The MetricStream solution has helped the client streamline and automate their risk and audit management processes for greater efficiency and time-savings. Built on a scalable GRC platform, the solution extends across organizational siloes, providing a single, centralized framework to manage risk and audit activities, processes, and data.
Although the risk and audit teams have separate applications for their processes and requirements, these applications are integrated on a common platform, so that visibility at the enterprise level is not compromised - stakeholders can track the organization’s risk profile and audit activities in real time from one system.
The MetricStream solution provides the following capabilities:
Enterprise Risk Management (ERM)
Through the solution, the client has enabled a streamlined and integrated approach to the entire process of identifying, assessing, managing, mitigating, monitoring, and reporting enterprise risks. The solution helps manage 100+enterprise risks ranging from market, liquidity, and capital risk, to operational and reputation risk, to third-party risk.
Through the solution, risk managers have built a centralized risk library that consolidates all risk data, including risk description, severity and impact, consequences, and mitigation plans. Each risk is mapped to the associated processes, categories, scenarios, assets, and entities for complete transparency.
The solution also supports risk assessment planning, scheduling, and execution, as well as review and approval of findings. Users can conduct either periodic or ad hoc risk assessments, and trigger automated updates for risk owners, assessors, and approvers.
Risk managers use the solution to evaluate the organization’s inherent and residual risks based on multiple qualitative and quantitative factors. All risk assessments are driven by in-built, configurable methodologies and algorithms that help automatically calculate each risk’s likelihood, severity, impact, and other characteristics. Based on this data, users can identify each risk as a threat or opportunity, and trigger the appropriate risk response - be it risk mitigation, acceptance, avoidance, sharing, or ignoring.
Based on the risks identified, the solution enables the client to define the appropriate controls to address those risks. It also supports control assessments based on pre-defined criteria and checklists, and provides a mechanism to score, tabulate, and report the results.
At every stage, powerful risk heat maps, dashboards, and reports provide complete, real-time visibility into the ERM process, enabling risk managers to keep a close watch on the progress of risk management programs, learn lessons, detect changes, and identify emerging risks.
Internal Audit Management
The MetricStream solution enables and supports the process of planning and conducting audits on 69 business processes, ranging from RPS reporting, fee calculations, and investment compliance, to brokerage oversight, asset management, and equity trading. The solution is used to conduct 250-300 audits every year.
Based on the risks in the business processes, the audit team leverages the solution to develop a systematic internal audit plan with detailed checklists, evaluation criteria, and tasks. The solution provides a number of advanced capabilities to strengthen audit planning, including an audit advisor, audit pool manager, budget manager, audit milestone tracker, distribution lists, and shared calendars.
Each audit can be scheduled either periodically or on an ad hoc basis. As soon as an audit is initiated, automatic notifications are sent out to the relevant auditor with the assigned tasks and responsibilities. Auditors can use the solution to record their qualitative and quantitative findings, along with detailed observations and recommendations.
The solution also offers a unique time-sheet management capability that captures the time spent in each internal audit activity. This enables the audit team to better track the progress of each audit, measure it against pre-defined milestones, and accordingly plan and utilize their audit resources.
A unique offline audit briefcase enables auditors to record their findings at sites where there is no network connectivity. They can enter their data as usual on their systems, and later synchronize it with the central audit database when network connectivity is restored.
Any audit issues that arise are routed by the solution through a systematic process of documentation, investigation, and remediation. Each issue can be correlated with past data for quick analysis. In addition, a web-based interface makes it easy to communicate and facilitate teamwork on issue management and exception cases across business departments. Automatic alerts and notifications keep the process on track by reminding the relevant personnel to trigger the required investigations and remedial actions.
Throughout the entire audit and issue management process, the MetricStream solution provides complete visibility into the status of various tasks. Graphical executive dashboards with drill-down capabilities provide audit statistics by a variety of parameters such as audited process, schedule, audit results, and issues identified.
Based on the client’s needs, MetricStream has configured the solution to upload closed legacy audits. Specialized templates have been built to consolidate audit data and integrate it into a central archive. Thus, at the click of a button, the solution can provide users with complete historical and real-time access to all internal audit data and history.