CASE STUDY
MetricStream
Benefits
Streamlined workflows: MetricStream’s Solutions
are built on a single platform, enabling the company
to streamline and integrate all risk, compliance and
audit management processes. In the process, col-
laboration across business units, departments and
operations is improved.
Enhanced efficiency: MetricStream comes embed-
ded with operational efficiencies that reduce the
time, resources and effort required for audit, risk and
compliance management. Thus, instead of spending
all their efforts on these processes, managers can
focus on their core business.
Improved visibility and tracking: MetricStream
provides in-depth information on risk, compliance and
audit statuses and trends through powerful features
such as executive dashboards and risk heat maps.
This enables managers to stay ahead of issues, and
chart their progress proactively. MetricStream’s
centralized document repository also enables them
to access and view all enterprise related policies,
documents, certifications and other information with
ease and efficiency.
Sustainable compliance: MetricStream’s rigorous,
efficient approach to risk, compliance and audit man-
agement enables the company to ensure compliance
with both internal policies and external regulations.
SOX, FDICIA and MAR requirements can be managed
centrally across nationwide operations.
A FINANCIAL PLANNING LEADER STREAMLINES AND SIMPLIFIES
AUDIT, RISK AND COMPLIANCE MANAGEMENT
Customer
The company is a leader in financial planning in America. It offers a broad range of innovative products
and services to help customers save and spend their money wisely.
Overview
As a financial entity, the company is required to establish a rigorous risk management program,
conduct thorough audits, and comply with a host of legislations and regulations. The company had
already instituted programs to manage these processes, supported by localized and stand-alone
systems. However, as it expanded its functions and services, the company found it challenging to
conduct regular audits across the whole enterprise using these stand-alone systems.
Managing a growing list of risks and compliance regulations was also proving to be time-consuming
and complex, as the company lacked a centralized framework to integrate risk inventories, control
assessments and other documentation.
In response, the company felt the need to build a more collaborative framework and facilitate better
workflow management for risk, compliance and audit processes.
Challenges
Isolated workflows: With thousands of advisors and customers spread across the nation, the
company found it challenging to collaborate on risk, compliance and audit management. Most often,
audits were conducted in independent silos and at varying intervals from each other. Similarly, risks
and controls were managed in isolated initiatives. This siloed approach often led to process redundan-
cies, which in turn, consumed far more resources, time and effort than was actually required.
Manual processes: The company’s existing systems required risk, compliance and audit data to
be entered manually. Reports were also generated manually, using spreadsheets and stand-alone
systems. As a result, internal auditors and managers were forced to spend significant time, effort and
resources in compiling data from isolated sources, entering the data into the systems and preparing
reports.
Limited visibility: The company’s existing system did not offer real-time visibility into risk, compli-
ance and audit processes across the enterprise. Neither did it enable them to track issues and correc-
tive actions in real-time. Consequently, crucial decision making processes were hindered until reports
could be compiled manually. The reports in turn, took significant time and effort to create.
Lack of centralized documentation: The company was required to deal with a tremendous amount
of documentation including control assessments, regulatory information, internal policies and audit
reports. Because these documents were not stored in a single location, search and retrieval became
extremely challenging.
Complex regulatory landscape: The company is required to ensure rigorous, stringent compliance
with regulations such as SOX, MAR and FDICIA. Each of these regulations is complex and intensive,
often containing hundreds of requirements that are subject to change. The company found it time-
consuming and complex to extend these requirements across the enterprise, manage various controls
and consistently monitor their effectiveness.
Solution
The company was looking to implement a solution to automate and streamline risk, compliance and
audit management across the enterprise. It also wanted to build a central repository of risk inven-
tories, control assessments and other documentation for easy access and management. Moreover,
it wanted to track issues and trends in real-time, improve collaboration across the enterprise and
provide in-depth visibility into audit statuses, risk factors, control assessments and more.
After considering several solution providers, the company selected MetricStream to implement a risk,
compliance and audit management (GRC) framework that was customized to the company’s specific
requirements. MetricStream’s extensive experience with leading financial organizations was one of
MetricStream
the reasons that prompted this selection. The company was confident that with MetricStream’s so-
phisticated technology, flexible architecture and powerful capabilities, it could build a strong, intuitive
framework for risk, compliance and audit management.

The company chose MetricStream’s GRC platform with embedded modules for risk management,
audit management, compliance management, issue management and policy/documentation manage-

“We wanted a solution that could help us manage audits, risk and compliance in a
proactive, efficient and consistent manner. MetricStream stood apart from other solution
providers because of its extensive experience in the financial services industry, the so-
phistication of its product and its commitment to meet our specific requirements. We are
confident that with MetricStream technology, we can improve the effectiveness of audit,
risk and compliance management, thus increasing value for our customers and
shareholders.” says the spokesperson of the Company.

ment. These modules are built on a single platform, enabling the company to break down functional
silos in favor of a more collaborative pattern of functioning.

The MetricStream platform also delivers end-to-end workflow automation that enables the company
to eliminate manual, time-consuming processes and save on valuable resources and manpower.
Powerful dashboards and reporting features enhance visibility into processes at every stage. Each
dashboard comes equipped with drill down capabilities that provide a more nuanced perspective into
risk, compliance and audit, enabling managers to make timely, informed decisions.

The solution also contains a centralized document repository for all GRC policies, control assessments,
reports and other information. An easy search capability enables the company to search, archive and
retrieve this information with speed and efficiency.

Audit management: MetricStream Audit Management Solution is a comprehensive framework

designed to manage the complete audit lifecycle from audit planning and scheduling, to field data
collection, development of audit reports, review of recommendations and implementation of these
recommendations. The solution also provides the company with the flexibility to define and manage
the entire audit universe - business units, functions, systems, processes and objects.

The solution delivers automated alerts for schedules as well as conflicts surrounding schedule tim-
ings, discrepancies, budgeting limits, etc. Company auditors can clearly define an audit plan including
background, scope, objectives and client information. Fieldwork can be conducted offline if desired,
and identified issues can be classified according to various parameters such as criticality, risk and
process.

The entire solution is designed such that each business unit can manage their audits independently,
thus enhancing responsibility and accountability. At the same time, all individual audits can be rolled
back upstream to provide centralized reporting and trending. This way, the company can gain an
enterprise-wide view of all its auditing activities.

Risk management: MetricStream Risk Management Solution supports a top-down risk based ap-
proach, enabling the company to focus its efforts and resources on the managing the most important
risks and controls. Powerful risk heat maps and color coding charts provide a graphical overview of
risk profiles, while embedded control frameworks such as COSO and COBIT enable the company to
choose the best possible approach to mitigating risks.

The solution comes equipped with a powerful risk assessment methodology that allows for defining a
flexible set of risk factors. Auditors can assign different types of weights for every risk factor such as
dollar value, percentage and qualitative value. They can also create an extensive library of risk assess-
ment questionnaires and surveys based on existing templates within the system.

The solution enables consistent risk tracking across the enterprise. It also delivers reports and score-
cards to bring high-risk areas into focus and improve visibility into ongoing risk management efforts.
MetricStream
Why MetricStream
MetricStream helps manage multiple regulations and
risk factors across varying business units and loca-
tions using a single, centralized platform
MetricStream’s integrated approach helps break
down organizational silos and improve collaboration
across the enterprise
MetricStream’s solutions display a high degree of
sophistication to support complex organizational
models while at the same time providing a user-
friendly interface
MetricStream provides immediate and indepth vis-
ibility into audit, risk and compliance data through
executive dashboards, risk heat maps and control
charts
Compliance management: MetricStream Compliance Management Solution enables the company
to develop, maintain and communicate compliance policies, standards and procedures. It also helps
monitor compliance processes, define internal controls and demonstrate that a control has been
tested as required.
The system supports consistent control assessment plans based on pre-defined criteria and check-
lists, and has a mechanism for scoring, tabulating and reporting the results. Assessment plans to test
controls can be scheduled periodically or triggered based on the occurrence of certain events. A cen-
tral repository of assessments helps determine if a specific control was tested, what the assessment
results were, and if a remedial action plan is required. By consistently testing controls, the company
can ensure compliance with SOX, MAR, FDICIA and other regulatory requirements.
Issue Management and Remediation: If issues are discovered during audits or compliance or control
assessments, the MetricStream GRC platform automatically routes it to an Issue Management and
Remediation module. The module investigates the issue and either triggers a remediation process or
sends an automatic alert to the appropriate personnel. Managers can track the status of the issue in
real-time at any stage in the remediation cycle through powerful dashboards.

MetricStream’s solutions are scalable and display a

high degree of flexibility

MetricStream automates the entire workflow, improv-

ing efficiencies and saving on costs, resources and
time

For more information, visit

www.metricstream.com

Copyright 2011. All Rights Reserved.