Case Study:

Automated IT Controls

The client was unable to report on the effectiveness and adherence to ITSM Processes.

View PDFView VideoRead MoreRead More


Databases certified in 12 weeks
Cohesion into existing team



The client was unable to report on the effectiveness and adherence to ITSM Processes.

The client had no capability to view process performance and adherence from an IT Control perspective. This resulted in an inability to identify/track risks and understand the appropriate ownership and accountability of those risks. There was also a request from the CIO to anticipate, rather than react. to the needs of its regulators.

CSX created IT Controls, KPIs and dashboard views.

There was a need therefore to provide IT Controls for the core ITSM Processes that would provide up to date, consistent and verifiable evidence of process compliance. CSX designed, developed, and successfully released:

•       The appropriate IT Controls for each process

•       Automated/dynamic dashboards (one per process: SD&I, INC, REQ, PRB, CHG, HAM) containing a total of 53 IT Controls (34 fully automated and 19 manually verified and tracked via auto-generated tasks)

•       Performance Analytics was utilised to allow the ability to slice/dice data and present this via the dashboard or export via PDF/Excel for use outside of ServiceNow.

CloudStratex collaborated with the Process Owners, ITSM Governance Team and Reporting Manager.

Through collaborative workshops CSX designed and implemented a set of IT Controls via a dashboard view for each process area. These dashboards contained various IT Controls with differing/filtered views utilising Performance Analytics and ensured that the initial set of 53 controls met the needs of the CIO to ‘get ahead’ of the regulators.

The new IT Controls & dashboards provided the following benefits:

  • Automated Controls – Automation of IT Controls and the ability to provide real-time reporting for auditors is leading-edge practice in IT Service Management, and was until recently, only found in intensely-regulated industries like Pharmaceuticals

  • Achieve ITSM Process Objectives – The Internal controls are designed to provide reasonable assurance regarding the achievement of operational objectives, such as the effectiveness and efficiency of ITSM processes and tooling and compliance with applicable laws and regulations

  • Mitigates Risk & Improves Process Performance – Provides an effective internal control environment that will ensure resources are used for their intended purposes, minimising the risk of misuse. It also allows for greater efficiencies when clear processes and guidelines are outlined

  • Improves Accountability – Owned by the Process Owners who are responsible for continuously monitoring/performing internal controls not just during an audit

  • Stabilizes Internal Operations & Business Functions – ‘C’-level have better control/ visibility of how the client is operating and what processes are being followed

  • Reduces External Audit Fees - with established IT controls external auditor’s scope, time, and fees can be reduced

  • Ease of Reporting – the dashboards and drilldowns allow easier reporting, saving time, effort and costs.

Key Client Information:

The client is a Financial Services company spanning the globe and with turnover in excess of £2,000 million.

Staff Size:

>25,000 staff


- Head office located in London - The Financial Conduct Authority (FCA) regulates this organisation.

Snapshot Of Problem:

Open audit action to provide IT Controls to support the reporting of the effectiveness and adherence to process. The CIO also wanted to be able to ‘get ahead’ of the regulator.

Snapshot Of Solution:

IT Controls dashboards populated utilising Performance Analytics to provide daily updated views of various core ITSM Processes.

No items found.