Trianz was approached by a client that was looking to streamline its auditing processes. It had already identified ServiceNow GRC as a suitable candidate and needed assistance in implementing, configuring and launching the solution on its IT network.
The client wanted to empower its internal auditing teams by developing a single, centralized governance risk compliance (GRC) platform. This platform, hosted on ServiceNow, would help the audit team to plan and execute engagements, collaborate with other departments, view audit report findings and monitor enterprise-wide compliance against requirements outlined in HIPAA and PCI-DSS 3.0.
Before, the existing GRC system lacked transparency and accountability. There was also a lack of time tracking functionality, reporting capabilities, and historical data access.
Finally, the client wanted its manual dependencies replaced as they were increasing the duration of
audit executions.
Trianz implemented the client’s requested technology components:
ServiceNow was introduced as a foundation, offering future expandability with its workflow optimization and orchestration features.
ServiceNow Governance Risk Compliance (GRC) was the focus, improving business resilience with real-time GRC visibility, greater productivity with auditing procedures, and tools to streamline stakeholder risk communications.
First, a specialist team at Trianz conducted interviews with key stakeholders across the business. The focus was on process owners so that Trianz could understand current GRC processes, controls, sources, and exemptions.
From here, the team identified internal and external Active Directory policies, controls, and exemptions to determine the current state of governance, risk, and compliance on the IT network.
Next, profiles were created for specific scenarios helping to establish risk and compliance indicators and govern role-based access controls.
Finally, auditing processes were assessed and mapped, allowing audit findings to be closed automatically using automation playbooks.
After adopting ServiceNow GRC, the entire GRC process was automated, offloading manual processes from the auditing team to drive productivity.
Audit engagements and executions could be performed within a centralized system rather than department-specific repositories, improving risk and compliance awareness.
The internal auditing team reduced the time spent on managing audits by 50%.
GRC workflows benefitted from greater transparency and accuracy, with analytics and reporting functions enabling accountability monitoring relating to process compliance.
The client could now access real-time dashboards for various processes and compliance workflows.
Process compliance was automated with findings being supplied within familiar employee workflows, reducing manual processing requirements.
Improvements to processes and tighter GRC worked together to eliminate a number of redundancies and exemptions, streamlining auditing procedures.
Contact Us Today
Let’s Talk
x