ServiceNow GRC provides a strong framework that offers a wide range of practices to manage compliance activities. ServiceNow integrates with the Unified Compliance Framework through the authentication process and transforms into a central repository for all authority documents, which are part of SOX or PCI regulations. Let us understand how ServiceNow GRC improves efficient management of SOX activities.
Understanding How ServiceNow GRC Eases SOX Tasks
The legacy SOX compliance activities were time-consuming, inefficient and there was always a risk occurrence factor. In order to ease this process for businesses, ServiceNow offers support to Sarbanes-Oxley (SOX) Content Pack as a part of ServiceNow GRC module. The ServiceNow GRC helps the entire SOX process with the following key capabilities:
- Performance Analytics dashboards audit activities and provide real-time insights and up-to-date reports
- Create an environment where the SOX can perform the internal and external audit, moreover, corporate boards can effectively collaborate to identify proactively, report, and manage the business.
- Real-time data monitoring and triggering alerts when required.
- The automated surveys and real-time monitoring of quarterly control certification can be reduced to more than 60%
- 95% reduction in time to coordinate with external auditors
ServiceNow SOX Dashboard
The ServiceNow SOX dashboard displays multiple SOX reports in a single window. The dashboard differs based on the user roles of the logged user. The SOX main dashboards are:
Compliance Overview Dashboard
The compliance overview dashboard provides an overview of SOX policies, controls, and effects on the entities related to SOX processes. The default reports added to this dashboard are:
- Key Controls
- Control Compliance
- Failed Controls
- Controls by Entity
- Control Types
Attestation Overview dashboard
The attestation overview dashboard provides an overview of all attestations related to SOX control and facilitates monitoring the status of attestations. The default reports added to this dashboard are:
- Attestation by Entity
- Past Due Attestations
- Pending Attestations
- My Attestations
Control Issue Overview Dashboard
This provides an overview of issues related to the SOX controls. By default, it will show the count of issues that are pending for the past 90 days, 90-30 days, last 30 days, and issues that have due in the next 30days. It also shows the number of accepted control issues, issues by state, and issues that are backlogged by the owner. We can group the reports based on control, risk control objective, risk statement document, state, entity, and to whom it is assigned.
There is also an Advanced GRC dashboard (as Application Risk and Compliance Overview Dashboard). The advance dashboard provides more detailed reports on compliance, policy exceptions, and issues overview. All dashboard reports can be filtered using a business application filter.
This tab shows reports on total controls, compliant controls, non-compliant control, compliance status by month, compliance percentage, and an application compliance summary. We can apply a single filter or combination of two or more filter conditions of business criticality, control owning group, entity owner, enforcement, key control, and control state to generate the compliance overview report.
Risk Related Dashboards
The risk related dashboard will be displayed only if the advanced risk plugin is activated. Once the plugin is activated risk overview, risk posture, and audit overview dashboards will be displayed. Risk overview dashboards will display the heatmap by application criticality, risk response task overview, application risk summary, and application risk-mitigating controls status.
The policy exceptions overview tab will be displayed upon policy and compliance plugin activation. The policy exception overview tab provides information on new, approved, rejected, expired, and awaiting approval exceptions. It also shows the expiration and exceptions of the upcoming exceptions that are approved from the request raised.
This will provide information about various compliance and risk-related issues of various business applications. It shows the overall open, critical priority, high priority, accepted, and past issues. It also shows the trends in issues creation, issues closed, remediation task creation, and remediation task closure.
About the Author