Featured Insights & Articles
The Future of Integrated Governance, Risk and Compliance
A federated approach to GRC helps organizations built stable, secure and sustainable business and paves the way for a futuristic GRC focused culture. This article highlights the significance of having a strategic GRC Framework and introduce the next generation Pervasive GRC.
Complying with HIPAA Omnibus Rule: Key areas of focus for Healthcare Providers
The HIPAA Omnibus Rule marks a significant update to the privacy and security obligations of providers with respect to patients’ protected health information. The MetricStream solution provides ability to effectively manage and automate HIPAA/HITECH compliance and to streamline all other compliance aspects ranging from preparing policies and procedures, to assessing and analyzing risks, managing audits, identifying gaps, and remedying issues.
Exploring the Re-proposed FSMA Rules and Ways to Comply
Signed into law in 2011, the Food Safety Modernization Act (FSMA) represents the most sweeping reform in food safety laws in several decades. With the aim of preventing food safety incidents, the law lays out multiple requirements to ensure that good food safety controls and measures are established at every step of the food chain from farm to fork. It also gives the FDA new powers to prevent, detect, and respond to food safety issues.
How Next-Generation Audit Functionalities on Smart Devices Are Changing the Audit Landscape
Field inspections are essential to auditing, and help evaluate compliance with government regulations across sectors. For these inspections to be quick and efficient, it is imperative for organizations to move away from the manual paper-based audit management approach to an electronic, automated system.
Recipe for Market Success: Integrate Effective ERM with Business Strategy
Understand how an integrated approach to risk management aligned with strategy, supported by the right technology and risk appetite can help organizations optimize their operational effectiveness to build a sustainable competitive advantage.
5 Best Practices to Improve Vendor Governance in Healthcare
Healthcare providers and payers can take the next steps to improve their vendor governance and develop effective vendor relationships that deliver immense benefits and improve performance.
Strengthening Corporate Governance Using a Risk-Intelligent Framework
Risk management is no longer just about complying with regulations. Instead, it’s about creating proactive risk management processes to consistently identify, manage, mitigate, and document risks. Read this article to learn more about how technology can help build better governed and more resilient organizations.
Risk Management in Financial Services
With crisis in financial markets still unfolding, most organizations are asking themselves, “How could we have avoided this crisis?”, “How does the current crisis affect us?”, or “What steps should we take to deal with the current crisis?”, or “Which is the most appropriate way to prevent such disruptions in the future?”.
What is the ROI of an Audit Management Solution?
Audit managers are critical, contributors to business performance providing an independent assessment and view of state of the business. As a leader in Governance, Risk Compliance (GRC) and Quality Management solution, MetricStream engages with a large number of audit managers accountable for monitoring risks and ensuring compliance across organizational units.
Demystifying the Risk-Based Approach to Cloud Computing
How do you ensure the right data is moved to Cloud? How do you ensure the right security controls are implemented in Cloud? How do you mitigate all types of risks faced in Cloud? Implementation of a risk based approach can enable enterprises to address all these issues and reinforce data confidentiality, integrity, and availability and stay ahead in the competition.
The Evolving Role of Internal Audit in Assessing the Efficiency of Business Operations
The evolving Internal Audit function has the potential to not only enhance compliance with internal controls, but also enable business value preservation and creation. This insight discusses the changing role of Internal Audit, and introduces best practices to effectively detect and manage new and emerging risks.
A Strategic Makeover for Internal Audits
Management teams and boards are increasingly looking to auditors to help them balance risks and opportunities, and make better-informed business decisions. In other words, audits are no longer just a compliance tool, but an important strategic asset. Discover how you can build a more effective audit program with a strong strategic focus.
6 Ways to Strengthen Policy Management
Since policies play a critical role in supporting and strengthening an organization’s success, it is imperative to have a formal and well-thought-out policy management process. Learn about the key steps you can take to build a more effective approach to policy management.
Strengthen Your Health and Safety Culture with Impactful Systems
Health and safety management isn’t just about meeting compliance requirements, or avoiding litigation. It’s about creating an environment where employees actively participate in achieving optimal levels of health and safety. Learn how your organization can effectively journey up the maturity curve to foster a safer and healthier work culture across the enterprise.
9 Best Practices to Jumpstart your Third-Party Management Program
While companies increasingly rely on third parties to lower costs and accelerate time-to-market, most third-party relationships come with multiple risks such as information security risks, regulatory compliance risks, and reputational risks. Learn how to keep these risks in control, and strengthen third-party management with these nine best practices.
5 Questions to Ask Before Creating a Successful Health & Safety Plan
A comprehensive Health & Safety (H&S) plan is critical not only to protect employees, but also to improve productivity, and minimize downtime costs. Whether you’ve already created such a plan, or are just getting started, here are five key questions to ask, in order to ensure that your H&S plan is optimally effective.
3 Proactive and Easy Steps for SOX Compliance
SOX compliance management can seem like a daunting task even to the best of companies. However, with a few key steps, you can effectively simplify and strengthen your SOX compliance processes. Read this article to know more about building a successful SOX compliance program.
The Power of Key Risk Indicators (KRIs) in Enterprise Risk Management (ERM)
With the global risk landscape constantly evolving and organizations striving to achieve their objectives, there is a high demand for relevant and timely risk information. Key Risk Indicators are critical predictors of unfavorable events that have the potential to adversely impact organizations. They also provide invaluable insights to monitor change in the level of risk exposure, and provide organizations early warning signs to prevent incidents and crisis. This article highlights key aspects to consider for defining effective KRIs, and how monitoring of appropriate KRIs can safeguard your organization from operational, reputational and other risks.
Role of Internal Audit as Business Advisor
Internal Audit has undergone a dramatic change in its objective from assessing oversight to delivering insight and foresight towards business functions. This article provides an insight on the role of Internal Audit in the form of an advisor adding value, apart from its role as assurer and assessor for developing key business decision and risk based strategies.
Is your internal audit fit for the future?
The Internal Audit function has moved beyond the traditional assurance model owing to the dynamism in the business environments and has progressed to a transformational role as a "Strategic partner". Hence there is a need for systematic makeover of Audit functions within organizations to drive this advantage for business decision making. This article highlights the key areas for transformation to enable internal audit function to deliver greater value to an organization for gaining competitive advantage.
Strengthen IT Auditing with COBIT
MetricStream's latest insight on "Strengthening IT Audit with COBIT" will provide guidance on how you can leverage COBIT for effective execution of IT Audits & integrating it within the General IT Audit process.
Six Steps to Implementing a Risk-based Approach to Regulatory and Reliability Compliance in the Energy and Utilities Industry
The energy industry is in a state of intense transformation due to the forces of technology, competition and regulation. As the industry adapts to these changes, company personnel are seeking to maintain their value proposition for their customers in a climate of uncertainty and risk. Regulatory compliance, once a footnote in the company annual report, has now become a major driver of profits and shareholder return.
Cloud Presents Healthcare Providers with Challenges for HIPAA Compliance
Read this interesting MetricStream insight that brings out the challenges that cloud computing offers the healthcare industry in addition to the increased regulatory vigilance.
Technology Transforms the Healthcare Industry
This article looks at the role of regulations like HIPAA, through the implementation of Electronic Health Records, and now the Patient Protection and Affordable Care Act (PPACA) has played in bringing technology in the fore front in the healthcare industry.
Basel II: Building Risk-resilient Banking Systems
When Barings Bank declared bankruptcy in 1995, the world was stunned. As Britain's oldest merchant bank, Barings had weathered disasters like the Great Depression and Two World Wars - only to be later brought down by a single man in a small office in Singapore. By the time Barings uncovered his actions, it was too late. Leeson had cost the bank over $1 billion. Learn More about this.
Fundamental Practices of Internal Audit Function
This article discusses how to plan an effective internal audit program focusing on risk assessment and key risks to be considered, which will help in appropriate resourcing of internal audit efforts, tied to board level issues and significant areas of the organization that can be impacted by the financial wellbeing of the organization.
Challenges to PCI Compliance
With the burgeoning popularity of online shopping and banking, credit card transactions are flourishing. Consequently, credit card fraud is on the rise. To combat this growing menace, the Payment Card Industry Data Security Standard (PCI DSS) was developed. The standard is mandated by leading credit card institutions like Visa and MasterCard. The article describes key challenges in PCI compliance and how businesses that engage in card payments should protect cardholder data and maintain the highest levels of information security.
Internal Audit Software Application, Continuous Auditing Systems
After making circles in the academic networks for years, continuous auditing is now within reach for businesses looking to derive greater value from their auditing processes. Its implementation is no more complex and the benefits are real. By adopting the right auditing tools, developing a complete system with technological adequacy and an environment conducive to its application, every organization can gain from continuous auditing.
Alarming Rise in Automotive Safety Issues
Quality issues in automobiles can not only result in commercial implications for the manufacturer, they also become life-threatening for customers and can severely damage reputation of the automotive company. In order to manage such crises, automakers need to comply with the Transportation Recall Enhancement Accountability and Documentation (TREAD) Act and diagnose the impairment, thus nullifying further recurrence of the impairment.
ISO 31000: Streamlining Risk Management to Achieve Corporate Goals
The new ISO 31000 Risk Management standard provides a universally recognized paradigm for risk professionals to clearly define terminologies, establish formal processes, understand the context of their efforts, and evaluate opportunities vested in taking risks. MetricStream's ERM approach is well aligned with the overall approach and the guidelines of ISO 31000.
Audit Performance Measurement
This article highlights why measuring audit's performance is critical and how it can help improve overall business performance.
Effective Governance through Internal Auditing
Internal Audit supports the Board of Directors (BoD) and its committees by independently assessing the effectiveness of an organization’s system of internal controls as well as compliance with statutory, legal and regulatory requirements. Given the importance the BoD attaches to this role, organizations are making every effort to adopt Internal Audit across the enterprise for better management of risk and effective compliance with regulation.
Risk Driven Intelligence for Better Business Performance
Risk driven intelligence is an important parameter for guiding all strategic decisions such as CapEx investments, M&A transactions, venturing into a new market, or launching a new product
Ensuring Product Safety in an Outsourced Supply Chain
An insight that presents best practices that organizations require to adopt for enhancing product safety and quality
Environment, Health and Safety Audit Systems
Environment, Health and Safety (EHnS) management is emerging as a key challenge for large organizations. Site safety and health programs benefit from effective planning, full implementation and careful, ongoing management. Correcting common deficiencies are important not only to protect the health and safety of site workers, but also to maximize the benefit and cost effectiveness of site health and safety programs.
Site Inspections: Road Map to On-Time Supplier Quality Assurance
Supplier quality issues like non-conformance management, product recalls and product failures are proving fatal for global organizations. World-class manufacturers are realizing the need to maintain a consistent and systematic quality process to gain real time inspections data with analytics of trend analysis.
Auditor - Auditee Relationship
In one of its reports, Moody's recommends that the Chief Internal Auditor should report to the CEO and the board and not to the CFO, if the auditor is to examine company's books and controls with an objective eye. Interestingly, audit committees face similar issues when evaluating executive management or business line managers.
Audit Management in Retail and Grocery Operations
Ongoing audits are critical to support quality processes, regulatory compliance and risk management throughout the product life cycle and along the supply chain for retail and grocery operations.
Five Trends in Internal Audit
Evolved from an objective assurance and consulting activity, IA will address the growing needs of global organizations and meet the new expectations of investors and board members. Based on our engagements with several large organizations, the five key trends we observe are:
Integrated Supplier Audits for Better Supply Chain Governance
Supplier audits and inspections is a critical process that supports quality and compliance management when dealing with vendors, suppliers and contract manufacturers. World class organizations are looking to incorporate best practices in supplier audit management when implementing supply chain governance and performance management programs.
Advanced Measurement Approach (AMA)
AMA's qualifying factors makes a bank’s risk assessments more forward-looking and reflective of the quality of control and operating environments. Directives imply that any Operational Risk Management (ORM) system aiming to qualify for AMA status, must be aware of, and be closely aligned with, the business strategies of the firm and the external factors that could impact its risk profile.
Automating The Process Of Regulatory Compliance For Medical Devices
To satisfy regulatory requirements, companies must design their systems to encompass a myriad of areas that include Corrective Action/Preventative Action (CAPA) programs, management review, production and process controls. Medical device manufacturers that have implemented a robust CAPA program are more likely to be successful in audits by regulatory authorities.
Benefits Of A Supplier Quality System - A Case Study
The manufacturer had built a network of about 25 core suppliers and sourced 90% of their components from them. In order to identify opportunities for improving supplier quality, the manufacturer started evaluating their key supplier-facing product quality and delivery quality processes. The manufacturer discovered a number of issues from the analysis.