Seven Questions for Kris Markham on Disrupting Risk Management
Last month ServiceNow acquired Intréis, a team of experts focused on integrating governance, risk and compliance (GRC) and service management across the enterprise. We caught up with Kris Markham, the co-founder and CEO of Intréis, to get his insight into the market trends around GRC and why his company is joining ServiceNow.
Q. In your experience, what areas pose the greatest risks to an organization?
Two areas loom large for companies: failing an audit and suffering a security breach. If a company fails an audit, it can incur fines and its executives might face criminal prosecution. As we’ve seen in the news, a major security breach can set off an outage or compromise data, triggering customer loss, potentially damaging a brand image.
Q. What are the drivers of GRC for a business?
GRC is all about improving governance, creating better more cost effective ways to manage compliance, and understanding the impacts risk can have on the business.
Q. How do most companies address GRC? How does ServiceNow improve this?
For many companies, GRC is thought of as a necessary evil, something that slows the business down and adds little value. ServiceNow is in a unique position to help its customers leverage GRC in an integrated way, and create a strategic advantage. A real world example of this is in the way an organization implements their Access Request process and controls using the ServiceNow Service Catalog. By thinking about the process through a compliance lens, we can embed controls into the workflow so that the daily operation of that process is producing the evidence required for control testing and audit. This is one of the many examples of how controls help increase the performance of a process in ServiceNow.
Q. Intréis had more than 60 mutual customers with ServiceNow and was conquering its niche. What was your motivation to join ServiceNow?
Our companies share a strong belief in the power of leveraging the ServiceNow platform to disrupt traditional thinking around GRC with an integrated approach.
Q. How do you define integrated GRC?
ServiceNow’s definition of integrated GRC is a little different than most. Because ServiceNow is capable of automating both IT and business processes and enabling a robust GRC capability, we can literally embed risk and compliance activities into the way organizations run their business.
Q. How did Intréis work with ServiceNow on its Unified Compliance Framework (UCF)?
The UCF is an industry vetted compliance database made up of more than 800 laws and standards from around the world. Intréis worked with ServiceNow to integrate the UCF into its Fuji release. UCF helps organizations cross-map across multiple authoritative sources in order to get to a much smaller simplified set of controls. This boils down to a “test once, comply many” approach to control testing and audit, saving organizations a significant amount of time and money.
Q. Looking ahead, how will companies get value from GRC based on the ServiceNow platform?
ServiceNow GRC transforms the GRC process from one of a necessary evil to value add.
By integrating and automating compliance testing and auditing processes into existing service management processes, companies can improve visibility into their risk profile, better mitigate those risks and drive more effective risk-based decision making. That ultimately will drive higher levels of customer confidence and provide those companies with a competitive advantage.
Follow Markham on Twitter @kmarkham19.