IRM Integrated Risk Management is the primary package of the ServiceNow GRC Governance, Risk & Compliance product family.
IRM includes and covers aspects of:
– GRC: Policy and Compliance;
– GRC: Regulatory Change Management;
– GRC: Risk Management & Advanced Risk;
– GRC: Advanced Audit.
For Compliance it basically covers all the flow from:
– describing (or importing) some external standards & regulations company wants/needs to comply with (e.g. SOX, GDPR, etc);
– then splitting that standard into specific requirements, called Citations;
– then creating company Policies & Control objectives, covering company needs as well as external legislations & regulations.
– Once Control Objectives are established, they can be applied to different elements (e.g. Business Services, IT elements like Servers, Organisational structure elements), hence Controls are established.
– Controls then can be regularly tested, proving organization-wide posture on the Compliance.
The same goes for Risk management – from Project to organization-wide Risk management flows.
All this information comes as inputs for internal & external Audit management & Reporting.
The functionality of the product is quite powerful, but, like with anything in ServiceNow, it can be further customized and automated.
Marius Jan of FocusNow has just completed the ServiceNow GRC: IRM Integrated Risk Management course package. 🚀 Many times, while providing professional services for corporates, Marius had to comply with various standards & regulations and participated in many corporate audits. We are now eager to apply newly gained knowledge in providing a good tool to everyone participating in the process and making sure their company is in a good posture in both Compliance and Enterprise Risk management.
Should you need any help with ServiceNow, let us know!