Case Study

Costa Coffee Strengthens its Compliance Initiatives Using VComply

Costa Coffee drives compliance efficiency with VComply. Rapidly scaled compliance and risk programs without adding any additional headcount.

Headquarters

Dunstable, UK

Company Size

+2400 Stores

Industry

QSR

About Organization

Costa Coffee is a British coffeehouse chain that was purchased by the Coca-Cola Company in 2019. The company has a prominent brand, operates almost 4,000 retail locations with skilled baristas, provides coffee vending services, produces coffee products for home consumption, and has a modern roastery. Given the high number of people they serve daily, Costa recognizes the significance of adhering to regulations and managing risks.

Increase in employee accountability

100%

Increase in timely task completion

85%

Reduction in  Compliance issues

80%

The Challenge

With stores across 31 countries and more than 18,400 employees, Costa struggled with its manual and siloed approach to compliance management. Each unit had its separate processes. They were using spreadsheets to manage compliance programs and maintain risk registers. This led to many duplications of efforts and made analyzing risks maintained in different registers difficult. The lack of coordination between different outlets and the use of different technologies and processes led to limited risk visibility and compliance management challenges.

Again, these files did not have proper access controls or version history, and changes can make it challenging to understand who made the changes. Without proper collaboration, the compliance and risk management teams were requested to assess the same types of risk, resulting in duplicity. Regarding evidence management, the proof was stored in different folders, making it extremely difficult for internal auditors to execute audits successfully.

The Outcome

VComply streamlined Costa’s compliance processes and helped them comply with internal and external compliance requirements. The platform helped their employees coordinate with different departments and outlets. VComply’s reporting capabilities enable compliance teams to slice and dice compliance and risk data from different units. The key reports and dashboard data helped them generate relevant information and make informed decisions. With an automated approach, teams could spend more time analyzing the compliance and risk data and help make faster and better decisions. There was no need to create controls for each framework separately; they could entrust VComply’s pre-built controls, especially SOX controls, to stakeholders and track them.