Simplifying global audit management with CoreStream GRC

Key takeaways

Wood is a global engineering and operations business with around 35,000 people across 60 countries. After a major acquisition, its assurance, action tracking and non-conformance processes were spread across around 45 different systems: 

“We found we had somewhere in the region of 45 action tracking systems. They ranged  from HTML to SharePoint to Excel spreadsheets.” 

Neil Baird, Head of Quality, Wood 

That fragmentation made global visibility harder than it needed to be. Wood needed 1 connected platform for assurance planning, operational audit, quality, technical audit, HSE audit, non-conformance tracking, action management and lessons learned. With CoreStream GRC, Wood moved from scattered systems to a single platform that gives leaders clearer visibility, stronger governance, faster reporting and a simpler user experience. 

“If I go back to 6 years ago, where I had no visibility over any of the NCRs globally, I had no visibility over the assurance plans, I had no visibility of high-risk NCs. And now, at the touch of a button, I’ve got visibility of all of it.” 

Neil Baird, Head of Quality, Wood 

This matters because spreadsheet-led assurance does not scale well in complex organizations. A commonly quoted statistic is that as many as 90% of spreadsheets contain a mistake. This underlines the risk of relying on manual tools for critical audit, assurance and control processes. 

About Wood

• Sector: engineering, project management, construction, operations, maintenance, and consultancy  
• Global footprint: around 60 countries  
• Workforce: around 35,000 people  
• Use case: operational audit, quality, engineering, technical audit, HSE auditing, non-conformance tracking, assurance planning, lessons learned  
• Starting point: around 45 action, traceability, and assurance tracking systems  
• Core need:  A connected action management and assurance platform that could simplify global processes, improve visibility and continue evolving with the business 

“We are across about 60 countries. We are in oil and gas, processing chemicals, life sciences, mining and minerals. We also offer digitalization through our consultancy businesses.” 
 
Neil Baird, Head of Quality, Wood 

Before

Fragmented systems made global assurance hard to control 

Wood was not short of audit or assurance activity. Across the business, teams were carrying out operational audits, quality checks, engineering and technical audits, HSE audits and non-conformance tracking. The problem was that this activity was spread across different systems, regions and processes, making it harder for leadership to see where the most important risks and issues were. 

“Assurance is being done in the 4 corners of the globe. Where do we have high criticality non-conformances? We actually found a high criticality NC, or what you call a major non-conformance from a certification body, that we were unaware of in 1 of our remote locations.” 
 
Neil Baird, Head of Quality, Wood 

For a global enterprise, that kind of fragmentation creates a practical governance problem. If high-risk findings, overdue actions and recurring issues are not visible in 1 place, management information becomes harder to trust. Leaders may know assurance is happening, but they cannot easily see where action is needed, where issues are escalating, or where the same problems are repeating across the organization. 

This pressure is not unique to Wood. PwC found that 71% of respondents expect digital transformation initiatives over the next 3 years to require compliance support, including cyber and data regulation support. As large organizations digitize operations, assurance visibility has to keep pace with the systems, data and processes the business now relies on.

Solution

Stage 1: Building Wood a system around how the business really worked 

The first stage of the journey was about getting the business off scattered tools and into 1 global platform. That was not just a technology project. It was a major change management exercise across regions, teams and use cases. CoreStream GRC needed to support the reality of how Wood worked at the time, while creating enough common structure to give the business better control. 

“The first thing we did was we originally designed the system as what we would call an open system. Anyone within our organization could raise something in the system.” 

Neil Baird, Head of Quality, Wood 

That flexibility mattered. The platform had to bring different teams with different processes into a single way of working, without making the transition feel impossible for users. 

The lesson from version 1: flexibility matters, but so does simplification 

The first version of Wood’s CoreStream GRC platform solved the immediate visibility challenge. It gave the business 1 place to capture assurance activity, non-conformances and actions. But over time, Wood recognized a common enterprise GRC problem: when every exception is designed into the system, flexibility can turn into complexity.  

“We find ourselves actually designing for the 1 and 2% solutions. A part of the business had a client that wanted something this way and another part wanted something designed this way. We tried to cater for all things to all people, and it became untenable and unmanageable.”

Neil Baird, Head of Quality, Wood 

That is an important lesson for any large organization reviewing GRC software. The goal is not to force every team into a rigid process. But it is also not to recreate every local variation inside the platform. The real value comes from finding the right balance between flexibility, standardization and usability. 

Stage 2: move from complex to simple and intuitive GRC software 

The second stage of Wood’s journey was a deliberate simplification program. This time, the team invested heavily upfront in process mapping, stakeholder engagement, workshops, working groups and user feedback before rebuilding the workflows. The objective was clear: keep the governance strength, but make the experience simpler for the people using the system.  

“Our mantra through the whole process was going from complex to simple, which is probably more difficult than going the opposite way.” 

Neil Baird, Head of Quality, Wood 

That focus reflects a wider truth about digital transformation. McKinsey has repeatedly linked transformation success with strong employee ownership and frontline engagement, because the people using a system every day often understand where friction, duplication and resistance will appear first. For Wood, simplification was not just a design preference. It was the route to better adoption, cleaner data, and stronger assurance. 

Change management: bring the naysayers in early 

Wood’s advice to other GRC teams is clear: involve users early, especially the skeptical ones. Resistance is not always a bad sign. Often, it shows where the system needs to work harder, where the process is unclear, or where teams have been burned by previous technology changes. 

“Engage those that are going to be using the system and engage the naysayers. Include them in your working team so they become part of the solution as opposed to being opposed to the solution.” 

Neil Baird, Head of Quality, Wood 

This is important phenomena to understand  

That approach matters because change management is often where technology projects succeed or fail.  

McKinsey found that among transformations that failed to engage line managers and frontline employees, only 3% reported success. Where line managers or frontline employees were engaged, reported success rates rose to 26% and 28% respectively. 

By bringing those voices into the process, Wood turned challenge into ownership. Users could test decisions, explain what would and would not work, and see their feedback reflected in the final design. That helped the refreshed platform land with the people who needed to use it. 

User experience: if people cannot use it, governance breaks 

The refreshed CoreStream GRC platform used a simpler, permission-based front end. Users only saw the areas relevant to their role. Notifications linked directly to the action they needed to complete. Guidance appeared inside the workflow, instead of forcing people to hunt for instructions elsewhere. The goal was fewer clicks, less confusion and easier completion. 

“All they see is 4 standard icons and they go, my actions, and they are straight into that. That’s really made a huge difference from the user interface and user experience.” 

Neil Baird, Head of Quality, Wood 

For Wood, this was not just about making the platform look better. It was about making governance easier to operate. If users cannot find what they need, actions stall, data quality drops and assurance becomes harder to trust. By simplifying the experience, Wood made it easier for people to do the right thing in the flow of work. 

Stage 3: Implementation: collaboration made the rebuild work 

Wood’s second-stage rebuild was not rushed. The enterprise team spent around 6 months mapping and redesigning the workflows to operate globally before moving into another 6 months of technology design, build, user acceptance testing, data mapping and hyper-care. 

What stands out is that this was not treated as a simple software refresh. Wood and CoreStream GRC worked closely through each stage, testing the process in real time, challenging what needed to stay, and stripping out the complexity that had built up over time. 

 “It was a very, very collaborative way of working that we had going with CoreStream GRC to get us to the solution.” 

Neil Baird, Head of Quality, Wood 

That collaboration mattered because Wood was not just changing screens. It was rebuilding the way global assurance, non-conformance tracking, lessons learned and action management worked across the business. 

Results

70% workflow reduction and almost no workflow support tickets

The refreshed workflow reduced processing steps by 70%. It also simplified the user experience so significantly that, after go-live, Wood saw almost no support tickets related to the new workflow itself. The few tickets raised were mainly linked to data mapping, not the application or process design. 

“We have basically reduced some of the processing by 70%, which is a significant reduction in our workflow. That has been very positive feedback that we’ve got from our user groups.” 

Neil Baird, Head of Quality, Wood 

That result came from the work done upfront. By mapping the process properly, removing unnecessary decision points, moving to permission-based access and building guidance into the workflow, Wood made the platform easier to use and easier to govern. 

“There has been literally no support tickets being raised… the new workflow is much simpler and people are loving it.” 

Neil Baird, Head of Quality, Wood 

Reporting: from retrospective packs to proactive governance 

Wood also simplified reporting. In version 1, the business had created too many reports, partly because it was trying to serve every possible reporting need after consolidating from 45 systems. In version 2, Wood removed a number of reports and moved toward dashboards focused on proactive governance. 

“In the true essence of simplification, what we’ve done is we’ve removed probably about 30, 40% of the reports that were being provided.” 

Neil Baird, Head of Quality, Wood 

The focus shifted from reporting for the sake of reporting to helping action owners get ahead of issues before they became overdue. That is a meaningful change. It moves assurance away from retrospective packs and toward live oversight, where teams can see what is in flight, what needs attention and where action is starting to slip. 

Governance value: overdue actions fell and management review became faster 

The impact was visible in day-to-day governance: 

“Some parts of our business were tracking on 50% overdue… we set a target of less than 10% overdue… and we’ve achieved that. We were on average hitting about 4% overdue.” 

Neil Baird, Head of Quality, Wood 

Management system review reporting also became faster: 

“That management system review report would probably take anything between 7 to 10 days. We can pull that report together in 2 days now, given that all the information is at our fingertips.” 

Neil Baird, Head of Quality, Wood 

That is where the business value becomes clear. CoreStream GRC did not just reduce administration. It helped Wood create a more reliable operating rhythm for assurance, action tracking and management reporting. 

Audit management: full visibility from audit plan to closure 

CoreStream GRC supports Wood’s audit management process across both independent group internal audit and high-volume operational audit. That includes planning, execution, reporting, action linkage, metrics and closure. 

For Wood, the value is the ability to see the full audit lifecycle in 1 place: 

• Group internal audit and operational audit supported in 1 platform  
• Audit planning, execution, reporting and action tracking connected in 1 workflow  
• Metrics tracked across audit start date, progress and duration  
• Findings linked to actions and closure evidence  
• Full visibility from audit report through to remediation  

“From 1 entry, I’ve got full visibility of the entire process, cradle to grave, which gives me confidence that the audit process is in control.” 

Neil Baird, Head of Quality, Wood 

That is what effective audit management should do. It should not just record that an audit happened. It should show what was found, what action followed, who owns it, and whether the issue has been properly closed. 

CoreStream GRC team: the people mattered as much as the platform

Technology was only part of the story. Wood has worked with CoreStream GRC for several years, with continuity from the same account manager throughout the journey. Around that relationship, the wider CoreStream GRC delivery team brought project management, development support, flexibility and practical problem-solving. 

“They were always solution focused, very flexible, can-do attitude, nothing was ever too much of a problem.” 

Neil Baird, Head of Quality, Wood 

This mindset matters in complex enterprise projects. The platform needs to flex, but so does the team behind it. During the rebuild, CoreStream GRC worked with Wood through design, build and UAT, helping the team move faster when changes were needed and keeping progress on track even when people on both sides had to step in and out. 

Community and continuous improvement 

Wood’s relationship with CoreStream GRC has also evolved through the wider customer community too: 

“We are benefiting from your wider community because when your wider community proposes an enhancement, we are the beneficiaries of that enhancement if we need to take it into our version.” 

Neil Baird, Head of Quality, Wood 

Neil also presented at a recent CoreStream GRC customer community event, sharing Wood’s UX/UI journey and the move from complexity to simplicity. For Wood, the value of the community is not just hearing product updates. It is the chance to exchange ideas with other organizations facing similar assurance, control and governance challenges. 

“The community events have really opened up the network, and enabled us to collaborate with other like-minded individuals and recognize that there’s some really great stuff going on in other companies. Also recognize that other companies face the same challenges that we do.” 

Neil Baird, Head of Quality, Wood 

Want to learn from other CoreStream GRC customers? 

Future: GRC AI enhancements to improve problem statements, lessons learned, and predictive analytics 

Wood’s work with CoreStream GRC is continuing to evolve. The next stage is focused on practical AI use cases that support better assurance, rather than adding technology for its own sake. Together, Wood and CoreStream GRC are exploring how AI can help users write stronger non-conformance problem statements, summarize lessons learned and, over time, support predictive analytics. 

“I think that AI interface will really help our users write the best problem statements that they possibly can.”

Neil Baird, Head of Quality, Wood 

For Wood, the value is not just automation. It is better-quality input at the start of the process, so the business can understand what went wrong, why it happened and what action needs to follow. That matters because weak problem statements make root cause analysis harder, slow down remediation and reduce the value of assurance data. 

Wood is also exploring how AI could make its lessons learned database easier to use. Instead of asking users to read through dozens of individual records, the goal is to help them find the strongest themes quickly and apply those lessons before similar issues repeat. 

“I just want an AI interface there to then go, I’m looking for lessons on Workshare, tell me your top 5.” 

Neil Baird, Head of Quality, Wood 

This direction reflects a broader shift in enterprise technology. PwC notes that almost half of CEOs say one of their biggest priorities over the next 3 years is integrating AI, including GenAI, into technology platforms, business processes and workflows. For audit, assurance and GRC teams, the opportunity is to use AI where it improves quality, consistency and decision-making, while keeping human judgment where it matters most.

Closing takeaway from Wood 

With CoreStream GRC, Wood did not just buy a system. It built a scalable operating model for global assurance, action tracking, audit management, lessons learned and continuous improvement. That model helped Wood move from limited visibility across scattered tools to a holistic overview that supports the business today and can keep evolving with it. 

“That single place I go to find the truth and find out where it is, and then take action where we need to take action, has been absolutely vital for us.” 

Neil Baird, Head of Quality, Wood 

For complex global enterprises, that is the real value of audit management software. A way to connect evidence, ownership, action and reporting so the business can see what is happening, act sooner and keep improving. 

Want to see how the CoreStream  GRC platform would work in your environment? 

If you manage large volumes of obligations, deal with contract change, or want effective GRC leadership reporting without inbox overload, this is the exact problem pattern CoreStream GRC can solve. 

About CoreStream GRC: the flexible, no-code solution for GRC success

CoreStream GRC is a dynamic, flexible platform that revolutionizes governance, risk, and compliance (GRC) management. Built to be scalable and intuitive, CoreStream GRC empowers organizations to design and implement their ideal GRC solution with ease, supported by a team of experts. With a user-friendly, no-code interface and customizable features, CoreStream GRC is the perfect tool for businesses that need efficiency and flexibility without the complexities of traditional software.

CoreStream GRC’s platform is trusted by global organizations such as the BBC, Deloitte, NHS, PwC Middle East, and Shell Energy, delivering real, measurable value to help companies manage their risks and compliance requirements. Want to see the GRC platform in action?

Request a demo here, or speak to our team here.