Wickes replaces spreadsheets with smarter controls management: CoreStream GRC success story

About Wickes

Wickes is a leading UK home improvement retailer with more than 230 stores nationwide. The business wants customers to create better homes and spaces and offers trusted products, advice and services for DIY and trade projects alike. 

Established: 1972 
Industry: Retail /Home Improvement  
Stores: 230+ across the UK 
Employees: 8,000+ 

The challenge

Wickes faced a common GRC problem: no visibility and no assurance 

When Ryan Lee, Heads of Controls at Wickes, joined the company in September 2024, Wickes operated over 150-200 risks and controls all in a single spreadsheet. There was no live system to monitor performance, gather evidence or report status.

“There was no ​efficient way​ to check the finance teams were performing their controls as described.​​”

 Ryan Lee, Heads of Controls at Wickes

In practice, that looked like ad hoc​ meetings​​ and​ manual ​follow ups​​ via email. Critical assurance data ​was manually collected at regular points in time​​ but​the business lacked a clear, real-time view of control performance or effectiveness. 

The search

Why Wickes needed a purpose-built controls management solution 

Within Ryan’s first two weeks, finding a system became one of his top priorities, right after building the team. The business case was simple: save time, increase assurance, scale across the business, and meet security standards.  

The Wickes team came together and defined their priorities for their controls management solution, which included: 

• Automated workflows for evidence and approvals 

• A standard, enforced template for risks and controls 

• Role-based access so users only see what they need 

• Dashboards and scheduled reports to remove manual effort 

• A user interface that non-specialists will adopt 

• Security and privacy requirements that aligned with IT and InfoSec 

“If you’re facilitating a company-wide process, an over-arching system is a no-brainer versus Excel and email.”  

 Ryan Lee, Heads of Controls at Wickes

The selection

Why CoreStream GRC was the right Controls Management solution for Wickes

A long list of 7-8 vendors became a short list of 2-3 with full demos. Ryan already knew the market and had seen CoreStream GRC at his previous company. 

He said when it came to CoreStream GRC, three things shined through immediately, not just for him but the wider team too: 

1. User experience 

It is clean, intuitive and easy for anyone to use. 

“The user-friendliness of the system, the way it’s laid out, the way it looks; the aesthetics, the simplicity of the design, all of that really stood out.” 

 Ryan Lee, Heads of Controls at Wickes

2. Configurable power 

The flexibility from first configuration. You can tailor CoreStream GRC to fit how your teams already work. If your process changes later, you can adjust the setup without starting over or buying a new tool. 

“CoreStream GRC is not really out-of-the-box. It’s more like Lego bricks: what would you like to build, and how? That flexibility was attractive because we didn’t want to be fixed to a particular way of working.” 

 Ryan Lee, Heads of Controls at Wickes

3. Cultural fit  

A genuine partnership approach felt right for Wickes. 

“The friendliness of the people mattered. Some competitors ​used​ ​aggressive ​sales tactics ​or​ were​ overly formal; fine for some maybe, but not for us. We liked CoreStream GRC’s more laid-back, non-pressured approach.” 

 Ryan Lee, Heads of Controls at Wickes

For Ryan and the Wickes team, it wasn’t just about picking a system but choosing a partner who understood how to embed governance in a growing, fast-moving retail business. 

“We wanted to work with a team that was responsive, collaborative, and easy to deal with”.

“CoreStream GRC’s people matched that perfectly from the first conversation.” 

 Ryan Lee, Heads of Controls at Wickes

​​​​​The implementation

4 months of design, collaboration and customization to build a system that truly works for Wickes  

Once Wickes chose CoreStream GRC, the focus shifted to implementation; bringing the new system to life in a way that worked for the business. The project began in January, with a clear goal: replace spreadsheets with a secure, intuitive ​Risk ​and Controls ​Management solution that would set a new standard for consistency and assurance. 

Ryan and his controls team worked closely with CoreStream GRC’s solution design experts to configure the platform step by step. Each stage focused on translating Wickes’ existing control processes into automated workflows, with clear templates for documentation, evidence uploads and reporting. The team also introduced access permissions to ensure every user, from control owner to executive could see exactly what they needed and nothing more. 

“We configured a lot, but CoreStream GRC were responsive and helpful.

The bulk of the implementation to go-live was about 4 months.” 

 Ryan Lee, Heads of Controls at Wickes

Collaboration was central to success. Weekly check-ins helped the Wickes and CoreStream GRC teams refine details in real time, testing and reviewing each build phase before moving forward.  

During one session, a PwC advisor who had helped design Wickes’ financial control framework in 2023 joined to review progress and discovered he had previously worked with CoreStream GRC’s Head of Client Solution Design. The reconnection was a full-circle moment that highlighted how CoreStream GRC’s community and experts work seamlessly together to deliver results. 

Configuration continues to evolve as Wickes switches on self-assessments and controls testing. That’s by design: move in phases, prove value, then expand. 

By April, Wickes had gone live. But as Ryan noted, that was just the beginning;

“Even after go-live, we’re still learning and adding new elements to the process. ​When we started ​controls testing, ​we found ​configuration ​tweaks ​w​e​ ​want​ed​ to make, and CoreStream GRC made​​ ​that easy to do.”

This phased, iterative approach was intentional. Rather than overloading the business with too much change at once, Wickes chose to start with core controls, prove the system’s value, and then expand into self-assessments, testing, and risk integration over time. This was ​easy ​to do ​due to CoreStream GRC’s solution-by-solution build. 

“Trying to do too much at once rarely works. It’s better to chunk the deliverables, show results, and build momentum from there.” 

 Ryan Lee, Heads of Controls at Wickes

Want to see Controls Management in action?

The results

Effective compliance, clear assurance and full visibility with CoreStream GRC.

Just six months after going live, Wickes had achieved measurable improvements across control performance, reporting, and assurance.

​​“​​​Since launch, we have generated almost 500 tasks for control performers and owners to complete, and on ​average​, ​​9​5​​% ​have completed their tasks on time, with the remaining 5% followed up the old-fashioned way.​ We ​have ​never had that ​level of ​assurance before​.” ​

 Ryan Lee, Heads of Controls at Wickes

Before CoreStream GRC, the​ controls team had ​to manually chase control performers​​ to verify whether controls were actually being performed. Now, every control performer logs completion directly in the platform and uploads supporting evidence, giving Wickes its first complete, real-time picture of assurance. 

How the Wickes controls process works in practice using CoreStream GRC

Around 30-40 control performers use the system regularly. Training them has been quick, with sessions that take less than an hour. Users describe the process as simple and intuitive. The automation built into CoreStream GRC means reminders go out automatically and evidence is stored securely in one place, cutting out the manual chases and version control issues that came with spreadsheets. 

Reporting has also become faster and more accurate. Dashboards now give performers, control owners and leadership an at-a-glance view of progress, with the ability to drill down into individual controls or evidence as needed. 

How CoreStream GRC’s automation has ​created efficiencies within the Wickes controls team 

​​​Ryan​​ estimates he personally saves at least a few days a month, roughly half a day per week, previously spent on chasing ​control performance, open actions ​and compiling status​ reports​. 

“​Automation is the win. ​It’s simple to view a live dashboard or to run a report, either on demand or scheduled for a future recurring date, that saves time.” 

What’s materially better 

• ​​Clear assurance and confidence in the controls program​​​ 

• A secure, central source of truth for risks, controls and evidence 

• Automated reminders and workflows replace manual chasing 

• Standardized fields improve data quality and consistency 

• Role-based views keep users focused on what matters 

• Dashboards unlock instant visibility and drill-down 

CoreStream GRC solution highlights for Wickes’ control transformation 

• Controls Management with enforced templates, evidence capture, and approvals 

• Role-based access for clean segregation and targeted visibility 

• Dashboards and scheduled reports for leadership insight without manual effort 

• Scalable configuration for self-assessments and controls testing 

• Security alignment with IT and InfoSec requirements 

“We’re already a long way from where we were. Now we have ​more ​data, ​more ​evidence, and a repeatable process.” 

 Ryan Lee, Heads of Controls at Wickes

Looking ahead

Moving into truly integrated governance, risk and compliance with a partner they can trust 

The first phase of Wickes’ GRC journey focused on getting the core controls system up and running. That foundation is now in place, and the next steps are already underway. 

A newly appointed ​Director of Audit & Risk and ​Risk Manager​ are shaping how the live Enterprise Risk Management (ERM) will fit into their way of working, while plans for Internal Audit will follow as the in-house team grows. Senior executives are also set to receive personali​zed monthly dashboards showing the health of the controls they oversee, giving leadership a clear, data-driven view of assurance across the business.

Final summary 

Head of Control’s advice for fellow GRC professionals  

• Match the tool to your maturity and culture 

• Prioritize usability to drive real adoption 

• Decide where you want to sit between out-of-the-box and configurable 

• Start focused, prove value, then scale 

“If you want simpl​icity​, ​flexibility​​​ and eas​e of use, CoreStream GRC is a very good option.” 

 Ryan Lee, Heads of Controls at Wickes

Join the community 

Meet peers like Ryan Lee at our next CoreStream GRC community session.

FAQ on the CoreStream GRC Wickes Partnership