The Client: Global Investment Management Firm


There has been a series of operational risk incidents among financial institutions that have hit headlines, bringing renewed focus on operational risk management (ORM). Financial institutions have suffered significant financial and reputational losses, as well as damaged investor confidence due to operational failures. And as the size and structural complexity of financial institutions increase, understanding and mitigating operational risks become all the more challenging. Added to the existing challenges are the heightened regulatory scrutiny and the increase in regulatory reforms.

Like several large diversified institutions, the company has global operations managed by thousands of employees spread across various geographic locations prompting the company to evaluate its ORM program, and adopt a rigorous approach to establish and drive their global business strategy.

The company recognized the need for implementing an integrated and flexible framework for managing ORM initiatives across the enterprise. Its aim was to strengthen compliance, build a risk-conscious culture, improve collaboration among the teams and departments, facilitate greater transparency into risk metrics, and help them deal with the increased globalization, uncertain business environment and technology advancements.

Download the Case Study


After analyzing and understanding the various challenges, the organization embarked on a complete transformation of its operational risk infrastructure. What the company was looking for was a centralized operational risk management solution that would enhance coordination across the enterprise, automate complex and time-consuming risk management processes, identify and mitigate risks in real time, and save resources and costs.

After studying several risk management solutions in the market, MetricStream was chosen as the preferred solution provider. MetricStream’s ORM solution provided the company with a centralized risk frameworkthat integrates, streamlines and automates multiple ORM initiatives across the company and gathers a consistent and quick view of overall risk exposures across risk types, departments and geographies.

Operational Risk Analysis and Assessment
The MetricStream solution provides a centralized ORM framework to profile, document and evaluate the company’s operational risks in great detail. Supported with a flexible data model and extensive workflow capabilities, the solution consolidates all data and processes related to operational risk management in a reusable library of risks and their corresponding controls and assessments, results from individual assessments, key risk indicators, risk data aggregation, internal and external events such as losses and near-misses, issues and remediation plans.

Risk Control Self-Assessment (RCSA) capabilities, which form the core of the solution assist in risk identification and assessment based on a flexible and predefined rating methodologies and schedules. The solution supports risk rating based on predefined rating methodologies, and helps process owners prioritize risk-response outcomes. Across complex organizational hierarchies, the solution links multiple risks, controls, policies, and processes together, thereby simplifying RCSAs.

Control Design and Assessments
The ORM solution provides a flexible framework to define a set of controls to mitigate identified risks based on the severity and impact of the risks, and supports control assessments based on predefined criteria and checklists. The solution provides a flexible framework to define controls according to various parameters such as manual, automated, detective, preventive, frequency and cost.

The solution automatically routes the identified issue for investigation and remediation. The solution’s intuitive capabilities to score, tabulate, and report results enable process owners to quickly evaluate control effectiveness. All documents and assessment results are stored in a centralized repository with easy search capabilities allowing process owners and managers to quickly check if a control was tested according to specifications. The solution also enables control assessments both at the top-level and process-level, as well as targeted in-depth assessments.

Loss Management
The solution tracks loss events and allows risk managers to track loss incidents and near misses, and determine root causes and ownership. Embedded statistical and trend analysis capabilities help identify key risks, examine inconsistencies, analyze recurring patterns and vulnerabilities, and recommend actions to mitigate losses. Automated notifications are sent out to respective process owners when thresholds are breached.

Issue Management and Remediation
The MetricStream solution enables the company to seamlessly investigate and resolve issues arising from RCSAs, loss incidents or scenario analyses. It helps trigger automatic alerts and notifications to the appropriate personnel to begin an in-depth investigation and remedial process. The solution captures and integrates relevant issue information, such as the description of each issue, date of identification, root cause, severity and owner.

The solution automatically monitors the progress of the issue, assigns a unique ID for the issue, and enables process owners to track the issue as it progresses from one stage to another. Once a corrective action or remediation is initiated, the case remains open till the action plan is carried out, and results are verified for effectiveness.

Reports and Dashboards
The ORM solution consolidates risk profiles, issues and loss data, assessment plans, and remediation status, on heat maps and graphical charts that can be accessed globally. This capability provides real-time information across the enterprise and the ability to drill-down to get to the finer levels of detail.  Managers can analyze and compare the data by various categories such as risk type, time horizon, process or business unit and also generate scheduled or ad hoc reports.


Lack of automated processes
The company relied on manual processes and paper-based spreadsheets to conduct a whole array of risk management processes including risk assessments, test controls, and preparing reports. This often resulted in excessive paperwork, unmanageable documents and extensive email and paper trails. The probability of inaccuracies in data entry was ever-present and a lot of time, money, and resources had to be spent on manually managing each risk, compliance, and audit activity.

Lack of collaboration
Having several offices spread across geographies, operational risks were managed in separate systems and processes. This led to the lack of collaboration and information sharing across the company and resulted in redundant risk mitigation and remediation processes and duplicated efforts leading to wastage of time and resources.

Limited visibility
Given the large scale of the company’s operations, it was imperative that managers gained timely visibility into audit trends to proactively identify, track, and resolve vulnerabilities and make crucial business decisions. But due to the company’s soiled and disparate approach to ORM, the executives had to rely on isolated and manually prepared reports from each office and business entity. This made it extremely difficult for them to gain a consolidated view of ORM at the enterprise level.

Lack of preparedness for future risks
The company’s multiple legacy systems and applications which were being used in silos limited the management’s ability to get a holistic and real-time view of risk data and metrics.The absence of risk management tools to proactively identify risks made it difficult to identify and mitigate emerging or unanticipated risks.

Why MetricStream?

The client chose MetricStream for the following reasons:

Technology innovation: The MetricStream solution is built and deployed on an innovative GRC Platform providing a host of innovative capabilities such as powerful dashboards, heat maps, configurable forms, real-time exception tracking, reports, risk-control libraries, KRIs, email alerts and notifications, business intelligence, analytics and secure access.

Intuitive user interface: Highly simplified and intuitive user interfaces ensure quick adoption of the MetricStream solution. Through the well-defined navigation standards, users can easily monitor risks and controls, quickly access information, and understand the relationships between processes, risks, controls, regulations and policies.

High degree of scalability and flexibility: The MetricStream solution is scalable and can be quickly extended beyond risk management to other areas of GRC, including audit management, compliance management and policy management. The solution comes with out-of-the-box functionalities and tools based on industry standards and best practices to configure and structure the solution based on the specific business requirements of the organization.

Market leadership: MetricStream solutions have been deployed in leading global financial institutions and have been known for the rich capabilities, flexibility and extendibility it has to offer. MetricStream is also considered as one of the market leaders in the GRC space by leading analysts and industry experts.

Thought leadership: MetricStream’s is a leading knowledge portal and online community visited by hundreds of thousands of compliance professionals. The portal offers a variety of channels for online training, provides regulatory alerts and best practices on corporate governance, risk management, regulatory compliance, and quality management. The portal is fully integrated into MetricStream’s application suite.


  • Enhanced collaboration and accountability
    The MetricStream solution comes with an integrated framework enabling various teams and process owners to work closely together to assess, monitor, and mitigate operational risks. The solution also enables ORM programs to be more closely aligned with Corporate Governance and strategy at the enterprise-level, and provides clear cut specification of roles and responsibilities of personnel regarding risk profile. This fosters greater ownership and accountability for risks at various levels within the company.
  • Improved operational efficiency
    The MetricStream solution automates and streamlines end-to-end operational risk management workflows, thus accelerating processes, and minimizing data errors. It also saves up valuable manpower that can be utilized for other essential tasks such as analyzing scenarios or calculating economic capital.
  • Consistent and real-time operational risk intelligence
    The solution’s role-based dashboards, control diagrams, and scorecards provide visibility into ongoing risk management efforts and highlights high-risk areas. This enables the company to identify opportunities for taking more risks, while also ensuring that risks taken are well within the defined limits. Automated alerts for events such as exceptions and failures eliminate any surprises and make the process predictable and well-planned.
  • Synchronization of ORM content across the enterprise
    The solution provides a centralized library of risk-control content and KRIs which enables the company to manage risks and controls in a more systematic, accurate, and efficient manner. This enables information-sharing and coordination among teams and prevents redundant or duplicate risk-control assessments.

Get a demo Download RFP Template Pricing Contact