Nexen Energy speeds and strengthens its external audits with ServiceNow GRC

Automating the end-to-end audit process

Nexen looks for a more streamlined, efficient, and transparent audit process
As a major oil and gas company, NexenEnergy operates in a heavily regulated industry. That makes governance, risk, and compliance (GRC) a top priority. The company has to have strong business controls in place and needs to respond to multiple external audits every year.

However, Nexen was struggling with audits. According to Renato Cunha, IT GRC Analyst at Nexen, “We were caught between our external auditors and our internal business stakeholders. Our GRC team would receive hundreds of requests from auditors and assign them manually to control owners. We spent huge amounts of time in follow-up meetings, chasing down requests, and updating auditors with evidence. The whole process was incredibly time-consuming and inefficient. And, because we tracked everything manually, we didn’t have real-time, end-to-end visibility of our audit status.”

Nexen automates its end-to-end audit processes with ServiceNow GRC
Nexen decided its audit processes needed to be automated. The company already used ServiceNow^® GRC Risk Management, so it made sense to use GRC Audit Management as well, leveraging a seamlessly unified solution built on the Now Platform^®.

Now, external auditors simply enter requests into ServiceNow using an audit request form, and ServiceNow automatically routes these to the right control owners. Control owners respond with evidence, which is also maintained in ServiceNow. Auditors have complete visibility, tracking the status of requests and receiving responses directly in ServiceNow. This frees up Nexen’s GRC team to manage SLAs, handle exceptions, and enhance controls and processes.

Nexen’s GRC team sees results in 60% reduced email conversations due to process automation
The results have been impressive. Renato says, “With ServiceNow GRC, we now have an external audit process that is sustainable, agile, and transparent. We’ve reduced email conversations by 60% and our deficiencies have gone down by 50%. We’ve even been able to handle two major ‘Big Four’ audits at the same time.”

The ability to track history and store evidence has also been invaluable. Renato gives an example. “One cold winter’s day, the IT GRC team received an urgent message from senior management about a deficiency. Using ServiceNow, the team reported back with the full audit request history, showing that IT had provided all of the requested information and nothing was outstanding. And they responded in less than 30 minutes. Before, this would have taken several hours.”

Nexen plans to expand its use of ServiceNow GRC into areas such as compliance
Next up, Nexen plans to enhance its control monitoring processes, as well as its risk and compliance dependency maps. Renato says, “With ServiceNow GRC, we’ve dramatically strengthened our control posture while reducing effort. We’ve already made huge strides in how we manage risk and respond to audits. Looking forward, we are building on this momentum, ensuring that responsible, transparent management remains at the heart of Nexen’s business.”