Background
As GRC Implementation Specialists, DSS was assigned to implement the Policy and Compliance and Audit Management modules for a large corporation. This company collaborates with renowned auditing firms such as Deloitte, KPMG, PwC, and Ernst & Young. The primary goal was to reduce the costs of audits and compliance by implementing a process-driven system that automates tasks and provides advanced reporting.
Challenge & Objective
The company faced a challenge with compliance and audit engagements as they were becoming time-consuming and dull. This was due to the absence of a single source of truth system, and many clients still needed to use Excel spreadsheets to gather and analyse data. As a result, there was a lack of reporting, visibility, and processes. Our solution was to provide a centralised platform that would enable stakeholders to manage risks and ensure compliance efficiently.
Results
At the beginning of the project, we focused on determining which systems and controls to onboard first. Our two main clients, SOX Compliance Team and PCI had different methods for evaluating compliance on each system. SOX Compliance Team prioritised audit management, engagement processes, evidence collection, and remediation, while PCI had its own approach to ensuring compliance. To address this, we created a customised process in ServiceNow® that integrates smoothly with all other GRC modules, allowing compliance officers to assess each control.
Our team has developed interactive dashboards for different levels of management, providing all stakeholders in the compliance space with clear visibility. In addition, we have introduced special environments called Workspaces, which combine the full range of ServiceNow® capabilities and make it easy for clients to access relevant data without having to search the entire platform. To further facilitate user onboarding, we have also implemented a Knowledge base that streamlines the process and ensures it is fast and easy.
To make the most of different systems, we used integrations to exchange data. Specifically, we integrated the alert system from SAP with ServiceNow®, which allowed us to utilise GRC's underlying processes. Additionally, we integrated with Azure Data Lake, which allowed us to send SOX Issues directly to PowerBI and make use of its reporting capabilities.
Conclusion
In summary, incorporating the Policy and Compliance and Audit Management modules into the SAP and Azure Data Lake integration created a centralised system that facilitated process-driven work, automation, and advanced reporting. This resulted in a single source of truth that lowered audit and compliance expenses and enhanced visibility and processes for all parties involved.
If you're seeking to enhance your organisation's GRC processes, our DSS team of ServiceNow consulting experts can assist you with analysis, design, and implementation for both out-of-the-box and customised solutions. Learn more about our ServiceNow consulting services here.