Solutions

  • Products
  • Use Cases
  • Industries
  • WHITE PAPER
  • HR and IT better together
  • Boost productivity and attract quality talent with great employee experiences.
  • EBOOK
  • 5 steps to transformation
  • A proactive, connected client experience is essential for financial services.

Platform

  • ANALYST REPORT
  • The value of digital workflows
  • Get apps to market in half the time at a third of cost with higher satisfaction.

Customers

  • SUCCESS NAVIGATOR
  • Your prescription for success
  • Accelerate outcomes with a step-by-step action plan of proven best practices.

Explore

  • VALUE CALCULATOR
  • Live up to your potential
  • Determine the untapped value across your entire business in just 60 seconds.

How ServiceNow Uses GRC to Reduce 66% of our SOX Administrative Burden


Corporate Governance, Risk, and Compliance (GRC) are disciplines that touch many areas of a business, from financial reporting and regulatory controls to data privacy and vendor management. While GRC activities typically take place behind the scenes, a compliance issue can become front page news in an instant. Manual processes alone are not an effective way to ensure compliance or manage risk exposure. Given the pace of business today, process automation, real-time analytics and self-service must be brought into the mix. ServiceNow uses its Governance, Risk, and Compliance portfolio—built on the Now Platform ® —to manage a wide array of compliance activities such as Sarbanes-Oxley (SOX), cyber security, data privacy, and audit management. To illustrate this, let’s take a closer look at how we manage SOX compliance.

In the past at ServiceNow, all SOX compliance activities—data gathering, documentation, communication, and reporting—were done manually with spreadsheets, PowerPoint, and email. This was time-consuming and inefficient, and there was always the risk of something slipping through the cracks. Senior Director of Internal Audit, Andrew Wheatley, and Director of IT Audit, Hassan Javed, led the move to an automated solution. Today, ServiceNow ® Governance, Risk, and Compliance helps the entire process with these key capabilities:

  • Continuous controls monitoring and automated evidence collection for efficiency and scale
  • Automated self-service workflows with easy-to-use interfaces to enable business owners to participate in and help drive the compliance process
  • Performance Analytics dashboards to track audit activities, monitor enterprise compliance, and provide real-time insights and up-to-date reports on the status of the security landscape
  • Automatic management of 110 corporate policies in GRC, and communication and consumption by the enterprise through our service portal

The following metrics demonstrate the value of automating SOX compliance with ServiceNow Governance, Risk, and Compliance:

  • 24X7 assurance through continuous monitoring and event-based alerts to trigger timely action
  • A 66% reduction in quarterly control certification through automated surveys and real-time monitoring
  • An 85% reduction in time to track status due to real-time reporting and dashboards, along with a 90% reduction in time to coordinate with external auditors
  • $500,000 in annual savings through continuous controls monitoring, automated workflows and real-time dashboards (see screenshot)

In addition, the solution addresses three key strategic priorities:

  • Improved Business Velocity – Monitor controls continuously with automated evidence collection that helps accelerate the compliance process and keeps the SOX team on schedule.
  • Better Visibility and Insight – Performance Analytics dashboards and reports provide real-time visibility into compliance activities, giving the audit team, external auditors, and management instant access to program status and data. Dashboards also provide a means for the audit team to identify, prioritize, and address gaps and areas of risk before they can impact the program.
  • Enhanced Experience – Automated self-service workflows and response activities (task and issue management) make things considerably easier for the SOX team, allowing them to be proactive rather than reactive, and freeing them up to focus on high-value audit activities rather than repetitive and administrative tasks. Self-service dashboards and easy-to-use interfaces enable the business to play their part in SOX compliance.

Given the ever-changing regulatory landscape, the need for automated GRC solutions will only continue to grow within ServiceNow. Our Cloud Infrastructure team, which manages the ServiceNow instances for our customers, uses ServiceNow Governance, Risk, and Compliance to ensure ongoing compliance with security certifications, government regulations, and international standards, such as ISO 27001, FedRAMP, and SSAE 16. Increasing partner ecosystems and access to corporate networks present their own unique issues and risks, which our recently introduced Vendor Risk Management application is designed to address.

I look forward to sharing more Now on Now stories that show how we’re leveraging the power and versatility of the Now Platform.

Topics

Featured

  • Implementing agile IT service management on a cutting-edge platform
    10-16-2019 ServiceNow customer, Danske Bank, adopted a strategic approach in their service management team. As the largest bank in Denmark and a major retail bank in the Nordics region, they serve 3.5 million retail customers. They have seen tangible evidence of the positive impact of digital workflows and the seamless experiences.
  • Always Be Closing finance
    Service Delivery and Management
    Delivering great service to employees is the first step to improving employee experience
    10-14-2019 The primary audience for HR technology has shifted. It’s no longer HR. They are secondary. Employees are now the primary audience. And while the latest cloud HCM systems can help transform an organization’s HR operations, if you want to improve the employee experience, taking an employee-focused approach to service delivery is the best place to start.
  • At the Tech Lounge, the human touch makes all the difference
    10-11-2019 Director of IT Service Management Mirza Baig and his IT team created the walkup Tech Lounge- a space where employees get personalized attention on complex tech issues. As ServiceNow works on automating many common requests and providing easy to find, self-service options, the IT Support technicians have more time to focus on the tough cases.
  • Strategy
    Lessons from a Top CIO
    10-11-2019 How does a seasoned CIO lead a digital transformation? She makes friends. Great ideas aren’t enough for a CIO to succeed in leading a digital transformation, says Teri Takai, the former CIO of the U.S. Department of Defense, the states of California and Michigan, as well as Meridian Health Plan. In her 40+ year career, she has had to build consensus, prioritize projects that would advance the organization’s overall goals, communicate often, and practice a lot of patience. Read more tips from Takai on WorkflowQuarterly.com, as well as other CIOs, or watch the embedded video.

Trends & Research

How to please customers at scale
Why employee service delivery matters
How to identify your company’s secret influencers

Year