Operational resilience and risk management go hand-in-hand. Operational risk management encompasses many types of risks including business continuity, resiliency, technology, third-party, data loss, regulations, and cybersecurity.
The challenge of managing operational risk efficiently results from diverse and separate teams, data sets, and tools that are involved. Each group has its own priorities, risk types, and approaches, so much of the work is performed manually and in spreadsheets. Each audit is a new cycle of effort, and risk leaders can’t effectively manage or report on the overall risk posture.
As part of this announcement, we connect risk management across these domains with an innovative, advanced risk assessment engine that supports evaluation, manually or automatically, of any type of risk using any methodology. This engine supports the need for each line of business to use unique ways to define and assess risk and encourages front line self-assessment with automated and manual options. As part of integrated risk management, it simplifies the identification of noncompliant controls and monitoring of high-risk areas while tracking the full range of risk events.
These new and enhanced capabilities are core to any business and give COOs, or any executive overseeing operational risk functions, the ability to manage risk across organizational silos. And while other risk and resilience solutions require extensive customization and integration, the ServiceNow Operational Risk and Resilience capabilities can integrate with existing enterprise workflows and embed risk indicators throughout the business – across HR, customer service, and IT workflows – with minimal implementation effort, delay, or added cost.
In addition to the new and expanded solutions for Operational Risk and Resilience, ServiceNow is also offering new support for frameworks and regulatory change management, which helps key industries (government, financial services, and healthcare) keep up with the volume, variety and increasingly prescriptive regulatory requirements. With this new support for NIST RMF, CIS Top 20 Controls, Bank for International Settlements (BIS) guidance, and change management to automate regulatory updates, organizations can be more effective in managing their compliance obligations. External and internal sources can be managed together more efficiently, permitting more automated workflows, and increasing consistency and accountability.
According to Frederic Veron, Business Resiliency and Continuity Leader at Ernst & Young LLP (EY), “We view ServiceNow’s roadmap acceleration into operational risk as a game changer for the industry. The ability to address risk in real-time is why we’ve created the EY operational resilience framework for our financial services clients on the Now Platform. This framework helps our customers support day-to-day operations through any disruption—from normal and benign, to major events—while minimizing business impact. Such resiliency is needed now more than ever as many organizations navigate a shift to increased remote operations.”
ServiceNow has proven leadership in bringing IT, security, HR, customer service, and other organizational workflow data together with risk management processes for a unified, modern solution on the Now Platform. ServiceNow’s risk solution has been positioned a Leader in the Gartner Magic Quadrant for Integrated Risk Management for its ability to deliver continuous monitoring, prioritization, and automation for risk response.
If your organization is facing operational risk challenges or wants to chart a course to operational resilience, reach out to a ServiceNow representative to learn how we can help. We are here to support you on your journey.
1 Forrester: Build The Business Case For GRC – January 7, 2020 (By Alla Valente, Renee Murphy with Amy DeMartine, Kate Pesa, Peggy Dostie)
© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.