessments on various enterprise risks, including fraud. Yet, manual processes and tools often delayed these assessments, and limited risk visibility. By implementing the MetricStream Enterprise Risk Management Solution, the client has been able to automate risk assessments and reporting workflows, strengthen fraud detection and monitoring, and standardize risk taxonomies. In addition, they have improved visibility into fraud scenarios and other risks which enables them to make effective decisions to protect their brand.

Download a Case Study

The Solution

The client evaluated multiple enterprise risk management solution providers, and ultimately selected MetricStream. Their choice was largely determined by the MetricStream Enterprise Risk Management Solution’s ability to automate and integrate risk analysis, as well as its flexibility to be configured to the client’s unique risk requirements.

Since its implementation, the MetricStream solution has significantly improved the efficiency and effectiveness of the client’s risk assessments, while also providing real-time visibility into risks, and enabling risk metrics to be defined and tracked against set thresholds. The solution is leveraged by core risk managers to assess risks across different entities and operating divisions on an annual basis. It simultaneously enables the core risk group to conduct fraud and project risk assessments. Any issues that arise are routed through a systematic process of investigation and remediation in the solution.

Below are the key capabilities of the solution that are supporting the client:

Central Risk Library

The solution enables the client to develop and maintain a logical and well-organized structure of their risk hierarchy in a central risk library. Here, key risks are mapped to the associated strategic objectives, as well as controls, processes, projects, operational divisions, and entities. All required details such as risk description and ownership are defined, while multiple levels of risk categorization and sub-categorization are supported. Fraud risks such as bribery or asset misappropriation are also consolidated in a central fraud universe for easy reference. This integrated framework enhances risk transparency and accountability. It also helps maintain a consistent risk taxonomy across the organization.

Risk Assessments and Scoring

The solution supports multiple types of risk assessments at the client organization, including entity level risk assessments, operational division risk assessments, process risk assessments, project risk assessments, and fraud risk assessments. The entire assessment workflow is streamlined – right from defining assessment plans and schedules, to performing the actual evaluation, recording findings, as well as exceptions, and routing the data for reviews and approvals. This systematic approach minimizes redundancies, and helps ensure consistency in risk assessments at various levels of the enterprise.

The solution is used to assess, rate, and score both inherent and residual risks based on various qualitative and quantitative factors. The main measurement criteria risk impact and vulnerability (likelihood) are each linked to multiple attributes to provide a more comprehensive understanding of risk. For instance, the risk impact category “compliance,” is linked to fines, penalties, and lawsuits. Meanwhile, for fraud risk assessments, the solution provides the flexibility to support a different set of impact and vulnerability criteria.

Once the risks are scored and rated, the solution enables users to assess the associated controls based on their design and operating effectiveness. The controls are evaluated in a systematic manner, using configurable algorithms.

Advanced heat maps, including a fraud scenario heat map, deliver a birds-eye view of the top risk and control metrics, enabling the client to determine the appropriate response - be it to accept, mitigate, transfer, or ignore the risk.

KRI Monitoring

Through the MetricStream solution, the client can create KRIs and tag them to the associated risks, along with clearly-defined thresholds. If a threshold is breached, the solution automatically alerts the relevant personnel. It also provides the ability to measure the performance of key risk metrics.

Issue Management

All issues that arise during a risk assessment are routed through the MetricStream solution for investigation, action planning, and remediation. Issues can be prioritized based on impact, likelihood, or type. In addition, a unique reference number attached to each issue makes it easy for the client to monitor the status of the issue as it moves from one stage to the next. Automatic alerts keep the process on track, and help ensure that the issue is addressed in a timely manner.

Reporting

Powerful dashboards, reports, and charts offer the client an integrated and in-depth view of risk at multiple levels of the organization. These reports are automatically populated with data, enabling the client to quickly access the required risk intelligence. Stakeholders can view KRI reports, a list of risks by criticality, risk summary reports, risk score trend dashboards, and more to get a clear understanding of the organization’s risk profile. They can also drill down to view the data at finer levels of detail.

 

The Challenge

Being a large organization with multiple operating divisions, the client faces numerous enterprise risks, ranging from strategic and financial risks, to legal and operational risks. It is imperative that these risks be identified, assessed, and managed effectively, not only at the entity level, but also at the operating division level, project level, and process level. Fraud risks are another key concern that need to be evaluated and monitored frequently.

Earlier, risk assessments were largely manual in nature and, therefore, took significant time and effort to complete. Reports were created using spreadsheets and slide presentations which were cumbersome, and also resulted in key risk data being scattered across systems. There was no central repository or dashboard that could offer stakeholders a real-time view of risk. Similarly, there was no efficient mechanism to monitor Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).

The client needed a system that would enable them to automate risk assessments and KRI/ KPI tracking, while providing a single point of reference to manage and store their risk and control data. Additionally, they needed to accelerate reporting, so that stakeholders could get a swift and in-depth view of the organization’s risks, aligned with strategic objectives, in order to support business decision-making.

Benefits

  • Faster, More Efficient Risk Management Processes
    The solution streamlines and automates risk assessments, scoring, KRI monitoring, and reporting. This has enabled the client to respond more swiftly to critical risks and issues, while also minimizing inefficiencies and duplication of effort. The time that was earlier spent on cumbersome, manual processes can now be directed to more important activities such as risk analysis.
  • Better Understanding of Risk
    By integrating all enterprise risk data in a central and well-structured library, the solution improves risk transparency. It also offers a comprehensive view of the relationships between risks and other data elements, including strategic objectives. This allows the client to understand the impact of risk on their business more clearly, and mitigate these risks more efficiently.
  • Stronger Risk Assessments
    The solution standardizes risk taxonomies and assessments, enabling the client to be more consistent in the way they communicate and evaluate risk. Additionally, the solution supports multi-perspective risk assessments based on a variety of qualitative and quantitative factors. In doing so, it allows the client to get a more in-depth and dynamic picture of their risks.
  • Real-time Risk Visibility to Support Decision-making
    Bulky spreadsheets and slides have been replaced with powerful, online dashboards, risk heat maps, and reports. At the click of a button, the client can view key risk metrics in real time, slice and dice the data from multiple perspectives, and identify key risk issues, opportunities, and areas of concern. All this risk intelligence, rolled up from across the organization, enables stakeholders to make informed business decisions.

Request a demo Download RFP Template Pricing Contact