Case Studies

GRC Implementation

Written by GlideFast | Jan 28, 2024 10:25:46 PM

The Challenge

One of the Big Four accounting firms and professional services networks was using ServiceNow for their IT Service Management (ITSM) needs. The international company was also looking to implement complex Governance, Risk, and Compliance (GRC) processes into their Now Platform, but needed significant support to configure the out-of-the-box ServiceNow GRC modules to meet their needs. In addition, the client also wanted a custom Risk Calculation to control maturity and mitigating factors into a more discrete evaluation. 

The client commissioned GlideFast Consulting to roll out customized Policy and Compliance Management and Risk Management applications to their firm principals at the national, regional, and state levels. The client also sought to implement Vendor Risk Management for both internal vendor managers and external vendors.

The Solution

GlideFast Consulting set out to implement a customized GRC solution that would improve the company’s resilience to risk, automate compliance testing, and improve company decision-making and performance.

In order to design a tailored solution for the client, GlideFast configured several enhancements to the out-of-the-box ServiceNow Policy and Compliance Management application. By building parent/child relationships, GlideFast was able to load business-specific, five-level regulatory architecture into the three out-of-the-box levels. 

GlideFast also configured new Risk Calculation functionality while maintaining ServiceNow’s original Risk Management functionality as an option, with additional approval and response processes. 

An enhanced Vendor Risk Management solution was also implemented and was segregated between 52 subsidiaries with owner-defined visibility across sister subsidiaries.

To ensure client satisfaction, GlideFast Consulting worked closely with the client team to build the ideal GRC solution. With the support of daily meetings with client process owners, training sessions for the client, and upgrade testing and remediation, GlideFast’s custom implementation yielded proven results for the client.  

Results

GlideFast Consulting developed and executed the GRC solution for the client through a multi-phased approach. In Phase I, GlideFast implemented part one of Vendor Risk Management.  Phase II focused on Policy and Compliance Management and Risk Management implementation, and Phase III completed part two of Vendor Risk Management. The extensive and complex project was completed in just over a year. 

GlideFast’s customized solution brought efficacy, efficiency, and visibility to the client’s Governance, Risk, and Compliance processes. With automated compliance monitoring in place, the client was able to execute daily compliance reporting. Additionally, the determination of the applicability of new compliance was shortened from one month to just a few days. 

As for Risk Calculation, GlideFast’s automation solution resulted in immediate, real-time reportable risk scores, rather than relying on manual calculations from disparate data sources which previously took days to complete.  

The resolution process for vendor issues also improved. Using the Vendor Portal, issues were automatically generated and vendor risk assessment response time dropped from an average of 30 days to 5 days. Vendor interactions that once spanned months were shortened to an average of 3 weeks.  

  • Vendor risk assessment response time dropped from an average of 30 days to 5 days.

  • Vendor interactions that once spanned months were shortened to an average of 3 weeks.