You’ve chosen the ServiceNow risk portfolio of products to deliver an exceptional experience for your risk, compliance, resilience and/ or ESG teams. How do you know you are getting the maximum value out of the product? Let’s dive into strategies for identifying, prioritizing, and measuring business outcomes.
- Define clear objectives
Start by understanding the specific business outcomes you want to achieve. These could include improving regulatory compliance, reducing the likelihood of a risk event, or enhancing assessment and analysis capabilities.
Once you know where you want to focus your efforts, collaborate with your stakeholders to define clear and measurable goals. From that, decide how you will measure success:
- Reduce Audit reporting cycle to two days.
- Aim for 99% of employees to approve privacy policies once a year
- Reduce the average time to remediate risk incidents by 25%.
These goals will guide your metrics selection, so make sure all your stakeholders are aligned before taking any steps.
2. Select relevant metrics
Now that you know what you want to accomplish, identify metrics that directly align with those goals and then prioritize them based on their impact on the business. These metrics will enable you to track your progress and see how well your program is performing over time. Measuring the entire program is not as important as measuring specific actions that help you achieve your goals.
Metrics should be focused in four areas:
- Efficiency: Comparison of processes before and after implementation
- Effectiveness: How well are processes and controls addressing risk and compliance requirements? Are results consistent with your goals?
- Responsiveness: What is the speed and accuracy of response to dynamic regulatory or compliance requirements or other risk factors.?
- Resiliency: How quickly can the org recover from a disruption to operations?
Some key governance metrics examples include:
- % of employees that have viewed policies
- % of employees that have accepted policies
- % of employees that have completed a specific training course or path
- Number of policy exceptions and/or violations counted per quarter
- Rate of employee turnover
Key risk metrics include:
- Frequency of risk assessments
- Number of critical findings found in risk assessments
- Average time to remediate risk incidents or events
- Identified risks with existing mitigation plans
- % of risk register within the defined risk appetite
Key compliance metrics include:
- Number of critical audit findings
- % of internal audits completed by deadline
- Number of compliance frameworks achieved
- Number of control test failures
- Number of compliance violations
- Ratio of discrepancies between internal and external audits
3. Measure and review performance
Now that you know what you need to track, you can get visibility and monitor your progress in your ServiceNow risk product. Here are some ESG and GRC examples to help you evaluate the best metrics for your organization:
- Metrics for ESG
- Metrics for GRC/IRM
- GRC: Metrics app (in-product app for tracking goals and targets and collecting and reporting on data)
A good tool for reviewing performance is the GRC Risk Overview dashboard. Dashboards are a great way to regularly track and monitor metrics using historical data to identify trends and areas for improvement. They provide a view into the status and workflows of inherent and residual enterprise and IT risks. Users can drill down into risks by framework, response, and exception. To see a sample dashboard, click here.
Another good tool is the Value Improvement overview which gives practical advice about getting the most value from your ServiceNow investment. KPIs are important, but to maximize value you will need a mindset that emphasizes value management in all strategic decision-making.
4. Benchmark and compare
Benchmark your metrics against industry standards and best practices. This will help you define what success looks like for your organization. One way to do this is to compare your performance against your competitors or your previous results over time to identify gaps and opportunities. Track improvements over quarters or years. Analyst firms like Gartner and Forrester can provide competitive information about risk industry standards. Industry conferences and company blogs are another way to find out what your competitors are doing at a higher level.
5. Iterate and improve
Continuously iterate on your strategies. If a metric is not reflecting progress on a desired goal, adjust your process or metric. Cross-functional team collaboration is a solid option for addressing bottlenecks and optimizing processes.
Regularly communicate progress and insights to your stakeholders. It’s important to keep all your stakeholders informed, especially when it comes to risk where one wrong decision based on a misleading metric can have a major impact on the future. Leaders also appreciate the transparency around metrics so they can avoid unexpected surprises.
Remember that effective measurement and optimization of ServiceNow Risk outcomes require a comprehensive approach. There is no one-size-fits-all solution to help you get the most out of your investment. Instead, take advantage of the resources and people that can help you along your implementation journey.
For more information on measuring value in your product implementation, read about Now Value in the Customer Success Center.
