A Financial Planning Leader Streamlines Audit, Risk and Compliance
0 likes267 views
The document discusses how a leading financial planning company faced challenges in managing audits, risk, and compliance due to isolated systems. In response, the company selected MetricStream's GRC platform to streamline these processes through centralized management, improved collaboration, and enhanced visibility. The implementation of this solution aims to increase operational efficiency, ensure compliance with regulations, and provide real-time tracking and reporting capabilities.
A Financial Planning Leader Streamlines Audit, Risk and Compliance
- 1. CASE STUDY MetricStream A FINANCIAL PLANNING LEADER STREAMLINES AND SIMPLIFIES AUDIT, RISK AND COMPLIANCE MANAGEMENT Customer The company is a leader in financial planning in America. It offers a broad range of innovative products and services to help customers save and spend their money wisely. Overview As a financial entity, the company is required to establish a rigorous risk management program, conduct thorough audits, and comply with a host of legislations and regulations. The company had already instituted programs to manage these processes, supported by localized and stand-alone systems. However, as it expanded its functions and services, the company found it challenging to conduct regular audits across the whole enterprise using these stand-alone systems. Managing a growing list of risks and compliance regulations was also proving to be time-consuming and complex, as the company lacked a centralized framework to integrate risk inventories, control assessments and other documentation. Benefits In response, the company felt the need to build a more collaborative framework and facilitate better workflow management for risk, compliance and audit processes. Streamlined workflows: MetricStream’s Solutions are built on a single platform, enabling the company to streamline and integrate all risk, compliance and Challenges audit management processes. In the process, col- Isolated workflows: With thousands of advisors and customers spread across the nation, the laboration across business units, departments and operations is improved. company found it challenging to collaborate on risk, compliance and audit management. Most often, audits were conducted in independent silos and at varying intervals from each other. Similarly, risks and controls were managed in isolated initiatives. This siloed approach often led to process redundan- Enhanced efficiency: MetricStream comes embed- ded with operational efficiencies that reduce the cies, which in turn, consumed far more resources, time and effort than was actually required. time, resources and effort required for audit, risk and compliance management. Thus, instead of spending Manual processes: The company’s existing systems required risk, compliance and audit data to all their efforts on these processes, managers can be entered manually. Reports were also generated manually, using spreadsheets and stand-alone focus on their core business. systems. As a result, internal auditors and managers were forced to spend significant time, effort and resources in compiling data from isolated sources, entering the data into the systems and preparing Improved visibility and tracking: MetricStream reports. provides in-depth information on risk, compliance and audit statuses and trends through powerful features Limited visibility: The company’s existing system did not offer real-time visibility into risk, compli- such as executive dashboards and risk heat maps. ance and audit processes across the enterprise. Neither did it enable them to track issues and correc- This enables managers to stay ahead of issues, and chart their progress proactively. MetricStream’s tive actions in real-time. Consequently, crucial decision making processes were hindered until reports centralized document repository also enables them could be compiled manually. The reports in turn, took significant time and effort to create. to access and view all enterprise related policies, documents, certifications and other information with Lack of centralized documentation: The company was required to deal with a tremendous amount ease and efficiency. of documentation including control assessments, regulatory information, internal policies and audit reports. Because these documents were not stored in a single location, search and retrieval became Sustainable compliance: MetricStream’s rigorous, extremely challenging. efficient approach to risk, compliance and audit man- agement enables the company to ensure compliance with both internal policies and external regulations. Complex regulatory landscape: The company is required to ensure rigorous, stringent compliance SOX, FDICIA and MAR requirements can be managed with regulations such as SOX, MAR and FDICIA. Each of these regulations is complex and intensive, centrally across nationwide operations. often containing hundreds of requirements that are subject to change. The company found it time- consuming and complex to extend these requirements across the enterprise, manage various controls and consistently monitor their effectiveness. Solution The company was looking to implement a solution to automate and streamline risk, compliance and audit management across the enterprise. It also wanted to build a central repository of risk inven- tories, control assessments and other documentation for easy access and management. Moreover, it wanted to track issues and trends in real-time, improve collaboration across the enterprise and provide in-depth visibility into audit statuses, risk factors, control assessments and more. After considering several solution providers, the company selected MetricStream to implement a risk, compliance and audit management (GRC) framework that was customized to the company’s specific requirements. MetricStream’s extensive experience with leading financial organizations was one of
- 2. MetricStream the reasons that prompted this selection. The company was confident that with MetricStream’s so- phisticated technology, flexible architecture and powerful capabilities, it could build a strong, intuitive framework for risk, compliance and audit management. The company chose MetricStream’s GRC platform with embedded modules for risk management, audit management, compliance management, issue management and policy/documentation manage- “We wanted a solution that could help us manage audits, risk and compliance in a proactive, efficient and consistent manner. MetricStream stood apart from other solution providers because of its extensive experience in the financial services industry, the so- phistication of its product and its commitment to meet our specific requirements. We are confident that with MetricStream technology, we can improve the effectiveness of audit, risk and compliance management, thus increasing value for our customers and shareholders.” says the spokesperson of the Company. ment. These modules are built on a single platform, enabling the company to break down functional silos in favor of a more collaborative pattern of functioning. The MetricStream platform also delivers end-to-end workflow automation that enables the company to eliminate manual, time-consuming processes and save on valuable resources and manpower. Powerful dashboards and reporting features enhance visibility into processes at every stage. Each dashboard comes equipped with drill down capabilities that provide a more nuanced perspective into risk, compliance and audit, enabling managers to make timely, informed decisions. The solution also contains a centralized document repository for all GRC policies, control assessments, reports and other information. An easy search capability enables the company to search, archive and retrieve this information with speed and efficiency. Audit management: MetricStream Audit Management Solution is a comprehensive framework designed to manage the complete audit lifecycle from audit planning and scheduling, to field data collection, development of audit reports, review of recommendations and implementation of these recommendations. The solution also provides the company with the flexibility to define and manage the entire audit universe - business units, functions, systems, processes and objects. The solution delivers automated alerts for schedules as well as conflicts surrounding schedule tim- ings, discrepancies, budgeting limits, etc. Company auditors can clearly define an audit plan including background, scope, objectives and client information. Fieldwork can be conducted offline if desired, and identified issues can be classified according to various parameters such as criticality, risk and process. The entire solution is designed such that each business unit can manage their audits independently, thus enhancing responsibility and accountability. At the same time, all individual audits can be rolled back upstream to provide centralized reporting and trending. This way, the company can gain an enterprise-wide view of all its auditing activities. Risk management: MetricStream Risk Management Solution supports a top-down risk based ap- proach, enabling the company to focus its efforts and resources on the managing the most important risks and controls. Powerful risk heat maps and color coding charts provide a graphical overview of risk profiles, while embedded control frameworks such as COSO and COBIT enable the company to choose the best possible approach to mitigating risks. The solution comes equipped with a powerful risk assessment methodology that allows for defining a flexible set of risk factors. Auditors can assign different types of weights for every risk factor such as dollar value, percentage and qualitative value. They can also create an extensive library of risk assess- ment questionnaires and surveys based on existing templates within the system. The solution enables consistent risk tracking across the enterprise. It also delivers reports and score- cards to bring high-risk areas into focus and improve visibility into ongoing risk management efforts.
- 3. MetricStream Compliance management: MetricStream Compliance Management Solution enables the company Why MetricStream to develop, maintain and communicate compliance policies, standards and procedures. It also helps monitor compliance processes, define internal controls and demonstrate that a control has been MetricStream helps manage multiple regulations and tested as required. risk factors across varying business units and loca- tions using a single, centralized platform The system supports consistent control assessment plans based on pre-defined criteria and check- MetricStream’s integrated approach helps break lists, and has a mechanism for scoring, tabulating and reporting the results. Assessment plans to test down organizational silos and improve collaboration controls can be scheduled periodically or triggered based on the occurrence of certain events. A cen- across the enterprise tral repository of assessments helps determine if a specific control was tested, what the assessment results were, and if a remedial action plan is required. By consistently testing controls, the company MetricStream’s solutions display a high degree of can ensure compliance with SOX, MAR, FDICIA and other regulatory requirements. sophistication to support complex organizational models while at the same time providing a user- Issue Management and Remediation: If issues are discovered during audits or compliance or control friendly interface assessments, the MetricStream GRC platform automatically routes it to an Issue Management and MetricStream provides immediate and indepth vis- Remediation module. The module investigates the issue and either triggers a remediation process or ibility into audit, risk and compliance data through sends an automatic alert to the appropriate personnel. Managers can track the status of the issue in executive dashboards, risk heat maps and control real-time at any stage in the remediation cycle through powerful dashboards. charts MetricStream’s solutions are scalable and display a high degree of flexibility MetricStream automates the entire workflow, improv- ing efficiencies and saving on costs, resources and time For more information, visit www.metricstream.com Copyright 2011. All Rights Reserved.