Large oil and energy company enhances Governance, Risk, and Compliance Processes with a Custom ServiceNow Solution
About the client: An upstream oil and gas company that develops resources in Western Canada, the U.S., the UK North Sea, and offshore West Africa. The company operates in a heavily regulated industry that makes governance, risk, and compliance (GRC) a top priority. The company needed strong business controls and to respond to multiple external audits every year
The internal IT department and external professional services was using ServiceNow for their IT Service Management (ITSM) needs. The client wanted a custom Risk Calculation to control maturity and mitigating factors into a more discrete evaluation. In addition, this large company was also looking to implement complex Governance, Risk, and Compliance (GRC) processes into their ServiceNow Platform but needed significant support & expertise to configure the out-of-the-box ServiceNow GRC modules to meet their needs.
The client required specific expertise to implement Vendor Risk Management for both internal vendor managers and external vendors. In addition, they needed to roll out a customized Policy and Compliance Management and Risk Management applications to their firm principals at all levels.
DX Digital technologies responded and implement a customized GRC solution that would improve the company’s resilience to risk, automate compliance testing, and improve company decision-making and performance.
To achieve a custom solution for the client, we configured several enhancements to the out-of-the-box ServiceNow Policy and Compliance Management application. DX were able to build parent/child relationships, able to load business-specific, five-level regulatory architecture into the required out-of-the-box levels.
DX also configured new Risk Calculation functionality while maintaining ServiceNow’s original Risk Management functionality as an option, with additional approval and response processes.
An enhanced Vendor Risk Management solution was also implemented and was segregated between large number of subsidiaries with owner-defined visibility across sister subsidiaries.
ServiceNow GRC (Vendor Risk Management, Policy and compliance)
Phased approach using DX approach and methodology
- Implemented Vendor Risk Management
- Focused on Policy and Compliance Management and Risk Management implementation
- Completed part two of Vendor Risk Management.
- Customized solution brought efficacy, efficiency, and visibility to the client’s Governance, Risk, and Compliance processes. With automated compliance monitoring in place, the client was able to execute daily compliance reporting. Additionally, the determination of the applicability of new compliance was shortened from one month to just a few days.
- The resolution process for vendor issues also improved. Using the Vendor Portal, issues were automatically generated and vendor risk assessment response time dropped from an average of approx. 40 days to 7 days. Vendor interactions that once spanned months were shortened to an average of 4 weeks.