Case Study

Leveraging Technology to Rationalize and Streamline Compliance Efforts

The Client: World's Largest Electronic Stock Market



The Financial Institution is one of the world's largest electronic stock market. It is home to companies that are leaders across all areas of business including technology, retail, communications, financial services, transportation, media and biotechnology.

Being a stock market as well as a listed company by itself, the Institution plays the role of a regulator as well as a regulated company. It has a myriad of processes and systems to manage and disseminate detailed and accurate information regarding governance, risk and compliance aspect of its own operations as well as its listed companies to ensure the integrity of the marketplace. Regulations and mandates that affect its business operations include NASD guidelines, SEC regulations, SOX compliance requirements, various disclosure requirements and many other governance, risk, compliance, ethics, business conduct related policies and procedures.


After an exhaustive evaluation of over a dozen solutions the Institution saw the distinct advantages of MetricStream’s current offerings and product vision. In stead of focusing on a single compliance issue, MetricStream addressed governance, risk and compliance with a broad, multi-regulatory platform that solved the Institution’s current business problems as well as had the capability to be easily extended to address newer requirements that my arise in the future.

The Institution also saw the tremendous value offered by MetricStream’s Complianceonline.com to enable effective implementation and adoption of compliance programs through online training, alerts, vertical search, discussion forums, and best practices library services. The combination of software, content and community was the right solution for an environment where the regulations and requirements are continuously changing and keeping pace with them is essential to reducing the overall risk.

The Institution implemented MetricStream to completely replace their existing risk and compliance management system by mapping all business flows to the MetricStream system, creating a baseline configuration for validation and training, configuring the solution to support reporting needs and migrating the process hierarchy and other critical data from the existing environment into MetricStream solution.

“We are extremely pleased with the ease with which we were able to go live with the MetricStream solution. Their professional services organization worked very closely with the Institution to configure the solution to map to our business process flows in a very short amount of time. It speaks volumes about the configurability and richness of their solution”, said the SOX Program Manager at the Institution.

The MetricStream solution has provided numerous benefits to the Institution. It has enabled the Institution to share documentation of risks and controls across processes, allowing them to rationalize and reduce their documented controls from 1,400 to about 500 controls. This has greatly simplified their change management process.

MetricStream's role-based views have enabled the Institution to make the system available to a wide band of users including external auditors. In fact, the Institution is now able to provide an External Auditor portal with binder type reports and real-time read-only access to for design documentation.

The issue management process is automated and streamlined to provide complete visibility into the entire lifecycle of issues arising out of testing operational controls - from identification through root cause analysis and remediation.

The process documentation is stored in a MetricStream's integrated document repository (DMS). The documents can be retrieved for making any changes and checked back in only by authorized users. The system also supports a review management process for such documents, with easy status tracking.

The ease of integration provided by the MetricStream platform has allowed the Institution to integrate the solution with the PeopleSoft ERP system for chart of accounts and employee information.

The drill-down capability in the reporting system and the ability to export information from reports into spreadsheets has simplified the overall program management and reporting process. MetricStream solution easily replicates reports such as Program Progress and Deficiency Status that were popularly-used but manually created in Excel previously.

"MetricStream has significantly reduced the overhead for managing our entire SOX compliance process and placed more control in the hands of the staff responsible for day to day financial control activities. Our change management processes are better streamlined. Various stakeholders have visibility and control over the process. We believe that we have reduced the total person hours spent on SOX compliance by over 20%, while gaining significant visibility and control over the entire process - including documentation, change control, testing, disclosure and remediation", added the Program Manager.


With continued growth in their business and recent acquisitions, the Institution needed to adopt a comprehensive approach to managing its governance, risk and compliance initiatives through a single system that supported a federated organizational structure and leverage technology for sustainability, consistency, efficiency and transparency across this organizational architecture.

Their existing system for managing documentation, risk, controls and reporting of internal controls had a number of limitations including:

  • There was no easy way to share risks and controls between processes in the system. As a result, the compliance teams ended up having to define a number of redundant controls in their existing system. This redundancy made change management very challenging.
  • The system lacked document management and change reporting capabilities. Although current versions were readily available, comparison of controls and documents to prior periods was completely manual and it was difficult to implement strict access control or deploy a streamlined process for change management.
  • The system lacked  issue management  capabilities. Issues were tracked in a separate MS Access database, increasing the risk of it falling through the cracks.
  • The system lacked role-based views, making it difficult for stakeholders such as executives to use the system.
  • There was no provision for operational testing leading to a significant manual activity and paper-based documentation.

These limitations significantly increased the overheads on the Institution's compliance and risk management team responsible for critical requirements such as SOX. The team realized that they needed to replace their current system with a next-generation solution that provided a comprehensive platform for design, test, reporting, disclosure and remediation of internal controls to support effective risk and compliance management.

Why MetricStream was Selected?

The Institution recognized the difficulty and costs associated with all areas of compliance. In an effort to address its own compliance challenges and to provide its listed companies with a method with which to manage its compliance processes, the Institution looked to build an alliance in this space.

The Institution conducted a thorough due diligence of many providers of compliance solutions and found that MetricStream offers a comprehensive set of solutions in the marketplace combining compliance solutions, content and training. Compliance software that addresses a broad set of initiatives and mandates, best practices knowledge-base and employee training form the required three elements to reduce the overall cost of compliance. MetricStream demonstrated its ability to provide all three elements in a fashion consistent with the Institution’s internal needs and its high customer service levels.

After evaluating solutions from multiple vendors, the Institution decided to implement MetricStream internally, as well as offer it to all its listed companies through an exclusive partnership so they can better manage their own GRC initiatives.


  • Process Automation:
    By automating the compliance management processes the Institution has dramatically reduce the time being spent by staff members, line managers, and senior managers on risk and compliance related activities.
  • Collaboration:
    Employees are able to carry out team activities in a productive manner with the collaborative environment that MetricStream provides.
  • Consistent Process:
    MetricStream enforces a consistent process across the enterprise, eliminating any deviations and error eliminating the cost and time associated with repeated processes and multiple checks.
  • Resource Utilization:
    With the entire compliance process streamlined and automated with the MetricStream solution, the Institution can better utilize its resources.
  • Comprehensive Visibility:
    Comprehensive visibility provided by MetricStream has lowered the risk of non-compliance and executives can be assured of higher customer and investor confidence.

Ready to get started?

Speak to our experts Let’s talk