Solutions

  • Products
  • Use Cases
  • Industries
  • WHITE PAPER
  • HR and IT better together
  • Boost productivity and attract quality talent with great employee experiences.
  • EBOOK
  • 5 steps to transformation
  • A proactive, connected client experience is essential for financial services.

Platform

  • ANALYST REPORT
  • The value of digital workflows
  • Get apps to market in half the time at a third of cost with higher satisfaction.

Customers

  • SUCCESS NAVIGATOR
  • Your prescription for success
  • Accelerate outcomes with a step-by-step action plan of proven best practices.

Explore

  • VALUE CALCULATOR
  • Live up to your potential
  • Determine the untapped value across your entire business in just 60 seconds.

How Denver replaced spreadsheets with Vendor Risk Management


County and City of Denver

In 2018, if you were a third-party vendor looking to provide products or services to the city and county of Denver, officials there had a few questions—more than 300, in fact.

To assess vendor risk exposure, the city had long required applicants to fill out a 60-page questionnaire, which was then reviewed by the agency soliciting services, the information security team, and the purchasing department. The process could take six to eight weeks to complete. 

Team members tracked their evaluations on simple spreadsheets that lacked clear or consistent risk scoring.  Vendors were often confused by the process, leading to protracted email exchanges. And regardless of the scale of services proposed, the process was one-size-fits all. “We said, ‘this is a mess,’” recalled Julie Sutton, Denver’s information security manager, at a breakout session at Knowledge 2019. “We have to have a new process.”

For Sutton, the new process had four requirements: It needed to be clear, easy to review, flexible, and customizable. ServiceNow’s Vendor Risk Management, as it turned out, met those needs. Using the Now platform, Sutton and her 12-person security team were able to transform the city’s risk-assessment process within four months.

Process overhaul
In the fall of 2018, Sutton and her team started putting the massive vendor questionnaire under the microscope. They eliminated 173 security questions that were too hard to score consistently. Next they ditched spreadsheets and PDFs and replaced them with a single, easy-to-navigate portal for the entire process.

The portal went live to vendors in January 2019—without a beta test. Sutton wasn’t sure it was user-ready, but the old process was so broken that she rolled the dice. “I don’t always know the answers before I start, but I’m not going to wait until I know,” Sutton explained. “I just decided to push the button and see what happened.”

Here’s what happened: Vendors no longer rely on email. All communication, both externally with vendors and internally with city and county officials, makes use of the portal. All security reviews are automatically scored and graded. For decision makers, documentation is clear and traceable. And vendors are easily set up for future review, which is required annually. Best of all for the internal groups that work with Julie’s team, their experience didn’t change.  They don’t even know they’re using Vendor Risk Management; they just know it works better.

Lessons from the launch
That said, the rapid rollout was not without hiccups. But even those left Sutton with some valuable takeaways. First, make sure vendors can only see what you want them to see, not internal scoring or communications. (As Sutton recalled, they learned that one the hard way. ) Second, build a process into the portal for vendors to report errors. And finally, not all out-of-the-box notifications are necessary.

The results have been dramatic. Vendor screening processes that once took six to eight weeks are now completed in one to three weeks. The visibility provided by Vendor Risk Management means there is no single point of failure. And the number of emails from vendors also declined, which Sutton says had a big impact on her team’s productivity.

Topics

Featured

  • Always Be Closing finance
    Service Delivery and Management
    Delivering great service to employees is the first step to improving employee experience
    10-14-2019 The primary audience for HR technology has shifted. It’s no longer HR. They are secondary. Employees are now the primary audience. And while the latest cloud HCM systems can help transform an organization’s HR operations, if you want to improve the employee experience, taking an employee-focused approach to service delivery is the best place to start.
  • At the Tech Lounge, the human touch makes all the difference
    10-11-2019 Director of IT Service Management Mirza Baig and his IT team created the walkup Tech Lounge- a space where employees get personalized attention on complex tech issues. As ServiceNow works on automating many common requests and providing easy to find, self-service options, the IT Support technicians have more time to focus on the tough cases.
  • Strategy
    Lessons from a Top CIO
    10-11-2019 How does a seasoned CIO lead a digital transformation? She makes friends. Great ideas aren’t enough for a CIO to succeed in leading a digital transformation, says Teri Takai, the former CIO of the U.S. Department of Defense, the states of California and Michigan, as well as Meridian Health Plan. In her 40+ year career, she has had to build consensus, prioritize projects that would advance the organization’s overall goals, communicate often, and practice a lot of patience. Read more tips from Takai on WorkflowQuarterly.com, as well as other CIOs, or watch the embedded video.
  • Digital Workflows
    ServiceNow New York release paves the way to a native mobile-optimized future
    10-03-2019 Until now, users have been pretty much okay with mobile app functionalities that have been ported over from their desktop versions, such as “pinch-and-zoom.” However, such experiences won’t endure because of their essentially non-native level of mobile optimization. This changing tide is why our ServiceNow New York release extends new desktop and native mobile capabilities across the workplace at scale.

Trends & Research

How to please customers at scale
Why employee service delivery matters
How to identify your company’s secret influencers

Year