You are on page 1of 3

CASE STUDY

MetricStream A FINANCIAL PLANNING LEADER STREAMLINES AND SIMPLIFIES


AUDIT, RISK AND COMPLIANCE MANAGEMENT
Customer
The company is a leader in financial planning in America. It offers a broad range of innovative products
and services to help customers save and spend their money wisely.

Overview
As a financial entity, the company is required to establish a rigorous risk management program,
conduct thorough audits, and comply with a host of legislations and regulations. The company had
already instituted programs to manage these processes, supported by localized and stand-alone
systems. However, as it expanded its functions and services, the company found it challenging to
conduct regular audits across the whole enterprise using these stand-alone systems.

Managing a growing list of risks and compliance regulations was also proving to be time-consuming
and complex, as the company lacked a centralized framework to integrate risk inventories, control
assessments and other documentation.

Benefits In response, the company felt the need to build a more collaborative framework and facilitate better
workflow management for risk, compliance and audit processes.
Streamlined workflows: MetricStream’s Solutions
are built on a single platform, enabling the company
to streamline and integrate all risk, compliance and Challenges
audit management processes. In the process, col-
Isolated workflows: With thousands of advisors and customers spread across the nation, the
laboration across business units, departments and
operations is improved. company found it challenging to collaborate on risk, compliance and audit management. Most often,
audits were conducted in independent silos and at varying intervals from each other. Similarly, risks
and controls were managed in isolated initiatives. This siloed approach often led to process redundan-
Enhanced efficiency: MetricStream comes embed-
ded with operational efficiencies that reduce the
cies, which in turn, consumed far more resources, time and effort than was actually required.
time, resources and effort required for audit, risk and
compliance management. Thus, instead of spending Manual processes: The company’s existing systems required risk, compliance and audit data to
all their efforts on these processes, managers can be entered manually. Reports were also generated manually, using spreadsheets and stand-alone
focus on their core business. systems. As a result, internal auditors and managers were forced to spend significant time, effort and
resources in compiling data from isolated sources, entering the data into the systems and preparing
Improved visibility and tracking: MetricStream reports.
provides in-depth information on risk, compliance and
audit statuses and trends through powerful features Limited visibility: The company’s existing system did not offer real-time visibility into risk, compli-
such as executive dashboards and risk heat maps.
ance and audit processes across the enterprise. Neither did it enable them to track issues and correc-
This enables managers to stay ahead of issues, and
chart their progress proactively. MetricStream’s
tive actions in real-time. Consequently, crucial decision making processes were hindered until reports
centralized document repository also enables them could be compiled manually. The reports in turn, took significant time and effort to create.
to access and view all enterprise related policies,
documents, certifications and other information with Lack of centralized documentation: The company was required to deal with a tremendous amount
ease and efficiency. of documentation including control assessments, regulatory information, internal policies and audit
reports. Because these documents were not stored in a single location, search and retrieval became
Sustainable compliance: MetricStream’s rigorous,
extremely challenging.
efficient approach to risk, compliance and audit man-
agement enables the company to ensure compliance
with both internal policies and external regulations. Complex regulatory landscape: The company is required to ensure rigorous, stringent compliance
SOX, FDICIA and MAR requirements can be managed with regulations such as SOX, MAR and FDICIA. Each of these regulations is complex and intensive,
centrally across nationwide operations. often containing hundreds of requirements that are subject to change. The company found it time-
consuming and complex to extend these requirements across the enterprise, manage various controls
and consistently monitor their effectiveness.

Solution
The company was looking to implement a solution to automate and streamline risk, compliance and
audit management across the enterprise. It also wanted to build a central repository of risk inven-
tories, control assessments and other documentation for easy access and management. Moreover,
it wanted to track issues and trends in real-time, improve collaboration across the enterprise and
provide in-depth visibility into audit statuses, risk factors, control assessments and more.

After considering several solution providers, the company selected MetricStream to implement a risk,
compliance and audit management (GRC) framework that was customized to the company’s specific
requirements. MetricStream’s extensive experience with leading financial organizations was one of
MetricStream
the reasons that prompted this selection. The company was confident that with MetricStream’s so-
phisticated technology, flexible architecture and powerful capabilities, it could build a strong, intuitive
framework for risk, compliance and audit management.

The company chose MetricStream’s GRC platform with embedded modules for risk management,
audit management, compliance management, issue management and policy/documentation manage-

“We wanted a solution that could help us manage audits, risk and compliance in a
proactive, efficient and consistent manner. MetricStream stood apart from other solution
providers because of its extensive experience in the financial services industry, the so-
phistication of its product and its commitment to meet our specific requirements. We are
confident that with MetricStream technology, we can improve the effectiveness of audit,
risk and compliance management, thus increasing value for our customers and
shareholders.” says the spokesperson of the Company.

ment. These modules are built on a single platform, enabling the company to break down functional
silos in favor of a more collaborative pattern of functioning.

The MetricStream platform also delivers end-to-end workflow automation that enables the company
to eliminate manual, time-consuming processes and save on valuable resources and manpower.
Powerful dashboards and reporting features enhance visibility into processes at every stage. Each
dashboard comes equipped with drill down capabilities that provide a more nuanced perspective into
risk, compliance and audit, enabling managers to make timely, informed decisions.

The solution also contains a centralized document repository for all GRC policies, control assessments,
reports and other information. An easy search capability enables the company to search, archive and
retrieve this information with speed and efficiency.

Audit management: MetricStream Audit Management Solution is a comprehensive framework


designed to manage the complete audit lifecycle from audit planning and scheduling, to field data
collection, development of audit reports, review of recommendations and implementation of these
recommendations. The solution also provides the company with the flexibility to define and manage
the entire audit universe - business units, functions, systems, processes and objects.

The solution delivers automated alerts for schedules as well as conflicts surrounding schedule tim-
ings, discrepancies, budgeting limits, etc. Company auditors can clearly define an audit plan including
background, scope, objectives and client information. Fieldwork can be conducted offline if desired,
and identified issues can be classified according to various parameters such as criticality, risk and
process.

The entire solution is designed such that each business unit can manage their audits independently,
thus enhancing responsibility and accountability. At the same time, all individual audits can be rolled
back upstream to provide centralized reporting and trending. This way, the company can gain an
enterprise-wide view of all its auditing activities.

Risk management: MetricStream Risk Management Solution supports a top-down risk based ap-
proach, enabling the company to focus its efforts and resources on the managing the most important
risks and controls. Powerful risk heat maps and color coding charts provide a graphical overview of
risk profiles, while embedded control frameworks such as COSO and COBIT enable the company to
choose the best possible approach to mitigating risks.

The solution comes equipped with a powerful risk assessment methodology that allows for defining a
flexible set of risk factors. Auditors can assign different types of weights for every risk factor such as
dollar value, percentage and qualitative value. They can also create an extensive library of risk assess-
ment questionnaires and surveys based on existing templates within the system.

The solution enables consistent risk tracking across the enterprise. It also delivers reports and score-
cards to bring high-risk areas into focus and improve visibility into ongoing risk management efforts.
MetricStream
Compliance management: MetricStream Compliance Management Solution enables the company
Why MetricStream to develop, maintain and communicate compliance policies, standards and procedures. It also helps
monitor compliance processes, define internal controls and demonstrate that a control has been
MetricStream helps manage multiple regulations and tested as required.
risk factors across varying business units and loca-
tions using a single, centralized platform The system supports consistent control assessment plans based on pre-defined criteria and check-
MetricStream’s integrated approach helps break lists, and has a mechanism for scoring, tabulating and reporting the results. Assessment plans to test
down organizational silos and improve collaboration controls can be scheduled periodically or triggered based on the occurrence of certain events. A cen-
across the enterprise tral repository of assessments helps determine if a specific control was tested, what the assessment
results were, and if a remedial action plan is required. By consistently testing controls, the company
MetricStream’s solutions display a high degree of can ensure compliance with SOX, MAR, FDICIA and other regulatory requirements.
sophistication to support complex organizational
models while at the same time providing a user- Issue Management and Remediation: If issues are discovered during audits or compliance or control
friendly interface
assessments, the MetricStream GRC platform automatically routes it to an Issue Management and
MetricStream provides immediate and indepth vis- Remediation module. The module investigates the issue and either triggers a remediation process or
ibility into audit, risk and compliance data through sends an automatic alert to the appropriate personnel. Managers can track the status of the issue in
executive dashboards, risk heat maps and control real-time at any stage in the remediation cycle through powerful dashboards.
charts

MetricStream’s solutions are scalable and display a


high degree of flexibility

MetricStream automates the entire workflow, improv-


ing efficiencies and saving on costs, resources and
time

For more information, visit


www.metricstream.com

Copyright 2011. All Rights Reserved.