Change Management & Internal Controls

Shanedd22
Tera Contributor

‎07-23-2024 04:07 AM - edited ‎07-23-2024 04:09 AM

We have had instances where a change has been implemented that has made an internal control obsolete e.g. - all sales documents need to state trading T&C's. The change that was implemented created some sales documents where T&C's weren't displayed by design. When the control was audited it failed as this internal control document wasn't updated to reflect the change.

 

Is there functionality in ServiceNow that can do the follow:

- include a step in the change approval process, that flags whether or not the change will affect an internal control stored in IRM / GRC. e.g. - if a change to SAP sales documents is requested, the change approver selects from a drop down (YES/NO), whilst given visibility to all controls in place for SAP sales documents.

- add a task to a change before the implementation step - so that the control owner updates their control policy if they answered YES to the question above.

 

Any advice would be much appreciated.

0 Helpfuls
  • 413 Views
1 REPLY 1

Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎08-14-2024 11:01 PM

Hi @Shanedd22,

This could be achieved using OOTB GRC indicators as follow:

GRC indicators can be created for each internal control related to SAP sales documents, and conditions can be set on these indicators to check whether the change approver has selected the drop down value as YES before implementation of the change. Manual indicators can be executed on daily basis, and the conditions can be evaluated. If above dropdown is set to YES on respective change request, then the indicator tasks can be generated and assigned to the control owners, so that they can view the related change and make appropriate changes to the internal controls. 

 

Let me know if this helps.

 

Thanks,

Anushree

GRC Product Management, ServiceNow

 

 

0 Helpfuls