How Novartis manages global risk at scale

In 2018, pharmaceutical giant Novartis logged $44 billion in net sales to 750 million customers. Novartis needs a lot of outside help to manufacture, market, sell, and distribute its goods and services—namely, more than 80,000 third-party vendors in 155 countries.

The scope of its multinational operation is massive. So is the pressure from executives, shareholders and regulators to ensure security across a huge swathe of risk areas, according to Naveeda Mukhtar, Solution Design Lead, ServiceNow Business Solutions at Novartis. These include human rights and worker safety, IT security and data privacy, environmental laws, anti-bribery safeguards and more.

Speaking at a Knowledge 2019 breakout session in Las Vegas, Mukhtar outlined the risk management challenges facing Novartis: “How can we unify the process for all of our risk areas? How can we follow the same framework?” Flexibility is also crucial, she noted, as pharma industry regulations are constantly changing.

To meet those challenges, Novartis adopted ServiceNow’s Vendor Risk Management application in 2018. The primary strength of ServiceNow, Mukhtar explained, is its end-to-end process framework, which has helped eliminate fragmentation across workflows and regions while making risk management simpler and more scalable.

It’s also a forward-looking solution, Mukhtar said. “An end-to-end process lines us up for the future,” she told attendees. “It enables AI automation going forward.”

Multi-team collaboration
For Novartis, third-party risk management (TPRM) requires close collaboration between three core teams: the TPRM strategic team (which acts as a governing body), the service delivery team (which performs risk assessment and supports implementation); and the risk functions (which monitors whether third-party risk policies are being delivered as required).

Due to the enormous scale of Novartis’ risk-management operations, the company started small. Novartis initially rolled out ServiceNow in just one country, Mexico, in early 2018.

Early indicators of success, such as measurable cost reductions—the company is not making specific cost-savings metrics public yet, Mukhtar said—have spurred the company to expand this implementation globally in 2019 and beyond.

That’s not to say it has been an easy road. Mukhtar notes that it took customization (such as third-party questionnaire configuration and vendor portal functionality) to tailor risk monitoring tools and documentation processes for Novartis’ complex needs.

“Because we were one of the early adopters, we probably suffered more than others will,” Mukhtar explained. “We were guinea pigs, but overall it went very well.”

Mukhtar also shared a few recommendations for other large organizations looking to leverage ServiceNow’s Vendor Risk Management application on a large scale. First, project managers need to secure senior leadership buy-in and support from the outset. Second, they need to prepare well in advance of implementation by learning the tool’s out-of-the-box capabilities and determining where customization is needed. Third, they should enlist the support of the IT delivery team.

Lastly, Mukhtar said, customers need to forge a real partnership with ServiceNow in order to provide feedback and influence their roadmap for future product innovation.