Nexen Energy: GRC Case Study

Strengthen External Audits with ServiceNow GRC Like Nexen Energy

Businesses of all sizes and types need to comply with regulations from governments and other entities. For companies in certain heavily regulated industries, like healthcare and finance, the compliance requirements can be overwhelming.

Whether you are facing a heavy compliance workload, worried about the accuracy of your compliance evidence, or just trying to avoid the tedium of compliance paperwork, the right GRC (governance, risk, and compliance) solution can automate and streamline the entire process. Unfortunately, most organizations are still stuck with inefficient, time-consuming audit workflows. That was the case with Nexen Energy before it implemented ServiceNow GRC’s Audit Management application. You can read the entire story of how Nexen Energy reduced deficiencies by 50 percent here.

Through its transformation of the external audit process, Nexen learned about some key benefits of ServiceNow GRC—features that can help your business too.

Reclaim Your Time

Nexen operates in the highly-regulated oil and gas industry and faces multiple external audits every year, making a streamlined GRC process critical. Without a strong solution, the Nexen team was wasting many hours dealing with the hundreds of requests they received from external auditors.

This sort of situation isn’t uncommon. Audit processes tend to be fragmented and inefficient. When an auditor contacts a business with a request for evidence, someone at the company has to track down the right person to provide that information, follow up on any tests that need to be run, and stay in communication with the external auditors throughout the process. The information is often siloed in disparate applications and departments, and there may not be any consolidated history of past tests. Since compliance for each regulation is typically treated like a separate project, employees are running identical tests repeatedly. Your GRC team has better things to do with their time.

ServiceNow GRC uses compliance and risk data to scope, plan, and prioritize audit engagements. Automating audit management ensures accuracy and reduces the time you waste duplicating someone else’s efforts or repeatedly following up with control owners. With ServiceNow managing the entire audit lifecycle, your team can stop spending time shuttling evidence between the business and its auditors and start concentrating on more valuable work like managing SLAs and improving controls and processes.

Improve Communication with Auditors—And Your Own Team

Email tends to be the go-to method of communication for businesses. While quick and convenient, emails are a messy way to manage a project. Nexen Energy was sending a lot of emails as part of the audit process. Auditors emailed the GRC team with evidence requests, the team emailed control owners to chase down requests, and then they emailed the auditors to keep them in the loop.

Along with its adoption of ServiceNow Audit Management, Nexen implemented an audit request form, allowing external auditors to submit evidence requests which are then automatically routed to the right control owner by ServiceNow. Control owners respond with the evidence, which is also maintained in ServiceNow.

ServiceNow also allows you to set up configurable dashboards with the specific information certain user groups—internal or external—need to see. In Nexen’s case they configured a dashboard for the external auditors to provide visibility into request statuses. Using ServiceNow to enhance communication has led to a 60% reduction in email conversations.

Dashboards can also be used within your organization to provide an executive view into audit results and quickly identify issues.

Create a Sustainable Process

The regulatory environment is likely to become more, rather than less, complex. New regulations will be introduced to combat more sophisticated security threats. Your business is likely to add more applications, creating audit chaos if the information from each can’t be consolidated in one place. And as your business grows, you may expand to different regions of the country and the world, forcing you to comply with regulations from additional jurisdictions.

ServiceNow GRC provides a centralized solution for automating the complete audit process for all your compliance requirements. It increases visibility and analytics, improves the speed of workflows, and just generally saves your GRC team from getting bogged down in administrative tasks that don’t add value to the business.

ServiceNow GRC customers who automate GRC processes reduce audit costs by an average of 80 percent. Be like Nexen Energy—transform and strengthen your external audits with ServiceNow.

Ready to get started with ServiceNow GRC?    Talk to one of our experts.

Read More