The client was unable to report on the effectiveness and adherence to ITSM Processes.
The client had no capability to view process performance and adherence from an IT Control perspective. This resulted in an inability to identify/track risks and understand the appropriate ownership and accountability of those risks. There was also a request from the CIO to anticipate, rather than react. to the needs of its regulators.
CSX created IT Controls, KPIs and dashboard views.
There was a need therefore to provide IT Controls for the core ITSM Processes that would provide up to date, consistent and verifiable evidence of process compliance. CSX designed, developed, and successfully released:
• The appropriate IT Controls for each process
• Automated/dynamic dashboards (one per process: SD&I, INC, REQ, PRB, CHG, HAM) containing a total of 53 IT Controls (34 fully automated and 19 manually verified and tracked via auto-generated tasks)
• Performance Analytics was utilised to allow the ability to slice/dice data and present this via the dashboard or export via PDF/Excel for use outside of ServiceNow.
CloudStratex collaborated with the Process Owners, ITSM Governance Team and Reporting Manager.
Through collaborative workshops CSX designed and implemented a set of IT Controls via a dashboard view for each process area. These dashboards contained various IT Controls with differing/filtered views utilising Performance Analytics and ensured that the initial set of 53 controls met the needs of the CIO to ‘get ahead’ of the regulators.
The new IT Controls & dashboards provided the following benefits:
- Automated Controls – Automation of IT Controls and the ability to provide real-time reporting for auditors is leading-edge practice in IT Service Management, and was until recently, only found in intensely-regulated industries like Pharmaceuticals
- Achieve ITSM Process Objectives – The Internal controls are designed to provide reasonable assurance regarding the achievement of operational objectives, such as the effectiveness and efficiency of ITSM processes and tooling and compliance with applicable laws and regulations
- Mitigates Risk & Improves Process Performance – Provides an effective internal control environment that will ensure resources are used for their intended purposes, minimising the risk of misuse. It also allows for greater efficiencies when clear processes and guidelines are outlined
- Improves Accountability – Owned by the Process Owners who are responsible for continuously monitoring/performing internal controls not just during an audit
- Stabilizes Internal Operations & Business Functions – ‘C’-level have better control/ visibility of how the client is operating and what processes are being followed
- Reduces External Audit Fees - with established IT controls external auditor’s scope, time, and fees can be reduced
- Ease of Reporting – the dashboards and drilldowns allow easier reporting, saving time, effort and costs.