SlideShare ist ein Scribd-Unternehmen logo

Transforming compliance and audit management with ServiceNow

Iceberg Networks Corporation
Iceberg Networks Corporation

Deck from a demo presented on July 24, 2018. A video archive is available at http://icebergnetworks.com/compliance

Business
1 von 18
Downloaden Sie, um offline zu lesen
Transforming  compliance  and     audit  management  with  ServiceNow   DEMO  WEBINAR  •  July  24,  2018    
Delivering Risk Intelligence David  Pearson   CTO  &  SENIOR  GRC  CONSULTANT     Travis  Giff   SENIOR  GRC  ARCHITECT     &  DEVELOPER     Today’s  presenters   About  Iceberg   ü  100%  focus  on  Governance,     Risk  Management  &  Compliance  (GRC)   ü  Staff  includes  25+  full-­‐Xme  GRC  consultants   &  cerXfied  developers   ü  Customers  include  top  financials,   insurance,  health  care,  manufacturers,   retail,  government  in  North  America.  
Delivering Risk Intelligence “Trusted,  aggregated  and  transparent  risk  data  enabling  organizations   to  make  more  informed,  con:ident  and  effective  business  decisions.”   Delivering  Risk  Intelligence   Disconnected  risk   &  business  data   Aggregated  &   integrated  for  context   Analyzed  &   interpreted   Be_er  business   decisions  &  acXons  
Delivering Risk Intelligence A  full  lifecycle  of  GRC  services   Management   Workshops   Visioning  &  Alignment   CMO/FMO   KRI/KxI   Professional   Services   ImplementaXon   &  IntegraXon   SoluXon  Lifecycle   Management   Iceberg   APS   Post-­‐ProducXon  Support   Mentoring,  Coaching     &  Skills  Development   Sandboxes     Risk  Intelligence   Academy   Case  Studies   Best  PracXces   Webinars     GRC   InnovaCon   ReporXng  /  Dashboards   Toolkits  &  Enhancements      
Delivering Risk Intelligence Demo  Company  Pro-ile   Ø  SaaS  for  markeXng/comms   Ø  1,000  employees   Ø  6  million  users  worldwide   Ø  75  customers  in  the  the  Fortune  100  
Delivering Risk Intelligence Challenges   1   ExisXng  internal  control   structure  based  on  SOC2;   need  to  leverage/adapt  to   include  FedRAMP,  GDPR,   and  other  regulaXons     2   Current  SOC2  a_estaXon   process  done  with   spreadsheets  /  email.       Time  consuming  +  lack  of   transparency     3   Poor  coordinaXon  of   acXviXes  between  Control   Owners  and  Auditors  for   collecXon  of  evidence  and   tracking  remediaXons.  
Delivering Risk Intelligence Project  Goals   1   Demonstrate  that   internal  controls   conform  to  regulatory   requirements     2   Simplify  the   a_estaXon  process   (make  it  easier     for  users)   3   Provide  greater   visibility  into  the   a_estaXon  process,   and  track  the  state  of   evidence  collecXon     4   Simplify  interacXon   with  external  auditor   for  collecXon  of   evidence    
ServiceNow  Governance,  Risk,  and  Compliance  (GRC)   Source:  Unified  Compliance  Framework   Rs   Research  Sites   Ad   Authority   Docs   Ct   CitaXons   Ac   Acronyms   Gl   Glossary   Cd   cDocs   Ro   Roles   Me   Metrics   Ce   Controls   As   Assets   Re   Rec   Examples   Ci   Config   Items   Cm   Config   Methods   Ve   Vendors   Rc   Record   Category   Ot   Org   Tasks   Of   Org   FuncXons   Au   Audit   Ev   Events   Content  Provider  (UCF)   ServiceNow  Reference  Content  Objects   Authority   Documents   CitaXons   Policy   Statements   Policies   POLICY & COMPLIANCE MANAGEMENT RISK MANAGEMENT AUDIT MANAGEMENT VENDOR RISK MANAGEMENT
Delivering Risk Intelligence   Key  AcCviCes   •  Manage  Authority  Documents,  CitaXons,   Policy  Statements   •  Assign  Control  Owners   •  Manage  Policy  ExcepXons   •  Set  up  Indicators  for  ConXnuous  Monitoring     Compliance  Manager       “As  a  Compliance  Manager  of  XYZ  Company  I  need  to  manage  my  organizaBons   internal  policies  and  ensure  my  organizaBon  is  compliant  with  the  various   regulatory  frameworks.”    
Delivering Risk Intelligence   Key  AcCviCes   •  Complete  Control  A_estaXons   •  Respond  to  Ad  Hoc  Evidence  Requests   •  Follow  up  with  any  Issues  and  RemediaXon   Tasks     Control  Owner       “As  a  Control  Owner  of  XYZ  Company  I  need  to  ensure  the  proper  controls  are  in   place  by  reviewing  the  control  guidance,  implemenBng  the  control  and  by   providing  sufficient  evidence  of  the  control  being  in  place.”    
Delivering Risk Intelligence   Key  AcCviCes   •  Manage  my  Audit  Engagements   •  Manage  my  team   •  Maximize  Control  TesXng  Efforts   •  Follow  up  with  any  Issues  and  RemediaXon  Tasks     Audit  Manager     “As  a  Audit  Manager  I  need  to  manage  task  assignment  to  my  internal  and   external  audit  staff,  ensure  all  controls  that  are  in  place  are  designed  and   operaBng  effecBvely,  and  follow  up  with  issues  and  remediaBon  tasks  for  non-­‐ compliant  controls.  “  
Delivering Risk Intelligence Demo  
Delivering Risk Intelligence Driving  Outcomes   1   CONSOLIDATE   MulXple  regulatory   frameworks,  control   structure  &  evidence  now   in  one  central  repository   2   MANAGE  &  AUTOMATE   Visibility  into  a_estaXon   process,  lower  burden  on   resources   3   COLLABORATE     Between  audit  and  control   owners,  and  with  external   audit    
Delivering Risk Intelligence Implementation  details   8-­‐week  implementaXon     Most  effort  in  implementaCon  is  NOT  configuraCon   it’s  understanding  the  structure  of  data,  roles  &  access,  reporXng   requirements,  workflows  &  lifecycle  
Delivering Risk Intelligence What’s  next?   ü  Use  CI’s  created  for  this  project  as  a  foundaXon  for  a  more   comprehensive  CMDB   ü  Layer  on  risk  management,  including  risk  assessments   ü  Incorporate  more  regulaXons  and  internal  policies  into  the   exisXng  framework   ü  Compliance  as  a  compeXXve  edge:  showcase  maturity  &  best   pracXces  to  customers  
Delivering Risk Intelligence A  foundation  for  Integrated  Risk  Management  (IRM)  
Delivering Risk Intelligence Q&A   David  Pearson   CTO  &  SENIOR  GRC  CONSULTANT   Travis  Giff   SENIOR  GRC  ARCHITECT     &  DEVELOPER    
Thank  you!   Webinar  replay:  icebergnetworks.com  

Empfohlen

Multimodal IT and Orchestration for Digital Transformation
Multimodal IT and Orchestration for Digital TransformationMultimodal IT and Orchestration for Digital Transformation
Multimodal IT and Orchestration for Digital Transformation
Leon Dohmen
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
Eryk Budi Pratama
 
ITSM and ITOM Coming Together
ITSM and ITOM Coming TogetherITSM and ITOM Coming Together
ITSM and ITOM Coming Together
OpsRamp
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Chad Lawler
 
ITIL Incident Management Workflow - Process Guide
ITIL Incident Management Workflow - Process Guide ITIL Incident Management Workflow - Process Guide
ITIL Incident Management Workflow - Process Guide
Flevy.com Best Practices
 
Service Mapping.pptx
Service Mapping.pptxService Mapping.pptx
Service Mapping.pptx
AshishChakravarty3
 
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Manuel Pais
 
ITSM and Service Catalog Overview
ITSM and Service Catalog OverviewITSM and Service Catalog Overview
ITSM and Service Catalog Overview
Christopher Glennon
 

Empfohlen

Multimodal IT and Orchestration for Digital Transformation
Multimodal IT and Orchestration for Digital TransformationMultimodal IT and Orchestration for Digital Transformation
Multimodal IT and Orchestration for Digital Transformation
Leon Dohmen
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
Eryk Budi Pratama
 
ITSM and ITOM Coming Together
ITSM and ITOM Coming TogetherITSM and ITOM Coming Together
ITSM and ITOM Coming Together
OpsRamp
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Chad Lawler
 
ITIL Incident Management Workflow - Process Guide
ITIL Incident Management Workflow - Process Guide ITIL Incident Management Workflow - Process Guide
ITIL Incident Management Workflow - Process Guide
Flevy.com Best Practices
 
Service Mapping.pptx
Service Mapping.pptxService Mapping.pptx
Service Mapping.pptx
AshishChakravarty3
 
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Remote-first Team Interactions for Business and Technology Teams @ Berlin CTO...
Manuel Pais
 
ITSM and Service Catalog Overview
ITSM and Service Catalog OverviewITSM and Service Catalog Overview
ITSM and Service Catalog Overview
Christopher Glennon
 
Servicenow overview
Servicenow overviewServicenow overview
Servicenow overview
CloudSyntrix
 
It Service Management Implementation Overview
It Service Management Implementation OverviewIt Service Management Implementation Overview
It Service Management Implementation Overview
Alan McSweeney
 
AWS Managed Services - BlazeClan Technologies
AWS Managed Services - BlazeClan TechnologiesAWS Managed Services - BlazeClan Technologies
AWS Managed Services - BlazeClan Technologies
Blazeclan Technologies Private Limited
 
CMDB - Use Cases
CMDB - Use CasesCMDB - Use Cases
CMDB - Use Cases
Puru Amradkar
 
ServiceDesk Plus Overview Presentation
ServiceDesk Plus Overview PresentationServiceDesk Plus Overview Presentation
ServiceDesk Plus Overview Presentation
ServiceDesk Plus
 
service-mapping-readiness.pptx
service-mapping-readiness.pptxservice-mapping-readiness.pptx
service-mapping-readiness.pptx
ssuser34987b
 
How to build the business case for Service Catalog
How to build the business case for Service CatalogHow to build the business case for Service Catalog
How to build the business case for Service Catalog
Axios Systems
 
AWS Manufacturing.pdf
AWS Manufacturing.pdfAWS Manufacturing.pdf
AWS Manufacturing.pdf
Amazon Web Services
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
Amazon Web Services
 
ITSM(IT Service Management)
ITSM(IT Service Management)ITSM(IT Service Management)
ITSM(IT Service Management)
Atlassian 대한민국
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
Rob Akershoek
 
ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance
Jade Global
 
Provisioning Datadog with Terraform
Provisioning Datadog with TerraformProvisioning Datadog with Terraform
Provisioning Datadog with Terraform
Matt Spurlin
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
Ismail aboulezz
 
Cloud Migration Strategy Framework
Cloud Migration Strategy FrameworkCloud Migration Strategy Framework
Cloud Migration Strategy Framework
PT Datacomm Diangraha
 
Intelligent MSP Presentation.pdf
Intelligent MSP Presentation.pdfIntelligent MSP Presentation.pdf
Intelligent MSP Presentation.pdf
ssuser437548
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
David Favelle
 
ITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 EditionITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 Edition
Andy Juan Sarango Veliz
 
SYSPRO ERP for Manufacturing
SYSPRO ERP for Manufacturing SYSPRO ERP for Manufacturing
SYSPRO ERP for Manufacturing
SYSPRO
 
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
Phil Tishberg
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tuan Phan
 

Weitere ähnliche Inhalte

Was ist angesagt?

It Service Management Implementation Overview
It Service Management Implementation OverviewIt Service Management Implementation Overview
It Service Management Implementation Overview
Alan McSweeney
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
Amazon Web Services
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
Rob Akershoek
 
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
Phil Tishberg
 

Was ist angesagt? (20)

Servicenow overview
Servicenow overviewServicenow overview
Servicenow overview
 
It Service Management Implementation Overview
It Service Management Implementation OverviewIt Service Management Implementation Overview
It Service Management Implementation Overview
 
AWS Managed Services - BlazeClan Technologies
AWS Managed Services - BlazeClan TechnologiesAWS Managed Services - BlazeClan Technologies
AWS Managed Services - BlazeClan Technologies
 
CMDB - Use Cases
CMDB - Use CasesCMDB - Use Cases
CMDB - Use Cases
 
ServiceDesk Plus Overview Presentation
ServiceDesk Plus Overview PresentationServiceDesk Plus Overview Presentation
ServiceDesk Plus Overview Presentation
 
service-mapping-readiness.pptx
service-mapping-readiness.pptxservice-mapping-readiness.pptx
service-mapping-readiness.pptx
 
How to build the business case for Service Catalog
How to build the business case for Service CatalogHow to build the business case for Service Catalog
How to build the business case for Service Catalog
 
AWS Manufacturing.pdf
AWS Manufacturing.pdfAWS Manufacturing.pdf
AWS Manufacturing.pdf
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
 
ITSM(IT Service Management)
ITSM(IT Service Management)ITSM(IT Service Management)
ITSM(IT Service Management)
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
 
ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance
 
Provisioning Datadog with Terraform
Provisioning Datadog with TerraformProvisioning Datadog with Terraform
Provisioning Datadog with Terraform
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
 
Cloud Migration Strategy Framework
Cloud Migration Strategy FrameworkCloud Migration Strategy Framework
Cloud Migration Strategy Framework
 
Intelligent MSP Presentation.pdf
Intelligent MSP Presentation.pdfIntelligent MSP Presentation.pdf
Intelligent MSP Presentation.pdf
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
 
ITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 EditionITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 Edition
 
SYSPRO ERP for Manufacturing
SYSPRO ERP for Manufacturing SYSPRO ERP for Manufacturing
SYSPRO ERP for Manufacturing
 
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Co...
 

Ähnlich wie Transforming compliance and audit management with ServiceNow

CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
LinkedInProfile_Deck09072016
LinkedInProfile_Deck09072016LinkedInProfile_Deck09072016
LinkedInProfile_Deck09072016
buckkulkarni
 
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
Iceberg Networks Corporation
 
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
Greenlight Guru
 

Ähnlich wie Transforming compliance and audit management with ServiceNow (20)

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Establishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management ProgramEstablishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management Program
 
Regulatory Compliance Audit Management Solution
Regulatory Compliance Audit Management SolutionRegulatory Compliance Audit Management Solution
Regulatory Compliance Audit Management Solution
 
Auto audit
Auto auditAuto audit
Auto audit
 
Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes
 
LinkedInProfile_Deck09072016
LinkedInProfile_Deck09072016LinkedInProfile_Deck09072016
LinkedInProfile_Deck09072016
 
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
 
Internal Audit Solution - MetricStream
Internal Audit Solution - MetricStream Internal Audit Solution - MetricStream
Internal Audit Solution - MetricStream
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
Adaptive RiskPro
Adaptive RiskProAdaptive RiskPro
Adaptive RiskPro
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management Solutions
 
Project Management Overview
Project Management OverviewProject Management Overview
Project Management Overview
 
Quality Management Systems - Aviation Industry
Quality Management Systems - Aviation IndustryQuality Management Systems - Aviation Industry
Quality Management Systems - Aviation Industry
 
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
4 Quality System Musts for Medtech Startups to Get Safer Products to Market F...
 
Audits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLSAudits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLS
 
Project Quality - Chapter 1.pptx
Project Quality - Chapter 1.pptxProject Quality - Chapter 1.pptx
Project Quality - Chapter 1.pptx
 

Mehr von Iceberg Networks Corporation

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!
Iceberg Networks Corporation
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reporting
Iceberg Networks Corporation
 

Mehr von Iceberg Networks Corporation (10)

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!
 
How Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC programHow Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC program
 
Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program
 
Webinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third LineWebinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third Line
 
Webinar: Getting a grip on application risk
Webinar: Getting a grip on application riskWebinar: Getting a grip on application risk
Webinar: Getting a grip on application risk
 
Case study: Getting a grip on application risk
Case study: Getting a grip on application riskCase study: Getting a grip on application risk
Case study: Getting a grip on application risk
 
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
 
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRSolution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
 
RSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management programRSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management program
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reporting
 

Kürzlich hochgeladen

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Kürzlich hochgeladen (20)

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 

Transforming compliance and audit management with ServiceNow

  • 1. Transforming  compliance  and     audit  management  with  ServiceNow   DEMO  WEBINAR  •  July  24,  2018    
  • 2. Delivering Risk Intelligence David  Pearson   CTO  &  SENIOR  GRC  CONSULTANT     Travis  Giff   SENIOR  GRC  ARCHITECT     &  DEVELOPER     Today’s  presenters   About  Iceberg   ü  100%  focus  on  Governance,     Risk  Management  &  Compliance  (GRC)   ü  Staff  includes  25+  full-­‐Xme  GRC  consultants   &  cerXfied  developers   ü  Customers  include  top  financials,   insurance,  health  care,  manufacturers,   retail,  government  in  North  America.  
  • 3. Delivering Risk Intelligence “Trusted,  aggregated  and  transparent  risk  data  enabling  organizations   to  make  more  informed,  con:ident  and  effective  business  decisions.”   Delivering  Risk  Intelligence   Disconnected  risk   &  business  data   Aggregated  &   integrated  for  context   Analyzed  &   interpreted   Be_er  business   decisions  &  acXons  
  • 4. Delivering Risk Intelligence A  full  lifecycle  of  GRC  services   Management   Workshops   Visioning  &  Alignment   CMO/FMO   KRI/KxI   Professional   Services   ImplementaXon   &  IntegraXon   SoluXon  Lifecycle   Management   Iceberg   APS   Post-­‐ProducXon  Support   Mentoring,  Coaching     &  Skills  Development   Sandboxes     Risk  Intelligence   Academy   Case  Studies   Best  PracXces   Webinars     GRC   InnovaCon   ReporXng  /  Dashboards   Toolkits  &  Enhancements      
  • 5. Delivering Risk Intelligence Demo  Company  Pro-ile   Ø  SaaS  for  markeXng/comms   Ø  1,000  employees   Ø  6  million  users  worldwide   Ø  75  customers  in  the  the  Fortune  100  
  • 6. Delivering Risk Intelligence Challenges   1   ExisXng  internal  control   structure  based  on  SOC2;   need  to  leverage/adapt  to   include  FedRAMP,  GDPR,   and  other  regulaXons     2   Current  SOC2  a_estaXon   process  done  with   spreadsheets  /  email.       Time  consuming  +  lack  of   transparency     3   Poor  coordinaXon  of   acXviXes  between  Control   Owners  and  Auditors  for   collecXon  of  evidence  and   tracking  remediaXons.  
  • 7. Delivering Risk Intelligence Project  Goals   1   Demonstrate  that   internal  controls   conform  to  regulatory   requirements     2   Simplify  the   a_estaXon  process   (make  it  easier     for  users)   3   Provide  greater   visibility  into  the   a_estaXon  process,   and  track  the  state  of   evidence  collecXon     4   Simplify  interacXon   with  external  auditor   for  collecXon  of   evidence    
  • 8. ServiceNow  Governance,  Risk,  and  Compliance  (GRC)   Source:  Unified  Compliance  Framework   Rs   Research  Sites   Ad   Authority   Docs   Ct   CitaXons   Ac   Acronyms   Gl   Glossary   Cd   cDocs   Ro   Roles   Me   Metrics   Ce   Controls   As   Assets   Re   Rec   Examples   Ci   Config   Items   Cm   Config   Methods   Ve   Vendors   Rc   Record   Category   Ot   Org   Tasks   Of   Org   FuncXons   Au   Audit   Ev   Events   Content  Provider  (UCF)   ServiceNow  Reference  Content  Objects   Authority   Documents   CitaXons   Policy   Statements   Policies   POLICY & COMPLIANCE MANAGEMENT RISK MANAGEMENT AUDIT MANAGEMENT VENDOR RISK MANAGEMENT
  • 9. Delivering Risk Intelligence   Key  AcCviCes   •  Manage  Authority  Documents,  CitaXons,   Policy  Statements   •  Assign  Control  Owners   •  Manage  Policy  ExcepXons   •  Set  up  Indicators  for  ConXnuous  Monitoring     Compliance  Manager       “As  a  Compliance  Manager  of  XYZ  Company  I  need  to  manage  my  organizaBons   internal  policies  and  ensure  my  organizaBon  is  compliant  with  the  various   regulatory  frameworks.”    
  • 10. Delivering Risk Intelligence   Key  AcCviCes   •  Complete  Control  A_estaXons   •  Respond  to  Ad  Hoc  Evidence  Requests   •  Follow  up  with  any  Issues  and  RemediaXon   Tasks     Control  Owner       “As  a  Control  Owner  of  XYZ  Company  I  need  to  ensure  the  proper  controls  are  in   place  by  reviewing  the  control  guidance,  implemenBng  the  control  and  by   providing  sufficient  evidence  of  the  control  being  in  place.”    
  • 11. Delivering Risk Intelligence   Key  AcCviCes   •  Manage  my  Audit  Engagements   •  Manage  my  team   •  Maximize  Control  TesXng  Efforts   •  Follow  up  with  any  Issues  and  RemediaXon  Tasks     Audit  Manager     “As  a  Audit  Manager  I  need  to  manage  task  assignment  to  my  internal  and   external  audit  staff,  ensure  all  controls  that  are  in  place  are  designed  and   operaBng  effecBvely,  and  follow  up  with  issues  and  remediaBon  tasks  for  non-­‐ compliant  controls.  “  
  • 13. Delivering Risk Intelligence Driving  Outcomes   1   CONSOLIDATE   MulXple  regulatory   frameworks,  control   structure  &  evidence  now   in  one  central  repository   2   MANAGE  &  AUTOMATE   Visibility  into  a_estaXon   process,  lower  burden  on   resources   3   COLLABORATE     Between  audit  and  control   owners,  and  with  external   audit    
  • 14. Delivering Risk Intelligence Implementation  details   8-­‐week  implementaXon     Most  effort  in  implementaCon  is  NOT  configuraCon   it’s  understanding  the  structure  of  data,  roles  &  access,  reporXng   requirements,  workflows  &  lifecycle  
  • 15. Delivering Risk Intelligence What’s  next?   ü  Use  CI’s  created  for  this  project  as  a  foundaXon  for  a  more   comprehensive  CMDB   ü  Layer  on  risk  management,  including  risk  assessments   ü  Incorporate  more  regulaXons  and  internal  policies  into  the   exisXng  framework   ü  Compliance  as  a  compeXXve  edge:  showcase  maturity  &  best   pracXces  to  customers  
  • 16. Delivering Risk Intelligence A  foundation  for  Integrated  Risk  Management  (IRM)  
  • 17. Delivering Risk Intelligence Q&A   David  Pearson   CTO  &  SENIOR  GRC  CONSULTANT   Travis  Giff   SENIOR  GRC  ARCHITECT     &  DEVELOPER    
  • 18. Thank  you!   Webinar  replay:  icebergnetworks.com