By ServiceNow - 2015-03-30
Last month ServiceNow acquired Intréis, a team of experts focused on integrating governance, risk and compliance (GRC) and service management across the enterprise. We caught up with Kris Markham, the co-founder and CEO of Intréis, to get his insight into the market trends around GRC and why his company is joining ServiceNow.
Q. In your experience, what areas pose the greatest risks to an organization?
Two areas loom large for companies: failing an audit and suffering a security breach. If a company fails an audit, it can incur fines and its executives might face criminal prosecution. As we’ve seen in the news, a major security breach can set off an outage or compromise data, triggering customer loss, potentially damaging a brand image.
Q. What are the drivers of GRC for a business?
GRC is all about improving governance, creating better more cost effective ways to manage compliance, and understanding the impacts risk can have on the business.
Q. How do most companies address GRC? How does ServiceNow improve this?
For many companies, GRC is thought of as a necessary evil, something that slows the business down and adds little value. ServiceNow is in a unique position to help its customers leverage GRC in an integrated way, and create a strategic advantage. A real world example of this is in the way an organization implements their Access Request process and controls using the ServiceNow Service Catalog. By thinking about the process through a compliance lens, we can embed controls into the workflow so that the daily operation of that process is producing the evidence required for control testing and audit. This is one of the many examples of how controls help increase the performance of a process in ServiceNow.
Q. Intréis had more than 60 mutual customers with ServiceNow and was conquering its niche. What was your motivation to join ServiceNow?
Our companies share a strong belief in the power of leveraging the ServiceNow platform to disrupt traditional thinking around GRC with an integrated approach.
Q. How do you define integrated GRC?
ServiceNow’s definition of integrated GRC is a little different than most. Because ServiceNow is capable of automating both IT and business processes and enabling a robust GRC capability, we can literally embed risk and compliance activities into the way organizations run their business.
Q. How did Intréis work with ServiceNow on its Unified Compliance Framework (UCF)?
The UCF is an industry vetted compliance database made up of more than 800 laws and standards from around the world. Intréis worked with ServiceNow to
Cannot serve request to /content/servicenow/www/locale-sites/en-us/company/media/blog/seven-questions-for-kris-markham-on-disrupting-risk-management.html on this server