Organizations, especially those operating in heavily regulated industries, find it tedious to abide by specific regulations, standards, frameworks and audit guidelines from authoritative sources.
This time consuming challenge of staying compliant can be addressed by automating business critical processes of measuring and managing adherence to legislative policies. It’s imperative that these process controls are aligned to organizational risks and corporate policies.
ServiceNow GRC is an application that leverages process, risk, and policy alignment to automate the audit process by: managing controls, assigning control testing tasks, managing evidence collection, and assigning remediation activities.
With ServiceNow, you can free your bandwidth, as you automate control testing for your organization. Here are 5 ways you can automate:
Identifying and creating key risk control indicators is an integral part of continuous monitoring. Indicators collect data to monitor controls and risks, and collect audit evidence. With indicator templates, you can also create multiple indicators for similar controls or risks.
You can also create a GRC indicator template by navigating to indicator templates.
Indicator results can be gathered manually using task assignment or automatically using basic filter conditions, Performance Analytics, or a script. These are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.
Policy and Compliance Management content can be linked to Performance Analytics indicators, breakdowns and thresholds. The risks and controls associated with a PA indicator or PA indicator/breakdown automatically monitor the PA threshold with the same relationship. Any PA threshold breach is reported at the risk or control and Performance Analytics indicators relationship level within a breach counter.
Associate Performance Analytics indicators with policy statements and controls enable you to view scorecards and trends, and analyze current conditions and trends.
The information in the CMDB may need to be checked for accuracy and certified. This validation of CMDB data can be managed by defining what information should be verified and the verification schedule. Based on the schedule, tasks can be automatically created and assigned. The schedule generates a checklist for verifying the data. Individuals assigned to certification tasks answer questions to verify the data.
A Certification Audit Instance is a single execution of a collection of certification schedules that can be run at once.
The data certification overview module provides different gauges for reporting. Clicking on any of the colored bars in the bar (see Figure) leads to a detailed information page.
Instead of the legacy surveys, you can send out customer questionnaires called Assessments that can be generated on demand or on schedule and sent to a defined set of users.
Trigger conditions enable you to send Assessments automatically when certain actions occur, and properties enable the customization of assessment appearance. Users receiving the Assessment can easily view and complete assessments in “My Assessments & Surveys.”
Scorecards and Bubble charts provide an enhanced way to view assessment results (see Figure). Assessments can be exported and imported as XML files.
Attestations are surveys administered to users and groups to evaluate compliance to a control or policy. These are sent when the control test definition is executed, either manually or on a schedule.
Attestations are defined in the Control Test Definition form as part of the evidence gathering phase. The administrator creates the questions, data types, and distribution lists to suit the control.
ServiceNow prepares printable scorecards for GRC attestations. Users can examine ratings over time, and compare question ratings (see Figure). All ratings are averages for the time range selected. The system dynamically updates a scorecard each time you view it, so the ratings reflect recently completed attestations.
With rising internal and external threats to your organization’s security, you must have a solid GRC program in place. Through an efficient implementation of ServiceNow GRC, you can build that solid program. The power of ServiceNow GRC lies in the ability to integrate GRC with Service Management, and giving you the capability to automate evidence collection.
INRY has implemented multiple ServiceNow GRC deployments to a range of industries including: manufacturing & food manufacturing, insurance, audit, service, retail, and state government.
We can help you harness ServiceNow GRC to:
Schedule a free consultation with us now to explore how you can streamline compliance in your organization.
Please enter your email address below to get INRY Insights delivered to your inbox.
Related Insights
We bring the power of ServiceNow and deliver value to our clients through a consultative approach.
Get INRY to help your organization achieve your goals with our in-depth expertise and a methodology focused on incremental delivery of tangible value.
© 2020. All rights reserved. All product names and registered trademarks are property of their owners.