×
Case Study

Leading International Energy Services Company Improves Resilience With Faster, Better Visibility Into Risks

An energy services giant with millions of customers and tens of thousands of employees was faced with a growing range of risks—including regulatory pressures, geopolitical shifts like Brexit, climate change, and potential cyberattacks.

The company was keen to improve its risk preparedness by giving first-line leaders a more holistic view of their risks, while also automating risk aggregation at the corporate level. The other objective was to enable a faster, more agile approach to internal auditing, as well as second-line compliance and ethics assurance. MetricStream ticked all these boxes. Its products, built on the MetricStream Platform and running on the Amazon Web Services (AWS) Cloud, empowered stakeholders at both the business unit level and the corporate level with real-time intelligence on the top risks and issues, including the status of mitigation action. It also streamlined and automated internal auditing and compliance assurance processes, thus enhancing operational efficiency.

The Quest for an Effective Solution

Risk management had always been fundamental to the company’s governance practices. But as the scope, complexity, and interconnectedness of risks grew, the limitations of existing risk management processes became evident. For instance, risk assessments—although clearly defined—weren’t always consistent across business units. Nor were they linked to risks and objectives at the corporate level. This hampered risk visibility.

Meanwhile, the process of compiling risk registers and reports was becoming more laborious and resource intensive since most of the data was scattered across spreadsheets and presentations. To top things off, risk mitigation actions weren’t always formally defined and tracked, making it difficult for the organization to ascertain its true risk posture.

Internal auditors and second-line assurance functions had their own set of challenges. Legacy tools were slowing down efficiency and limiting the adoption of agile-based audit methodologies. Processes like audit planning, resource allocation, and reporting had to be managed manually through spreadsheets. Even action management with auditees was coordinated manually via emails. This left little time for auditors to do anything else. At a larger level, regulations across the UK and globally were becoming more rigorous. Cost pressures in the company were also escalating. All these challenges prompted the company to upgrade to a more robust tool for risk, compliance, and audit management.

MetricStream emerged as the solution of choice. With the MetricStream Platform and products, the company was able to strengthen risk visibility, preparedness, and response. Audit and compliance efficiency also improved, enabling teams to provide assurance faster and more effectively. Furthermore, running on the AWS Cloud delivered scalability and security.

Optimized Risk Assessments

Today, frontline teams are using MetricStream to efficiently plan, schedule, and perform over 100 risk assessments. The platform has standardized assessments across business units, so that risks can be communicated and reported in a more consistent manner. It has also reduced the cycle time and costs of risk management processes by streamlining and automating workflows.

Intelligent risk libraries provide a common integrated risk taxonomy that makes it easy for users to understand how various risks are connected to each other, as well as to assets, business units, objectives, and other elements.

Tailored heat maps and risk registers give front-line leaders a real-time view of the risks, issues, and status of mitigation actions in their business units. This helps them stay on top of things, and proactively address both risks and opportunities as they arise.

Today, the platform is used by almost 400 people in the company. Its easy-to-use features and intuitive interfaces have simplified adoption even among infrequent front-line risk assessors and action owners.

Challenge

  • Inconsistencies in risk assessments.
  • Lack of integration between frontline risks and corporate level risks/ objectives.
  • Siloed, manual, and resource-intensive processes to manage risks and assurance.
  • Outdated assurance tools that didn’t support agile auditing.

Business Value Realized

  • Faster, more consistent risk processes thanks to workflow automation and standardization
  • A holistic view of risks at both the business unit level and corporate level
  • Streamlined audit cycles aligned with agile methodologies
  • More informed decision-making with real-time risk and audit intelligence

Higher Productivity in Assurance Functions

MetricStream enables the internal audit team to apply an agile methodology across the various types of audits, including standard audits, project risk reviews, functional assurance reviews (evaluation of second-line maturity and effectiveness), and financial control assurance reviews.

The entire audit lifecycle—right from audit planning and resource management, to workpaper management and reporting—is managed in a single, unified system instead of multiple spreadsheets. Workflow automation has accelerated auditing and saved resources. Assurance teams have more time to explore audit findings, uncover valuable intelligence, and guide leadership teams on how to best improve the organization’s risk and compliance posture.

Any issues that are found during the audit or assurance process are systematically investigated and remediated on the MetricStream Platform. Through the platform, assurance teams can directly collaborate with issue owners to define action plans and track them right up to closure. They can also swiftly pull together data on audit findings and actions to generate draft and final audit reports.

Greater Risk Awareness

With MetricStream, risk findings are automatically consolidated and rolled up from the business unit level to the corporate level, giving stakeholders a unified, 360-degree view of the top risks. Internal audits and compliance assurance reviews are also linked to risk findings to provide richer intelligence.

Through interactive dashboards and reports, leadership teams can slice and dice the data to identify key areas of concern. They can also understand the dependencies between risks, business objectives, and mitigation strategies. Predictive risk metrics deliver forward-looking risk visibility to proactively anticipate and prevent adverse risk incidents.

With these capabilities, the company is able to make stronger and quicker decisions that build business resilience. They can also foster confidence with customers and regulators by demonstrating a strong risk governance and assurance program.

lets-talk-img

Ready to get started?

Speak to our GRC experts Let’s talk