Sox Compliance

Document Sample
Sox Compliance Powered By Docstoc
					                                                         CASE STUDY
MetricStream                                             OPTIMIZING SARBANES-OXLEY COMPLIANCE FOR BETTER
                                                         BUSINESS PERFORMANCE
                                                         A large organization that together with its subsidiaries, provides business communication solutions
                                                         to a wide range of customers - from corporate enterprises such as manufacturers, retailers, financial
                                                         institutions, utilities and healthcare organizations, to large universities and K-12 school districts, to
                                                         federal and local governments worldwide. The company has a global network of distributors, resellers,
                                                         and field sales force.

                                                         The company’s commitment to quality and excellence sets it a class apart from competition. Being
                                                         a regulated company, it strives to follow regulations and mandates including SEC regulations, SOX
                                                         compliance, and many other governance, risk, compliance, ethics, and business conduct related poli-
                                                         cies and procedures.

                                                         The company embarked on a comprehensive compliance and risk management plan to enhance
                                                         operational effectiveness across its principal subsidiaries. A close scrutiny of existing organizational
Benefits                                                 architecture, however, revealed that the company’s existing system for managing risk, controls, and
                                                         reporting had a number of limitations. With no collaboration or co-ordination between different risk-
Reduced Cost, Time, and Effort: By the virtue of the     control groups, the company managed regulatory changes in silos, focused narrowly on compliance,
SOX Stream, the MetricStream’s solution for auto-        and used compartmentalized regulatory controls. The internal control structure was not sustainable,
mating and streamlining Sarbanes-Oxley compliance        which made the implementation of changes a daunting task. Due to limited analytics and reporting
has dramatically reduced the time and effort being       capabilities, the company’s executive management struggled to obtain a comprehensive view of
spent on risk and compliance related activities.         the overall risk environment. Lack of systematized operational testing led to a significant manual
Automated information flows, assessments and test-       activity and paper-based documentation. The system lacked issue management capabilities. Issues
ing, and remediation assignments have dramatically
reduced over all compliance costs.
                                                         scenarios were tracked in a separate MS Access database, increasing its vulnerability. Moreover, the
                                                         company identified the need for an integrated platform for its global supply chain, which could encom-
                                                         pass the SCAR process and consolidate the supplier-related processes and systems.
Improved Control on the Process: The Metric-
Stream solution enforced consistent financial controls
process across the enterprise eliminating deviations     One of the senior board members explains, “We needed a solution that could serve as the center-
and errors as well as redundant activities.              piece of our SOX compliance efficiency efforts, and provide a comprehensive platform for design, test,
                                                         reporting, disclosure, and remediation of internal controls to support effective risk management.”
Increased Efficiency and Collaboration: Risk-
related controls groups are now able to carry out
team activities in a productive manner with the          Solution
collaborative environment that the MetricStream          The MetricStream solution was selected following an exhaustive competitive evaluation. Recalling
solution provides.
                                                         the selection process, the CIO of the organization comments, “We tested MetricStream, and found
Enhanced Transparency and Visibility: Comprehen-         that the solution had distinct capabilities to provide an enterprise-wide internal controls platform for
sive visibility provided by the MetricStream solution    financial and non-financial controls, with implementation focusing specifically on SOX controls.”
has lowered the risk of non-compliance, assuring
the executives of higher customer and investor
                                                         The organization wanted to entirely replace their existing risk and compliance system by mapping all
                                                         business flows to the MetricStream solution. The total timeline from project kickoff to implementation
Streamlined Change Control: The MetricStream             was less than nine weeks. The deployment steps, covered in this timeframe, included:
solution enabled integrated document management
with change control capabilities to keep documenta-      Standardizing Internal Controls: The MetricStream solution provided a central repository for all
tion and processes in sync. This significantly reduced   types of company’s control systems, including those for operational efficiency, regulatory compliance,
the amount of redo of documentation for ongoing          and financial reporting. The solution provided standardized tests for internal controls with automated
compliance.                                              scoring & reporting to ensure that internal controls were tested in a consistent manner across all
                                                         operations within the company and over time.
Improved Reporting Capabilities: The MetricStream
solution provided compliance dashboards and risk
heat maps to enable enterprise-wide visibility into      Implementing Standard Documentation: The MetricStream solution established an integrated docu-
the financial controls management and compliance         ment repository (DMS) to store documents pertaining to processes and controls across all subsidiar-
process, and highlight issues that need to be            ies. The solution also implemented a well defined review process to ensure that only people with the
addressed.                                               right authorization could update and review the documents.

                                                         Simplifying Change Management: The MetricStream solution enabled sharing of documented risks
                                                         and controls across processes - allowing them to rationalize and reduce their documented controls,
                                                         and simplify their change management process.

                                                         Automating Issue Management: The solution automated the company’s issue management process
                                                         to provide complete visibility into the entire lifecycle of issues – from identification through root cause
                                                         analysis to remediation.
                                                           Enhancing Reporting Capabilities: The MetricStream solution featured executive dashboards which
Why MetricStream                                           provided enterprise-wide visibility into the internal controls and processes, and highlighted the high-
                                                           priority cases that needed to be addressed. The solution provided complete real-time visibility into ex-
                                                           ception data with analytics for trend analysis. Reports for status tracking, scorecards and compliance
Robust Enterprise Compliance Platform, with a
broad set of functional modules. that serves as the        dashboards could be readily accessed. Flexible reports with drilldown capability provided statistics
foundation for the company’s risk management and           and data by a variety of parameters such as business units, processes, and divisions.
compliance needs
                                                           Enabling Operational Testing: The MetricStream solution established testing as an integral part of
Enhanced collaboration amongst control groups to           the enterprise-wide processes and controls. The ability to export information from reports into spread-
enable company control risk, drive business perfor-        sheets simplified the overall operational testing process. The solution easily replicated reports such as
mance, and inspire stakeholder confidence                  Program Progress and Deficiency Status that were popularly-used but manually created in Excel previ-
Standard Internal Controls and Processes that enable
setting up clear roles and accountabilities for internal
controls, including responsibility for the defining,
                                                                “We continue to be impressed with the richness of MetricStream’s SOX solution and their
documenting, testing, and monitoring of controls and
the remediating of problems                                      ability to help deploy the solution in such a short timeframe. It speaks volumes about the
                                                                        configurability and richness of their solution.” says Chief Information Officer.
Ability to configure off-the-shelf modules to adapt
to best practices and incorporate specific business
processes followed in the company
                                                           Establishing SCAR and CAPA: The MetricStream solution provided a comprehensive SCAR and
Powerful reporting for audit data analysis as well as      CAPA solution that enabled the company to streamline quality management processes across their
risk reporting                                             supply chain. Based on the industry standard 8D methodology, the solution supported identification,
                                                           evaluation, segregation and disposition of non-conforming material as well as case investigation,
Low Total Cost of Ownership
                                                           tracking, and remediation.

                                                           Leveraging Compliance Online: The organization leveraged the tremendous value offered by the Met-
                                                           ricStream’s The company was able to use the portal to effectively implement
                                                           and adopt compliance programs through online training, alerts, vertical search, discussion forums,
                                                           and best practices library services. As the CIO further states, “The flexibility and richness of the
                                                           MetricStream solution including integration with ComplianceOnline were the key reasons for choosing
                                                           MetricStream. We are happy with our selection and initial results.”

For more information, visit

Copyright 2011. All Rights Reserved.

Description: Case Study - MetricStream provided a large organization with enterprise-wide internal controls platform for financial and non-financial controls, with implementation focusing on SOX controls.