In 2018, pharmaceutical giant Novartis logged $44 billion in net
sales to 750 million customers. Novartis needs a lot of outside help
to manufacture, market, sell, and distribute its goods and
services—namely, more than 80,000 third-party vendors in 155 countries.
The scope of its multinational
operation is massive. So is the pressure from executives, shareholders
and regulators to ensure security across a huge swathe of risk areas,
according to Naveeda Mukhtar, Solution Design Lead, ServiceNow
Business Solutions at Novartis. These include human rights and worker
safety, IT security and data privacy, environmental laws, anti-bribery
safeguards and more.
Speaking at a Knowledge 2019 breakout session in Las Vegas, Mukhtar
outlined the risk management challenges facing Novartis: “How can we
unify the process for all of our risk areas? How can we follow the
same framework?” Flexibility is also crucial, she noted, as pharma
industry regulations are constantly changing.
To meet those challenges, Novartis adopted ServiceNow’s Vendor Risk
Management application in 2018. The primary strength of ServiceNow,
Mukhtar explained, is its end-to-end process framework, which has
helped eliminate fragmentation across workflows and regions while
making risk management simpler and more scalable.
It’s also a forward-looking solution, Mukhtar said. “An end-to-end
process lines us up for the future,” she told attendees. “It enables
AI automation going forward.”
For Novartis, third-party risk
management (TPRM) requires close collaboration between three core
teams: the TPRM strategic team (which acts as a governing body), the
service delivery team (which performs risk assessment and supports
implementation); and the risk functions (which monitors whether
third-party risk policies are being delivered as required).
Due to the enormous scale of Novartis’ risk-management operations,
the company started small. Novartis initially rolled out ServiceNow in
just one country, Mexico, in early 2018.
Early indicators of success, such as measurable cost reductions—the
company is not making specific cost-savings metrics public yet,
Mukhtar said—have spurred the company to expand this implementation
globally in 2019 and beyond.
That’s not to say it has been an easy road. Mukhtar notes that it
took customization (such as third-party questionnaire configuration
and vendor portal functionality) to tailor risk monitoring tools and
documentation processes for Novartis’ complex needs.
“Because we were one of the early adopters, we probably suffered
more than others will,” Mukhtar explained. “We were guinea pigs, but
overall it went very well.”
Mukhtar also shared a few recommendations for other large
organizations looking to leverage ServiceNow’s Vendor Risk Management
application on a large scale. First, project managers need to secure
senior leadership buy-in and support from the outset. Second, they
need to prepare well in advance of implementation by learning the
tool’s out-of-the-box capabilities and determining where customization
is needed. Third, they should enlist the support of the IT delivery team.
Lastly, Mukhtar said, customers need to forge a real partnership
with ServiceNow in order to provide feedback and influence their
roadmap for future product innovation.