Renato Cunha and Sammia Abrar are GRC analysts at Nexen Energy, an oil and gas company that develops resources in Canada, the United States, the North Sea, and West Africa. At Knowledge18, they shared how ServiceNow GRC has brought Nexen’s audit testing under control.
Here’s what we heard.
Renato and Sammia know what it’s like to be stuck between auditors and business stakeholders. It’s a tough place to be – one where you’re more likely to be blamed than praised. It’s also a place where inefficient manual processes can overwhelm you.
Being in a heavily regulated industry, Nexen faces multiple audits every year. Before implementing ServiceNow GRC’s Audit Management, the process looked something like the diagram below. It was time consuming and inefficient, and there was almost no visibility.
Renato knew the process needed to change, but he also knew that it more than an internal audit issue. External auditors needed to quickly scope audit projects, carry out fieldwork, collect control evidence, and track audit observations.
Renato and Sammia set about making changes. Using Audit Management’s audit engagements and profiles, they configured the audit dashboard to meet the needs of external auditors. They also added an audit request function to streamline communications with auditors. And, instead of looking at internal audit tasks, indicators, controls tests, and issues, they used ServiceNow Risk Management to look at the overall risk to the business.
The results were impressive. The process was dramatically simplified, with a 60% reduction in email conversations and 50% less deficiencies. It became sustainable, agile, and transparent – as shown in the diagram below:
Here’s proof that the new process worked. Renato and Sammia successfully handled simultaneous audits by two of the Big Four accounting firms, managing over 500 audit requests. They accomplished this while using the power of ServiceNow to remove uncertainty and provide greater transparency.
Renato and Sammia say that ServiceNow’s ability to track and store history and evidence has also been invaluable. In one case, an auditor reported a supposed deficiency. Using Audit Management, Nexen responded within 30mins, giving detailed proof that the information had already been provided.
Renato and Sammia offer some advice if you want to tackle audit chaos:
- Out-of-the-box ServiceNow functionality can address most of your needs
- You need a good plan to make proper use of ServiceNow’s flexibility
- To make better decisions and respond faster, track key metrics and consolidate communications – for example, time worked, work notes, and meeting minutes
Next up, Nexen plans to enhance its control monitoring processes, as well as its risk and compliance dependency maps. We’re look forward to hearing all about it at Knowledge 19!
View Renato and Sammia’s attached K18 presentation or watch their video to find out more about their story.
Learn more about ServiceNow GRC at www.servicenow.com/grc
