SlideShare uma empresa Scribd logo

Governance, Risk and Compliance- Energy Industry

MetricStream Inc
MetricStream Inc

Case Study:Large Fortune 500 Energy Organization selects MetricStream's GRC solution to create a proper governance structure and GRC processes across the enterprise.

NegóciosTecnologia
1 de 4
Baixar para ler offline
CASE STUDY MetricStream FORTUNE 500 ENERGY ORGANIZATION BUILDS A STRONG GOVERNANCE, RISK AND COMPLIANCE FOUNDATION Customer The customer, headquartered in the USA, is one of the largest energy companies in the nation. It generates, manages, supplies and distributes energy for commercial, industrial and public sector organizations, as well as residential communities. The company is also a leading advocate for clean, environmentally sustainable energy sources such as solar power and nuclear energy. Overview Today, the energy industry is under tremendous pressure to comply with myriad regulations including FERC, NERC, NRC, NIST, OSHA and EPA. These regulations are continuously evolving, thereby requir- ing companies to build a sustainable compliance management program. No longer can compliance be a one-time event, but an ongoing effort. In addition, robust strategies for risk, audit, compliance, ethics and legal management are critical for protection against failures in corporate governance, operational and financial inefficiencies. Apart from that, strategies for safeguarding the company’s assets, reputation, and ultimately, the interest Benefits of shareholders also needs to be devised. However, most of these risk and compliance strategies are managed through isolated, manual processes and systems. This raises project costs, duplicates ef- Automation of risk and compliance workflows: forts across the enterprise, and deflects resources away from key business initiatives. Automated workflows on the MetricStream inte- grated platform free the energy provider from the An integrated GRC approach will help in achieving sustainable compliance by facilitating the efficient extensive use of spreadsheets and other manual use of risk information in strategic decision-making, ensuring the usage of consistent terminologies tools. MetricStream Solution also enhances IT risk and methodologies across departments, establishing a risk-focused corporate culture, providing a management and business continuity by automat- ing risk assessment workflows for applications, comprehensive view of the organization’s overall risk profile, and delivering assurance to executive infrastructure, disaster recovery and cyber security. directors and senior management on the effectiveness of internal controls and frameworks. This dramatically increases efficiency, shortens completion periods, reduces coordination efforts, and The MetricStream customer places utmost importance on integrated regulatory compliance and risk diminishes errors and possibilities of duplicate efforts. management. To streamline risk and compliance across its multiple businesses and thousands of The overall level of compliance across the enterprise employees and contractors, the energy major rapidly transitioned from a siloed, operational structure has gone up significantly, while costs have come to an integrated, holistic GRC model. It established a centralized platform where all GRC initiatives down. and information were unified, managed, shared across business units, and leveraged for better deci- sion making. It also improved GRC management efficiencies, lowered risks, ironed out discrepancies Greater transparency: MetricStream Solution helps quickly and ensured enterprise-wide compliance with regulations at every step of the way. consolidate various data including risks, controls, tests and issues into a central library. This informa- tion is stored according to business unit, process, function and department. The latest information is Challenges made available across the organization, increasing Lack of common terminology for risk and controls: Each department in the company used their visibility for the management to assess risk and con- trol activities, utilize existing sets of controls, avoid own terminology and processes to define and assess risks and controls. They lacked common risk duplication of assessments, and decide whether to standards, definitions and rating methodologies to provide a centralized perspective of risk. As a enhance controls or accept current risk levels. result, risk evaluation across the enterprise was not always consistent. This, in turn, hindered data aggregation and reporting to senior management. Centralized, sustainable risk management: MetricStream GRC platform provides a centralized Ad hoc compliance initiatives: The company is subject to multiple compliance requirements, framework for risk management, thus eliminating the including SOX, NERC, FERC and other Legal and Regulatory mandates. Compliance with each of these need for multiple systems and lowering maintenance regulations was managed separately by each department. There was no common platform unify- costs. It has enabled the company to eliminate five redundant risk systems, over 300 spreadsheets and ing these requirements, linking them with the appropriate controls, or enabling sharing of controls. over 10 content management sites. These tools have Consequently, controls and other related efforts were unnecessarily duplicated across the enterprise. been replaced with MetricStream’s standardized Visibility into enterprise-wide compliance management processes was also poor. risk libraries, consistent risk terminologies, and a common framework for risk aggregation and control Difficulty in enterprise-wide auditing: The lack of an integrated audit management system made au- monitoring. diting a laborious, resource-intensive and time-consuming process. Internal auditors found it challeng- ing to aggregate isolated audit data from various departments and businesses across the enterprise. Compounding the challenge was the lack of integration between Audit, Risk and Compliance programs which hindered the adoption of a risk-based approach to auditing. And given the massive size of the organization, it was difficult to estimate the resources, time and effort necessary to plan and execute audits. Siloed systems: Over the years, each department acquired their own set of point solutions for their own individual requirements. The result was hundreds of isolated solutions that made it increasingly difficult to track the enterprise-wide GRC status at any given time. Operational risks, vulnerabilities
MetricStream and mitigations were tracked on one system, Financial, SOX risks and controls on another, and audits on a third. The compliance team managed its own set of applications, as did the risk team. This siloed approach hampered visibility into risks and controls, and their relation to business processes. It also resulted in inconsistent standards, and redundancy of risk and compliance management efforts, not to mention duplicate costs. Usage of custom-built, in-house applications: Hundreds of spreadsheets, and email-based ap- plications were used to track and monitor compliance, as well as to assess risks and controls within departments. These tools required a large amount of co-ordination and effort, and involved laborious processes. There was also the risk of manual errors and reduced efficiency. Personnel working on these tools required a lot of time to complete tasks. Insufficient reporting capabilities: The lack of unified reporting resulted in managers and board members, as well as various teams, having difficulty in getting the required information quickly in the desired format. It was also challenging to merge large sets of data on processes, risks and controls at various levels of granularity to provide value-added information to various stakeholders. Benefits Solution The company was determined that its GRC program would not be merely about demonstrating compli- Improved risk control: MetricStream Solution ance to regulators. It wanted to establish a world-class corporate governance process, and a compli- supports the implementation of a unified rating ance and risk framework built on the principles of proactivity, integration and communication. Such a methodology to measure and document risk impacts framework would not only ensure sustainable compliance with various regulations, but it would also categorized by seven risk types – Liquidity, Market, provide excellent insights for better decision making. Credit, Operational, Environmental, Business, Stra- tegic and Reputational. The advanced capabilities of MetricStream Solution enable the company to identify To achieve this goal, the company created a top-down approach to risk and compliance management, and assess risk. Using the risk assessment data, the which enabled it to focus on those risks and controls that had the greatest impact on company profit- organization will be able to determine if controls are ability. It also established a strong communication and education program for employees, encouraging adequate, or if risks can be accepted. The solution them to be more responsible and accountable for risk management. In addition, an effective communi- also enables the company to discover incidents and cation plan was created for GRC-involved committees, as well as the Management and Board. issues on time, resolve them quickly and efficiently manage loss event data. The company’s goal was to create a proper governance structure and processes, integrate risk Creation of a strong risk culture: MetricStream So- management into strategic decision-making, ensure continuous compliance, and harmonize GRC lution helps the company establish an enterprise-wide processes across the enterprise. To that end, it was looking for an integrated GRC solution that could risk-focused culture through a top-down and bottom- streamline, standardize, automate and unify all GRC programs, while improving cost-savings and up approach to risk identification and management. It efficiencies. also helps educate individuals on understanding risks, and taking the responsibility to maintain them at ac- The company conducted a detailed analysis of industry options and selected MetricStream as the ceptable levels. Being built on a centralized platform, the solution enables the company to identify risks preferred GRC solutions provider. The basis of the selection was MetricStream’s integrated single in any area, and map them back to each business platform, broad range of solutions, and its industry track record of hugely successful implementations process. It also delivers risk assessment results in in global Energy & Utility companies. real-time, enabling managers to plan reviews for the completeness of risk identification, and the efficacy of MetricStream delivered a comprehensive set of solutions on a common platform, including enterprise plans to enhance controls or accept risks. risk management, legal and regulatory compliance, NERC and SOX compliance, business continuity Decreased costs of regulatory compliance: With management, issue management and remediation, and policy/document management. automated and streamlined compliance activities, quality time and resources can be focused on high MetricStream Platform is future proof, and can be easily extended to meet the future GRC require- risk areas for more productive work. The single plat- ments of the company, such as managing new compliance regulations, risks and audits. The Metric- form solution for all the GRC needs of the company Stream Application Studio enables the Internal IT team and users to create additional GRC applica- has lowered the costs of regulatory compliance. tions, and deploy them on the same platform without expending much time and effort. Users do not have to undergo additional training, as the usability of the tools is very similar to previous applications. MetricStream Integrated GRC Platform: MetricStream Solutions are based on MetricStream GRC Platform - a Web-based comprehensive application that enables end-to-end process automation and visibility, collaboration between various groups, centralized libraries and an integrated approach to GRC. The platform supports the customer’s organizational model across all business units and depart- ments, as well as their mapping to different roles and reporting relationships. Users have role-based portal access with options for initiating actions, responding to events, manag- ing and assigning tasks, and viewing reports and dashboards. The system also triggers email-based notifications and alerts to appropriate personnel to notify them of various events and requirements.
MetricStream Enterprise Risk Management: MetricStream Enterprise Risk Management (ERM) Solution helps the Benefits energy provider identify, assess, quantify, monitor and manage risks from across the enterprise in an integrated manner. Enhanced training: MetricStream Solution contains a robust compliance training management system that Data is consolidated in a reusable library comprising risks, corresponding controls, assessments, manages registration, remote participation, feedback and course material. Employees are able to respond results, key risk indicators, events such as losses and near-misses, issues and remediation plans. directly to training through the system. Therefore, Risks are highlighted depending on their impact or bearing on various functions and processes. This compliance coordinators can easily track and report data then rolls up to senior management, and is used to create standard as well as customized reports on the status of employee training, without resorting for identifying risks to business performance, operational efficiency and non-compliance across the to manual tracking measures. enterprise. Enhanced Audit Management: MetricStream Industry best practices embedded in the solution help the company define the scope of processes and Audit Management Solution will strengthen the organization’s audit processes by streamlining audit sub-processes for risk management and the development of control and test libraries. MetricStream planning, scheduling and execution, and improving has enabled the company’s RCSA methodology that supports a repeatable risk-control self-assess- the efficiency of resource management and document ment. It enables each business unit to identify and manage risks and controls independently. At the management. The company can rely on audits to same time, it collates the information together for managers to gain visibility into the risk manage- embed a strong risk culture across the enterprise. ment status across the enterprise. For instance, self-identified control deficiencies may not be penalized, and risk ratings can be based on residual risk levels. The solution also supports top-down and bottom-up risk identification and management. Across processes, risk and control data are linked, enabling easy sharing of information. Strengthened SOX 404 compliance: MetricStream Solution helps the company create a comprehensive database of financial controls. It also consolidates financial reporting risks for SOX 404 testing, partially automates the scoping of risk assessment, facilitates and certifies control testing and evaluation, simpli- fies issue management and streamlines workflow management. Consequently, the company can ensure consistent SOX compliance. Compliance management & tracking: MetricStream offers the industry’s most advanced and comprehensive Integrated Compliance and Issue Management solution. It equips the energy company with the technology and best practices to ensure continuous compliance with various regulatory requirements, while lowering the associated costs. The solution is pre-loaded with all NERC, FERC and Regional Reliability standards and requirements. This centralized repository of information enables users to quickly search for and access informa- tion. It also helps managers structure the information in an organized hierarchy, beginning with each compliance regulation, and moving down to their respective requirements, standards and controls. This well-laid out framework helps improve the efficiency of searching for controls, and coordinating control-based activities, enterprise wide. The underlying data model is architected to accommodate many-to-many modeling requirements, as well as to navigate multiple dimensions via navigation trees.
MetricStream Any changes in regulations such as FERC and NERC prompt the system to automatically send out update alerts, and import new requirements and content from regulatory websites. The respective users are alerted with details of non-compliance that have emerged because of new regulations or in changes to existing ones. Version control capabilities are provided to manage changes efficiently. In fact, the company can monitor the progress of NERC-CIP version migration from V2 to V3 to V4. Managers are free to configure compliance workflows to suit their management of regulatory require- ments and controls, as well as various processes such as report creation, feedback approval and as- similation, and version control. An integrated Issue Management module captures all violation issues and monitors remediation plans. SOX compliance: MetricStream enables the company to significantly reduce its cost of Sarbanes- Oxley (SOX) compliance. Managers are able to leverage COSO and COBIT frameworks, design, assess and improve internal controls, and monitor compliance processes at any level of detail. The solution follows a top-down risk-assessment approach which simplifies workflows, quickly high- lights areas that require attention, and improves transparency into financial risks. It allows process Why MetricStream owners to test and manage controls on their own, while collating data across the enterprise for audi- tors to gain top-level visibility into the status of SOX compliance. Any issues that arise are immedi- MetricStream’s solution provides a unified ap- ately routed to MetricStream Issue Management module for immediate investigation and remediation. proach and an integrated solution to meet strategic objectives, as well as regulatory and compliance Automated alerts keep the process on track and ensure that each issue is resolved and closed. requirements. Multiple procedures for surveys and certifications, which affirm the strength of internal controls and adherence to policies, are supported within the solution. It harmonizes all control frameworks into a MetricStream Platform and its various solutions could easily replace existing solutions for ERM, compliance centralized library, enabling users across SOX, Regulatory and Reliability / NERC compliance to share and audits. controls and results of control assessments. This prevents duplication of assessments - especially with regard to IT controls – and hence improves cost-effectiveness and efficiency. MetricStream Solution provides a centralized library to hold policies, certifications, risk and control as- Ethics & Legal Compliance: MetricStream Compliance Solution is leveraged by the Legal, Ethics sessments, compliance requirements and all other and Compliance teams to efficiently streamline compliance management, and establish a proactive documentation for easy review and reference. and ongoing process of compliance. The Ethics & Compliance team uses MetricStream solution for the creation and distribution of online compliance surveys for thousands of employees to certify that MetricStream Solution demonstrated the ability to they’re complying with specific standards. The results are automatically collected and stored in a handle the customer’s specific requirements for an central repository for easy access and retrieval by top managers. ERM framework, risk terminology, consistency, rank- ing methodology and more. Audit management: MetricStream Solution will be extended to help the company adopt a risk-based MetricStream Solution ensures security of electronic approach to Corporate and Environmental audit management. The solution will enable efficient col- records, and provides time-stamped audit trails, laboration, planning, scheduling and auditing, while allowing audit findings to be reviewed, shared and role-based access controls, electronic signatures and analyzed by a team. A robust analytics and reporting capability with graphical dashboards will track password management. each audit from initiation to closure, giving managers real-time visibility. MetricStream has the ability to support large leading organizations, and meet their IT requirements in the The solution will facilitate audit and risk information sharing among peers and audit stakeholders. It areas of integration, configurability, scalability and will also enable the company to efficiently manage resources, track budgets, configure audit profiles, security. plan audits, record audit milestones and re-scope audits. It contains innovative capabilities to improve auditor performance by conducting multiple audit tasks simultaneously, collaborating on reviews, get- MetricStream offers a broad set of solutions on a ting fieldwork approvals and delegating tasks. Web-based platform with capabilities to map its of- fering to all governance, risk, compliance, and quality processes within the company. MetricStream’s solution provides key services such as workflows, configurable forms, collaboration, real-time exception tracking, email alerts and notifica- tions, integration, reports, executive dashboards, business intelligence, analytics, and secure access control. For more information, visit www.metricstream.com Copyright 2011. All Rights Reserved.

Recomendados

Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutions
MetricStream Inc
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
MetricStream Inc
 
Sarbanes oxley compliance
Sarbanes oxley complianceSarbanes oxley compliance
Sarbanes oxley compliance
MetricStream Inc
 
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
MetricStream Inc
 
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, OniquaStandardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Energy Network marcus evans
 
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
MetricStream Inc
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 

Recomendados

Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutions
MetricStream Inc
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
MetricStream Inc
 
Sarbanes oxley compliance
Sarbanes oxley complianceSarbanes oxley compliance
Sarbanes oxley compliance
MetricStream Inc
 
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
MetricStream Inc
 
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, OniquaStandardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Standardizing Preventive Maintenance in the Energy Sector - Andy Hill, Oniqua
Energy Network marcus evans
 
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
MetricStream Inc
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
 
Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS
MetricStream Inc
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
Aladdin Dandis
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
karlhennessy
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Energy Network marcus evans
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
Ascent World
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
agiliancecommunity
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions
MetricStream Inc
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Healthcare Network marcus evans
 
Drp For Menora
Drp For MenoraDrp For Menora
Drp For Menora
Pini Cohen
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
Rod Davis
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-template
Mohamed Owaish
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resilience
zadok001
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
alanlund
 
Rethinking compliance
Rethinking complianceRethinking compliance
Rethinking compliance
S. Hanau
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
Atef Yassin
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
Graeme Parker
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
MetricStream Inc
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry
MetricStream Inc
 

Mais conteúdo relacionado

Mais procurados

Drp For Menora
Drp For MenoraDrp For Menora
Drp For Menora
Pini Cohen
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resilience
zadok001
 

Mais procurados (20)

Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
 
Drp For Menora
Drp For MenoraDrp For Menora
Drp For Menora
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-template
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resilience
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Rethinking compliance
Rethinking complianceRethinking compliance
Rethinking compliance
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
 

Semelhante a Governance, Risk and Compliance- Energy Industry

Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
MetricStream Inc
 
Financial organization-orm
Financial organization-ormFinancial organization-orm
Financial organization-orm
MetricStream Inc
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
MetricStream Inc
 
Strengthening governance, risk and compliance in the insurance industry
Strengthening governance, risk and compliance in the insurance industryStrengthening governance, risk and compliance in the insurance industry
Strengthening governance, risk and compliance in the insurance industry
Jordi Planas Manzano
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
Lennart Bredberg
 

Semelhante a Governance, Risk and Compliance- Energy Industry (20)

Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Financial organization-orm
Financial organization-ormFinancial organization-orm
Financial organization-orm
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
 
Agiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key StepsAgiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key Steps
 
Global Bank Brings Compliance Risks under Control
Global Bank Brings Compliance Risks under Control Global Bank Brings Compliance Risks under Control
Global Bank Brings Compliance Risks under Control
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
 
Strengthening governance, risk and compliance in the insurance industry
Strengthening governance, risk and compliance in the insurance industryStrengthening governance, risk and compliance in the insurance industry
Strengthening governance, risk and compliance in the insurance industry
 
Audit solution airline
Audit solution airlineAudit solution airline
Audit solution airline
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
 
IBM Solution Brief strEAM+
IBM Solution Brief strEAM+IBM Solution Brief strEAM+
IBM Solution Brief strEAM+
 
The Business Case for Process Safety
The Business Case for Process SafetyThe Business Case for Process Safety
The Business Case for Process Safety
 
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk Management
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
 
The Business Case for the Enterprise Environmental Liability Management System
The Business Case for the Enterprise Environmental Liability Management SystemThe Business Case for the Enterprise Environmental Liability Management System
The Business Case for the Enterprise Environmental Liability Management System
 

Mais de MetricStream Inc

Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
MetricStream Inc
 
Healthcare Audit Compliance
Healthcare Audit Compliance Healthcare Audit Compliance
Healthcare Audit Compliance
MetricStream Inc
 

Mais de MetricStream Inc (14)

Regulatory relationship-management
Regulatory relationship-managementRegulatory relationship-management
Regulatory relationship-management
 
Next generation-risk-management-solution
Next generation-risk-management-solutionNext generation-risk-management-solution
Next generation-risk-management-solution
 
MetricStream AppStudio Accelerates the Creation & Configuration of GRC Soluti...
MetricStream AppStudio Accelerates the Creation & Configuration of GRC Soluti...MetricStream AppStudio Accelerates the Creation & Configuration of GRC Soluti...
MetricStream AppStudio Accelerates the Creation & Configuration of GRC Soluti...
 
Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
Clinical Research Org. Intensifies Compliance by Automating Audit & CAPA
 
Supplier quality-compliance
Supplier quality-complianceSupplier quality-compliance
Supplier quality-compliance
 
NERC Compliance Solution
NERC Compliance Solution NERC Compliance Solution
NERC Compliance Solution
 
Quality Audit Management – Food Industry
Quality Audit Management – Food Industry Quality Audit Management – Food Industry
Quality Audit Management – Food Industry
 
Msfairchildcasestudy
MsfairchildcasestudyMsfairchildcasestudy
Msfairchildcasestudy
 
Quality Management System
Quality Management System Quality Management System
Quality Management System
 
Health insurance compliance
Health insurance complianceHealth insurance compliance
Health insurance compliance
 
Iso9000 compliance
Iso9000 complianceIso9000 compliance
Iso9000 compliance
 
Internal Audit Solution - MetricStream
Internal Audit Solution - MetricStream Internal Audit Solution - MetricStream
Internal Audit Solution - MetricStream
 
Healthcare Audit Compliance
Healthcare Audit Compliance Healthcare Audit Compliance
Healthcare Audit Compliance
 
Internal Audit Solution
Internal Audit Solution Internal Audit Solution
Internal Audit Solution
 

Último

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 

Último (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 

Governance, Risk and Compliance- Energy Industry

  • 1. CASE STUDY MetricStream FORTUNE 500 ENERGY ORGANIZATION BUILDS A STRONG GOVERNANCE, RISK AND COMPLIANCE FOUNDATION Customer The customer, headquartered in the USA, is one of the largest energy companies in the nation. It generates, manages, supplies and distributes energy for commercial, industrial and public sector organizations, as well as residential communities. The company is also a leading advocate for clean, environmentally sustainable energy sources such as solar power and nuclear energy. Overview Today, the energy industry is under tremendous pressure to comply with myriad regulations including FERC, NERC, NRC, NIST, OSHA and EPA. These regulations are continuously evolving, thereby requir- ing companies to build a sustainable compliance management program. No longer can compliance be a one-time event, but an ongoing effort. In addition, robust strategies for risk, audit, compliance, ethics and legal management are critical for protection against failures in corporate governance, operational and financial inefficiencies. Apart from that, strategies for safeguarding the company’s assets, reputation, and ultimately, the interest Benefits of shareholders also needs to be devised. However, most of these risk and compliance strategies are managed through isolated, manual processes and systems. This raises project costs, duplicates ef- Automation of risk and compliance workflows: forts across the enterprise, and deflects resources away from key business initiatives. Automated workflows on the MetricStream inte- grated platform free the energy provider from the An integrated GRC approach will help in achieving sustainable compliance by facilitating the efficient extensive use of spreadsheets and other manual use of risk information in strategic decision-making, ensuring the usage of consistent terminologies tools. MetricStream Solution also enhances IT risk and methodologies across departments, establishing a risk-focused corporate culture, providing a management and business continuity by automat- ing risk assessment workflows for applications, comprehensive view of the organization’s overall risk profile, and delivering assurance to executive infrastructure, disaster recovery and cyber security. directors and senior management on the effectiveness of internal controls and frameworks. This dramatically increases efficiency, shortens completion periods, reduces coordination efforts, and The MetricStream customer places utmost importance on integrated regulatory compliance and risk diminishes errors and possibilities of duplicate efforts. management. To streamline risk and compliance across its multiple businesses and thousands of The overall level of compliance across the enterprise employees and contractors, the energy major rapidly transitioned from a siloed, operational structure has gone up significantly, while costs have come to an integrated, holistic GRC model. It established a centralized platform where all GRC initiatives down. and information were unified, managed, shared across business units, and leveraged for better deci- sion making. It also improved GRC management efficiencies, lowered risks, ironed out discrepancies Greater transparency: MetricStream Solution helps quickly and ensured enterprise-wide compliance with regulations at every step of the way. consolidate various data including risks, controls, tests and issues into a central library. This informa- tion is stored according to business unit, process, function and department. The latest information is Challenges made available across the organization, increasing Lack of common terminology for risk and controls: Each department in the company used their visibility for the management to assess risk and con- trol activities, utilize existing sets of controls, avoid own terminology and processes to define and assess risks and controls. They lacked common risk duplication of assessments, and decide whether to standards, definitions and rating methodologies to provide a centralized perspective of risk. As a enhance controls or accept current risk levels. result, risk evaluation across the enterprise was not always consistent. This, in turn, hindered data aggregation and reporting to senior management. Centralized, sustainable risk management: MetricStream GRC platform provides a centralized Ad hoc compliance initiatives: The company is subject to multiple compliance requirements, framework for risk management, thus eliminating the including SOX, NERC, FERC and other Legal and Regulatory mandates. Compliance with each of these need for multiple systems and lowering maintenance regulations was managed separately by each department. There was no common platform unify- costs. It has enabled the company to eliminate five redundant risk systems, over 300 spreadsheets and ing these requirements, linking them with the appropriate controls, or enabling sharing of controls. over 10 content management sites. These tools have Consequently, controls and other related efforts were unnecessarily duplicated across the enterprise. been replaced with MetricStream’s standardized Visibility into enterprise-wide compliance management processes was also poor. risk libraries, consistent risk terminologies, and a common framework for risk aggregation and control Difficulty in enterprise-wide auditing: The lack of an integrated audit management system made au- monitoring. diting a laborious, resource-intensive and time-consuming process. Internal auditors found it challeng- ing to aggregate isolated audit data from various departments and businesses across the enterprise. Compounding the challenge was the lack of integration between Audit, Risk and Compliance programs which hindered the adoption of a risk-based approach to auditing. And given the massive size of the organization, it was difficult to estimate the resources, time and effort necessary to plan and execute audits. Siloed systems: Over the years, each department acquired their own set of point solutions for their own individual requirements. The result was hundreds of isolated solutions that made it increasingly difficult to track the enterprise-wide GRC status at any given time. Operational risks, vulnerabilities
  • 2. MetricStream and mitigations were tracked on one system, Financial, SOX risks and controls on another, and audits on a third. The compliance team managed its own set of applications, as did the risk team. This siloed approach hampered visibility into risks and controls, and their relation to business processes. It also resulted in inconsistent standards, and redundancy of risk and compliance management efforts, not to mention duplicate costs. Usage of custom-built, in-house applications: Hundreds of spreadsheets, and email-based ap- plications were used to track and monitor compliance, as well as to assess risks and controls within departments. These tools required a large amount of co-ordination and effort, and involved laborious processes. There was also the risk of manual errors and reduced efficiency. Personnel working on these tools required a lot of time to complete tasks. Insufficient reporting capabilities: The lack of unified reporting resulted in managers and board members, as well as various teams, having difficulty in getting the required information quickly in the desired format. It was also challenging to merge large sets of data on processes, risks and controls at various levels of granularity to provide value-added information to various stakeholders. Benefits Solution The company was determined that its GRC program would not be merely about demonstrating compli- Improved risk control: MetricStream Solution ance to regulators. It wanted to establish a world-class corporate governance process, and a compli- supports the implementation of a unified rating ance and risk framework built on the principles of proactivity, integration and communication. Such a methodology to measure and document risk impacts framework would not only ensure sustainable compliance with various regulations, but it would also categorized by seven risk types – Liquidity, Market, provide excellent insights for better decision making. Credit, Operational, Environmental, Business, Stra- tegic and Reputational. The advanced capabilities of MetricStream Solution enable the company to identify To achieve this goal, the company created a top-down approach to risk and compliance management, and assess risk. Using the risk assessment data, the which enabled it to focus on those risks and controls that had the greatest impact on company profit- organization will be able to determine if controls are ability. It also established a strong communication and education program for employees, encouraging adequate, or if risks can be accepted. The solution them to be more responsible and accountable for risk management. In addition, an effective communi- also enables the company to discover incidents and cation plan was created for GRC-involved committees, as well as the Management and Board. issues on time, resolve them quickly and efficiently manage loss event data. The company’s goal was to create a proper governance structure and processes, integrate risk Creation of a strong risk culture: MetricStream So- management into strategic decision-making, ensure continuous compliance, and harmonize GRC lution helps the company establish an enterprise-wide processes across the enterprise. To that end, it was looking for an integrated GRC solution that could risk-focused culture through a top-down and bottom- streamline, standardize, automate and unify all GRC programs, while improving cost-savings and up approach to risk identification and management. It efficiencies. also helps educate individuals on understanding risks, and taking the responsibility to maintain them at ac- The company conducted a detailed analysis of industry options and selected MetricStream as the ceptable levels. Being built on a centralized platform, the solution enables the company to identify risks preferred GRC solutions provider. The basis of the selection was MetricStream’s integrated single in any area, and map them back to each business platform, broad range of solutions, and its industry track record of hugely successful implementations process. It also delivers risk assessment results in in global Energy & Utility companies. real-time, enabling managers to plan reviews for the completeness of risk identification, and the efficacy of MetricStream delivered a comprehensive set of solutions on a common platform, including enterprise plans to enhance controls or accept risks. risk management, legal and regulatory compliance, NERC and SOX compliance, business continuity Decreased costs of regulatory compliance: With management, issue management and remediation, and policy/document management. automated and streamlined compliance activities, quality time and resources can be focused on high MetricStream Platform is future proof, and can be easily extended to meet the future GRC require- risk areas for more productive work. The single plat- ments of the company, such as managing new compliance regulations, risks and audits. The Metric- form solution for all the GRC needs of the company Stream Application Studio enables the Internal IT team and users to create additional GRC applica- has lowered the costs of regulatory compliance. tions, and deploy them on the same platform without expending much time and effort. Users do not have to undergo additional training, as the usability of the tools is very similar to previous applications. MetricStream Integrated GRC Platform: MetricStream Solutions are based on MetricStream GRC Platform - a Web-based comprehensive application that enables end-to-end process automation and visibility, collaboration between various groups, centralized libraries and an integrated approach to GRC. The platform supports the customer’s organizational model across all business units and depart- ments, as well as their mapping to different roles and reporting relationships. Users have role-based portal access with options for initiating actions, responding to events, manag- ing and assigning tasks, and viewing reports and dashboards. The system also triggers email-based notifications and alerts to appropriate personnel to notify them of various events and requirements.
  • 3. MetricStream Enterprise Risk Management: MetricStream Enterprise Risk Management (ERM) Solution helps the Benefits energy provider identify, assess, quantify, monitor and manage risks from across the enterprise in an integrated manner. Enhanced training: MetricStream Solution contains a robust compliance training management system that Data is consolidated in a reusable library comprising risks, corresponding controls, assessments, manages registration, remote participation, feedback and course material. Employees are able to respond results, key risk indicators, events such as losses and near-misses, issues and remediation plans. directly to training through the system. Therefore, Risks are highlighted depending on their impact or bearing on various functions and processes. This compliance coordinators can easily track and report data then rolls up to senior management, and is used to create standard as well as customized reports on the status of employee training, without resorting for identifying risks to business performance, operational efficiency and non-compliance across the to manual tracking measures. enterprise. Enhanced Audit Management: MetricStream Industry best practices embedded in the solution help the company define the scope of processes and Audit Management Solution will strengthen the organization’s audit processes by streamlining audit sub-processes for risk management and the development of control and test libraries. MetricStream planning, scheduling and execution, and improving has enabled the company’s RCSA methodology that supports a repeatable risk-control self-assess- the efficiency of resource management and document ment. It enables each business unit to identify and manage risks and controls independently. At the management. The company can rely on audits to same time, it collates the information together for managers to gain visibility into the risk manage- embed a strong risk culture across the enterprise. ment status across the enterprise. For instance, self-identified control deficiencies may not be penalized, and risk ratings can be based on residual risk levels. The solution also supports top-down and bottom-up risk identification and management. Across processes, risk and control data are linked, enabling easy sharing of information. Strengthened SOX 404 compliance: MetricStream Solution helps the company create a comprehensive database of financial controls. It also consolidates financial reporting risks for SOX 404 testing, partially automates the scoping of risk assessment, facilitates and certifies control testing and evaluation, simpli- fies issue management and streamlines workflow management. Consequently, the company can ensure consistent SOX compliance. Compliance management & tracking: MetricStream offers the industry’s most advanced and comprehensive Integrated Compliance and Issue Management solution. It equips the energy company with the technology and best practices to ensure continuous compliance with various regulatory requirements, while lowering the associated costs. The solution is pre-loaded with all NERC, FERC and Regional Reliability standards and requirements. This centralized repository of information enables users to quickly search for and access informa- tion. It also helps managers structure the information in an organized hierarchy, beginning with each compliance regulation, and moving down to their respective requirements, standards and controls. This well-laid out framework helps improve the efficiency of searching for controls, and coordinating control-based activities, enterprise wide. The underlying data model is architected to accommodate many-to-many modeling requirements, as well as to navigate multiple dimensions via navigation trees.
  • 4. MetricStream Any changes in regulations such as FERC and NERC prompt the system to automatically send out update alerts, and import new requirements and content from regulatory websites. The respective users are alerted with details of non-compliance that have emerged because of new regulations or in changes to existing ones. Version control capabilities are provided to manage changes efficiently. In fact, the company can monitor the progress of NERC-CIP version migration from V2 to V3 to V4. Managers are free to configure compliance workflows to suit their management of regulatory require- ments and controls, as well as various processes such as report creation, feedback approval and as- similation, and version control. An integrated Issue Management module captures all violation issues and monitors remediation plans. SOX compliance: MetricStream enables the company to significantly reduce its cost of Sarbanes- Oxley (SOX) compliance. Managers are able to leverage COSO and COBIT frameworks, design, assess and improve internal controls, and monitor compliance processes at any level of detail. The solution follows a top-down risk-assessment approach which simplifies workflows, quickly high- lights areas that require attention, and improves transparency into financial risks. It allows process Why MetricStream owners to test and manage controls on their own, while collating data across the enterprise for audi- tors to gain top-level visibility into the status of SOX compliance. Any issues that arise are immedi- MetricStream’s solution provides a unified ap- ately routed to MetricStream Issue Management module for immediate investigation and remediation. proach and an integrated solution to meet strategic objectives, as well as regulatory and compliance Automated alerts keep the process on track and ensure that each issue is resolved and closed. requirements. Multiple procedures for surveys and certifications, which affirm the strength of internal controls and adherence to policies, are supported within the solution. It harmonizes all control frameworks into a MetricStream Platform and its various solutions could easily replace existing solutions for ERM, compliance centralized library, enabling users across SOX, Regulatory and Reliability / NERC compliance to share and audits. controls and results of control assessments. This prevents duplication of assessments - especially with regard to IT controls – and hence improves cost-effectiveness and efficiency. MetricStream Solution provides a centralized library to hold policies, certifications, risk and control as- Ethics & Legal Compliance: MetricStream Compliance Solution is leveraged by the Legal, Ethics sessments, compliance requirements and all other and Compliance teams to efficiently streamline compliance management, and establish a proactive documentation for easy review and reference. and ongoing process of compliance. The Ethics & Compliance team uses MetricStream solution for the creation and distribution of online compliance surveys for thousands of employees to certify that MetricStream Solution demonstrated the ability to they’re complying with specific standards. The results are automatically collected and stored in a handle the customer’s specific requirements for an central repository for easy access and retrieval by top managers. ERM framework, risk terminology, consistency, rank- ing methodology and more. Audit management: MetricStream Solution will be extended to help the company adopt a risk-based MetricStream Solution ensures security of electronic approach to Corporate and Environmental audit management. The solution will enable efficient col- records, and provides time-stamped audit trails, laboration, planning, scheduling and auditing, while allowing audit findings to be reviewed, shared and role-based access controls, electronic signatures and analyzed by a team. A robust analytics and reporting capability with graphical dashboards will track password management. each audit from initiation to closure, giving managers real-time visibility. MetricStream has the ability to support large leading organizations, and meet their IT requirements in the The solution will facilitate audit and risk information sharing among peers and audit stakeholders. It areas of integration, configurability, scalability and will also enable the company to efficiently manage resources, track budgets, configure audit profiles, security. plan audits, record audit milestones and re-scope audits. It contains innovative capabilities to improve auditor performance by conducting multiple audit tasks simultaneously, collaborating on reviews, get- MetricStream offers a broad set of solutions on a ting fieldwork approvals and delegating tasks. Web-based platform with capabilities to map its of- fering to all governance, risk, compliance, and quality processes within the company. MetricStream’s solution provides key services such as workflows, configurable forms, collaboration, real-time exception tracking, email alerts and notifica- tions, integration, reports, executive dashboards, business intelligence, analytics, and secure access control. For more information, visit www.metricstream.com Copyright 2011. All Rights Reserved.