1. CASE STUDY
MetricStream OPTIMIZING SARBANES-OXLEY COMPLIANCE FOR BETTER
BUSINESS PERFORMANCE
Overview
A large organization that together with its subsidiaries, provides business communication solutions
to a wide range of customers - from corporate enterprises such as manufacturers, retailers, financial
institutions, utilities and healthcare organizations, to large universities and K-12 school districts, to
federal and local governments worldwide. The company has a global network of distributors, resellers,
and field sales force.
The company’s commitment to quality and excellence sets it a class apart from competition. Being
a regulated company, it strives to follow regulations and mandates including SEC regulations, SOX
compliance, and many other governance, risk, compliance, ethics, and business conduct related poli-
cies and procedures.
Challenge
The company embarked on a comprehensive compliance and risk management plan to enhance
operational effectiveness across its principal subsidiaries. A close scrutiny of existing organizational
Benefits architecture, however, revealed that the company’s existing system for managing risk, controls, and
reporting had a number of limitations. With no collaboration or co-ordination between different risk-
Reduced Cost, Time, and Effort: By the virtue of the control groups, the company managed regulatory changes in silos, focused narrowly on compliance,
SOX Stream, the MetricStream’s solution for auto- and used compartmentalized regulatory controls. The internal control structure was not sustainable,
mating and streamlining Sarbanes-Oxley compliance which made the implementation of changes a daunting task. Due to limited analytics and reporting
has dramatically reduced the time and effort being capabilities, the company’s executive management struggled to obtain a comprehensive view of
spent on risk and compliance related activities. the overall risk environment. Lack of systematized operational testing led to a significant manual
Automated information flows, assessments and test- activity and paper-based documentation. The system lacked issue management capabilities. Issues
ing, and remediation assignments have dramatically
reduced over all compliance costs.
scenarios were tracked in a separate MS Access database, increasing its vulnerability. Moreover, the
company identified the need for an integrated platform for its global supply chain, which could encom-
pass the SCAR process and consolidate the supplier-related processes and systems.
Improved Control on the Process: The Metric-
Stream solution enforced consistent financial controls
process across the enterprise eliminating deviations One of the senior board members explains, “We needed a solution that could serve as the center-
and errors as well as redundant activities. piece of our SOX compliance efficiency efforts, and provide a comprehensive platform for design, test,
reporting, disclosure, and remediation of internal controls to support effective risk management.”
Increased Efficiency and Collaboration: Risk-
related controls groups are now able to carry out
team activities in a productive manner with the Solution
collaborative environment that the MetricStream The MetricStream solution was selected following an exhaustive competitive evaluation. Recalling
solution provides.
the selection process, the CIO of the organization comments, “We tested MetricStream, and found
Enhanced Transparency and Visibility: Comprehen- that the solution had distinct capabilities to provide an enterprise-wide internal controls platform for
sive visibility provided by the MetricStream solution financial and non-financial controls, with implementation focusing specifically on SOX controls.”
has lowered the risk of non-compliance, assuring
the executives of higher customer and investor
The organization wanted to entirely replace their existing risk and compliance system by mapping all
confidence.
business flows to the MetricStream solution. The total timeline from project kickoff to implementation
Streamlined Change Control: The MetricStream was less than nine weeks. The deployment steps, covered in this timeframe, included:
solution enabled integrated document management
with change control capabilities to keep documenta- Standardizing Internal Controls: The MetricStream solution provided a central repository for all
tion and processes in sync. This significantly reduced types of company’s control systems, including those for operational efficiency, regulatory compliance,
the amount of redo of documentation for ongoing and financial reporting. The solution provided standardized tests for internal controls with automated
compliance. scoring & reporting to ensure that internal controls were tested in a consistent manner across all
operations within the company and over time.
Improved Reporting Capabilities: The MetricStream
solution provided compliance dashboards and risk
heat maps to enable enterprise-wide visibility into Implementing Standard Documentation: The MetricStream solution established an integrated docu-
the financial controls management and compliance ment repository (DMS) to store documents pertaining to processes and controls across all subsidiar-
process, and highlight issues that need to be ies. The solution also implemented a well defined review process to ensure that only people with the
addressed. right authorization could update and review the documents.
Simplifying Change Management: The MetricStream solution enabled sharing of documented risks
and controls across processes - allowing them to rationalize and reduce their documented controls,
and simplify their change management process.
Automating Issue Management: The solution automated the company’s issue management process
to provide complete visibility into the entire lifecycle of issues – from identification through root cause
analysis to remediation.
2. MetricStream
Enhancing Reporting Capabilities: The MetricStream solution featured executive dashboards which
Why MetricStream provided enterprise-wide visibility into the internal controls and processes, and highlighted the high-
priority cases that needed to be addressed. The solution provided complete real-time visibility into ex-
ception data with analytics for trend analysis. Reports for status tracking, scorecards and compliance
Robust Enterprise Compliance Platform, with a
broad set of functional modules. that serves as the dashboards could be readily accessed. Flexible reports with drilldown capability provided statistics
foundation for the company’s risk management and and data by a variety of parameters such as business units, processes, and divisions.
compliance needs
Enabling Operational Testing: The MetricStream solution established testing as an integral part of
Enhanced collaboration amongst control groups to the enterprise-wide processes and controls. The ability to export information from reports into spread-
enable company control risk, drive business perfor- sheets simplified the overall operational testing process. The solution easily replicated reports such as
mance, and inspire stakeholder confidence Program Progress and Deficiency Status that were popularly-used but manually created in Excel previ-
ously.
Standard Internal Controls and Processes that enable
setting up clear roles and accountabilities for internal
controls, including responsibility for the defining,
“We continue to be impressed with the richness of MetricStream’s SOX solution and their
documenting, testing, and monitoring of controls and
the remediating of problems ability to help deploy the solution in such a short timeframe. It speaks volumes about the
configurability and richness of their solution.” says Chief Information Officer.
Ability to configure off-the-shelf modules to adapt
to best practices and incorporate specific business
processes followed in the company
Establishing SCAR and CAPA: The MetricStream solution provided a comprehensive SCAR and
Powerful reporting for audit data analysis as well as CAPA solution that enabled the company to streamline quality management processes across their
risk reporting supply chain. Based on the industry standard 8D methodology, the solution supported identification,
evaluation, segregation and disposition of non-conforming material as well as case investigation,
Low Total Cost of Ownership
tracking, and remediation.
Leveraging Compliance Online: The organization leveraged the tremendous value offered by the Met-
ricStream’s ComplianceOnline.com. The company was able to use the portal to effectively implement
and adopt compliance programs through online training, alerts, vertical search, discussion forums,
and best practices library services. As the CIO further states, “The flexibility and richness of the
MetricStream solution including integration with ComplianceOnline were the key reasons for choosing
MetricStream. We are happy with our selection and initial results.”
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.