Introduction

Globally, businesses continue to face challenges and risks associated with dynamic economic and market environments. This promotes a continual assessment of the adequacy and effectiveness of internal control structures that are designed to manage the associated risks. Stakeholders in business also continue to demand more accountability in organizational governance structures whilst ensuring business sustainability. To address the complex external and internal influences, businesses need to ensure a balance between governance, risk management, and compliance.

An integrated organizational approach promotes appropriate risk identification and the collation of information for decision-making at the highest levels, with audit committees demanding insight into business risks and compliance obligations, how these are being managed, and assurance over the key business risks. Viewed at a strategic level, GRC can enable information provision that supports organizational performance and adaptability within increasingly changing markets.

Many organizations continue to face difficulty arising from fragmentation across risk, compliance, and assurance activities that are integral to the GRC environment. A common approach to risk identification and assessment that is driven from a strategic level ensures an effective approach to GRC that is aligned with the organizational strategy.

Training Objectives

• Describe GRC and the internal and external influences that create a need for it
• Review the ServiceNow GRC architecture and key terminology
• Navigate ServiceNow GRC applications and impersonate the various user roles
• Explore how policies, authority documents, and citations fit into ServiceNow’s GRC landscape
• Complete the policy management process to create, review, approve, and publish a policy
• Describe how to build the entities used to assign ownership of controls and risks
• Create a risk framework and risk statements related to an entity type
• Evaluate risk scoring, including qualitative and quantitative
• Gain an introduction to features available with GRC’s Advanced Risk application
• Define controls and indicators and their role in risk and compliance monitoring
•  Leverage indicators and continuous monitoring to automate control monitoring
• Describe methods to manage and respond to issues
• Review the policy exception workflow and request and approve a policy exception
• Describe audit management and its relationships to other GRC functions
• Define and create an audit engagement and tasks
• Explore GRC homepages and dashboards and access corresponding data

Target Audience:

• Implementers, Compliance officers, Risk managers
• GRC professionals, ServiceNow System Administrators

Course content

Module 1: GRC in ServiceNow

• Introduction to GRC
• ServiceNow GRC Architecture
• Users, Groups, and Roles

Module 2: Policy and Compliance Management

• Authority Documents and Citations
• Policies and Control Objectives
• Policy Management Process
• Control Lifecycle

Module 3: Entity Scoping

• Entity Definition and Set-up
• Using Entities to Create Controls

Module 4: Risk Management

• Risk Architecture
• Definition and the process of the Risk Management
• ISO 31000 Process and Principles
• IIA: Definition, Guidance, and Standards
• internal Audit Risk and Engagement 
• Create Risks and their Relationships
• Risk Scoring and Advanced Risk Functionality

Module 5: Process Automation and Monitoring

• Indicators
• Issues Management
• Policy Exception Management

Module 6: Risk Response Plan Development

• Risk response development inputs, tools & techniques
• Risk response strategy guidelines
• Response strategies for threats
• Response planning & network diagramming
• Response analysis
• Alternative responses
• Reserves - contingency & management
• Response planning outputs

Module 7: Risk Response Control

• Risk management plan execution (Step 5)
• Risk response control tools
• Risk response control guidelines
• Risk strategy execution
• Evaluating risk response results (Step 6)
• Risk documentation

Module 8: Audit Management

• Managing Engagements
• Audit Testing

Module 9: Corporate Governance

• What is Corporate Governance?
• Corporate Governance environment
• The relevance of Corporate Governance
• Perspectives on Corporate Governance
• Shareholders vs. Stakeholders
• Voluntary vs. Enforcement
• 1-tier vs. 2-tier boards
• Chairman/CEO duality
• The independent director
• Corporate Governance models
• Structure & practices
• Emerging trends in Corporate Governance
• Principal-Agent theory and applications
• Independence in fact versus appearance

Module 10: Full revision and workshop

• Revision of the modules through workshop
• Certificates.