Before MetricStream, the company’s risk and compliance management processes were largely manual and fragmented with separated teams, data systems, and reporting. Teams used multiple disparate systems and spreadsheets to assess and monitor risks and compliance. A business merger only added to the complexity by bringing in a completely different set of risk processes, people, tools, and taxonomies.
The company wanted to drive risk management discipline and principles across business units, but a lack of standardized tools, systems, data, communications protocols, and processes hampered this objective.
The inconsistencies made it difficult for teams to aggregate, reconcile, and report risk data from across the lines of the business. Without a real-time view of risks, leaders couldn’t make informed business decisions. Faced with these challenges, the company decided to upgrade to a new risk solution.
MetricStream was chosen because its out-of-the-box solution was the most robust, easiest to use, and supported by an active consultative and services team. It would enable the company to manage all its risks, controls, compliance requirements, policies, and more in an integrated and consistent manner. No more siloes or disparate systems. Everything would be housed in a single source of truth, thus improving risk visibility.
Today, MetricStream’s solution provides a single point of reference for 5,000 individual users at this financial advisory firm to manage to manage their policies, risks, compliance, regulatory engagements, advisory, and audits. It runs across all the lines of the business, linking and mapping together integrated risk processes and data on the MetricStream Platform.
Improved risk visibility with a centralized risk repository
Better efficiency with simpler and more standardized risk processes
Increased first-line involvement in risk management, and better collaboration across the lines of the business
Faster risk reporting with automated workflows, and consistent and predictable data
MetricStream has helped standardize risk and compliance processes, frameworks, and standards across the enterprise. Over 20 risk event processes and six audit processes have been folded into one process each—thus saving costs and resources. Even risk-control self-assessments (RCSAs) have been reduced to a single, consistent process.
What made this possible was the company’s commitment to align its processes to MetricStream best practices, rather than changing the products to fit the company’s business process. For instance, older risk rating scales with multiple colors and six rating levels were replaced with MetricStream’s out of the box, 4-level rating scale which made risk reporting easier and more consistent. This enabled the organization to make better risk-informed business decisions.
MetricStream helped establish a common risk taxonomy across the lines of the business, so that everyone can communicate in a harmonized manner. Meanwhile, comprehensive risk event forms have improved the quality of risk reporting. Looking at the data, stakeholders can easily identify the root causes of risk events, as well as common themes across the business.
MetricStream’s intuitive and user-friendly capabilities have made it easier for the company to drive risk management principles into the first line of the business. Today, frontline business owners can confidently identify and report emerging risks and issues—especially since risk jargons have been simplified.
The solution also breaks down silos between the three lines, enabling them to effectively collaborate and exchange risk information. Clear lines of risk accountability and control ownership help ensure that the program functions smoothly
MetricStream is enabling the company make faster and better decisions with real-time risk reporting, analytics, and intelligence. The solution delivers a comprehensive and consolidated view of risks across the enterprise. Users can slice and dice the data to uncover granular insights, and act on the risks that matter. They can also compare and correlate which business functions are doing well in their risk and compliance management, and which ones aren’t. These insights help the business improve their risk posture, and strengthen compliance with hundreds of regulations.
The company accelerated time to value by deploying eight MetricStream products in short sprints. The project was well-planned and streamlined with both MetricStream and the customer teams working closely together to ensure a quick roll-out and adoption.
To ensure that the implementation would be successful, the company first achieved the buy-in and sponsorship of key stakeholders. The company also established an operating committee to govern the program. Teams knew that while MetricStream technology would be an important enabler, the success of the program would really depend on the people and processes involved.
Right from the start, the first line was involved in the project because they would be the ones using the solution and assessing risks. A strong training foundation was built to help users understand how to perform their role, how it would differ from their previous functions, what they would need to know, and why they would need to take action. Together, these initiatives helped drive up the success of the new integrated risk program.