Risk, Compliance and Audit Management Solution for Mid-Tier Banks

MetricStream Solution is built bottom-up, enabling it to be seamlessly adopted by mid-tier banks. The industry-leading web-based Risk, Compliance and Audit Management solution includes:

• Two modules to choose from: Risk & Compliance Management Solution and Audit Management Solution with out-of-the box functionality designed specifically for mid-tier banks
• A regulation-specific Risk & Control library based on federal regulations (REG A, B, C…), and various other compliance mandates such as AML, BSA, HMDA, CRA and Basel II
• Standard reports setup to facilitate federal examination (FFIEC) of financial institutions by the regulators (FRB, FDIC, NCUA, OCC, OTS)
• Tightly defined workflows as per best practices and industry standards that promote uniformity and collaboration across different business units in the financial institution
• Reliable, Secure and Competitively priced solution that is derived from the market leading MetricStream Enterprise GRC solution used by top financial institutions globally

Risk-Based Audit Management Solution for Mid-Tier Banks

MetricStream Audit Management Solution automates end-to-end workflows with the following functionalities:

Audit Planning: The MetricStream Audit Management module allows organizations to create audit plans with a well-defined objective and scope tied to compliance, risk management or quality processes. Auditors can define the audit universe, and assign resources against the annual audit plan. Work programs can be developed to support each type of audit conducted (e.g., financial processes, field locations). Audits can be scheduled periodically or triggered on an ad-hoc basis for suppliers, internal departments, or for specific products and processes.

Audit Execution: The solution can be set up to send automatic email notifications to the auditor responsible for auditing, as well as the entity to be audited. The application enables auditors to record qualitative or quantitative findings along with detailed observations and recommendations in predefined formats alongside the checklist of evaluation criteria and questions. Audit managers can track the status of the audit and measure its progress against milestones to ensure timely execution. A time tracking capability captures the time spent in auditing for optimal resource utilization.

Audit Review: The system routes audit findings, observation reports and auditor recommendations for review and subsequent actions. Findings are sent to the audited entity to seek responses on findings or issues observed. The application has built-in workflows to review responses for approval or rejection. It also provides options to initiate remedial actions for undesirable variations and trends, as well as to schedule follow-up audits.

Audit Issue: The system provides comprehensive functionalities for managing audit issues arising from audit processes. Once issues are identified, documented and prioritized, a systematic mechanism of investigation and remediation is triggered by the underlying workflow and collaboration engine.

Audit Report: The solution provides the ability to generate draft and final audit reports with review and approval workflows at the appropriate stage of the audit cycle. In addition, many standard reports are preconfigured and packaged with the solution, including Audit Details Report, Executive Summary Report, Audit Schedules Report, Search Previous Audits Report, Comments History Report, Audit History and Audit Check List Report. The solution also allows audit report data to be exported to a formatted Microsoft Word, Excel or PDF document for analysis and presentation.

 

Risk and Compliance Management Solution for Mid-Tier Banks 

Risk Identification and Documentation: MetricStream Solution provides a centralized risk framework to document all risks, regulations, policies and related events. It brings together all risk management data in a risk register that includes risk description, severity and impact, consequences, risk rating, mitigation plan and related emerging issues. The solution ensures that consistent risk information is maintained and is accessible across business units.

Risk Evaluations and Assessments: The solution supports risk evaluation and assessment based on configurable methodologies and algorithms. It provides an in-depth insight into the organization’s risk profile, enabling risk managers to prioritize their mitigation plan to ensure accurate forecasting. The risk analysis capabilities help organizations document and evaluate specific risk events associated with different projects. Executive-level dashboards and reports provide visibility into the risk analysis, highlighting the severity and likelihood of the risk, along with its current positioning. The solution also supports multiple scenario risk analysis.

Risk Mitigation and Action Tracking: MetricStream’s solution for Risk Mitigation is a comprehensive system that enables companies to establish and follow consistent procedures for mitigation planning, controls and action documentation and status reporting. It also facilitates analyses and streamlines the development and implementation of mitigation plan and action steps. Controls can be defined and assessed based on predefined criteria and checklists that also support a mechanism for scoring, tabulating and reporting results. The repository of all assessments with an easy search capability ensures that users can check if a specific control was tested, access the assessment results and confirm whether it requires a remedial action plan.

Metrics/Loss/KRI Tracking: With Metrics, KRI and loss event tracking, risk managers can track loss incidents and near misses, record amounts, and determine root causes and ownership. MetricStream provides statistical and trend analysis capabilities, and enables end-users to track remedies and action plans. Key risk indicators (KRIs) help track risk metrics and thresholds, providing automated notifications when thresholds are breached. MetricStream provides facilities for both manual and automatic data inputs from internal and external data sources.

Integration with Enterprise Data Sources: MetricStream GRC Platform includes a built-in data integration engine that consists of powerful and flexible adapters called "Infolets". These Infolets execute periodic (scheduled or on-demand) functions on external systems to extract relevant data and load it in the MetricStream database and API tables. Infolets enable the platform to seamlessly connect to applications and communicate through appropriate technologies such as SQL, APIs, executable programs, text files, Web Services and XML, depending on the type of integration interfaces supported by the external resource.

Issue Management and Remediation: MetricStream provides seamless issue management and remediation capabilities for issues arising from risk assessment and control monitoring processes or from any other external events such as loss-events, scenario analysis or ‘near-misses'. Once issues are identified, documented and prioritized, a systematic mechanism of investigation and remediation is set off by the underlying workflow and collaboration engine. The solution supports the triggering of automatic alerts and notifications to appropriate personnel for investigation and remedial action.

Risk Reports and Dashboards: MetricStream Solution has the ability to track risk profiles, control ownership, assessment plans, remediation status and more on heat maps and graphical charts that can be accessed globally. These tools display real-time information and can be drilled down to access the data at finer levels of detail. In addition to pre-configured standard risk reports, the system offers the flexibility to configure ad-hoc or scheduled reports that help to view metrics by a variety of parameters such as by process, by business units or by status. Quarterly and monthly trending analyses are provided with the ability to drill-down into each report and dashboard to see the underlying details. This enables risk managers and process owners to stay in constant touch with the ground reality and progress on risk management programs. Automated alerts for events such as exceptions and failures eliminate any surprises and make the process predictable.