Healthcare Enterprise Transforms Governance, Risk, and Compliance

As one of the largest healthcare service providers, this organization provides non-emergency medical transportation (NEMT), meal delivery, remote patient monitoring, and personal and home care to patients. With such a large patient population and staff, the organization needed to update its risk management processes and workflows to be more efficient and ensure compliance. Relying on manual communication methods like spreadsheets and emails made controlling risk challenging and caused productivity to suffer.

To better manage risk and resilience, the organization turned to ServiceNow’s Governance, Risk, and Compliance (GRC) suite. The company relied on Thirdera’s team of ServiceNow experts with in-depth knowledge of integrated risk management (IRM) to implement these solutions and develop an effective rollout strategy. With ServiceNow’s capabilities and Thirdera’s guidance, the company has strengthened compliance, improved auditing efficiency, and more confidently mitigated risk.

Key Challenges

	The company’s policy, risk, compliance, and audit teams relied on manual communication methods, leading to inefficient and frustrating workflows.
	Operating in silos with outdated workflows, sharing critical risk and compliance information across teams was challenging.
	Tracking compliance was a cumbersome process. It was difficult to get timely, accurate information, leading to missed goals and targets.
	Without a dedicated control library and control ownership, it was difficult to enforce accountability across teams.

Operating in the healthcare space, this company handles sensitive patient information and records that must be protected under strict regulations. However, the manual processes the teams relied on made risk management and compliance a challenge. The company’s policy, risk, compliance, and audit teams primarily relied on spreadsheets and emails for organization and communication. The spreadsheets were difficult to share and emails often went missing. These manual methods made it difficult to get timely information and led to missed critical targets.
 
The organization also lacked a dedicated control library, inhibiting productivity and leaving them more vulnerable to risk. A control library is a critical tool for achieving and streamlining compliance. It ensures that interlocking activities are in place to support objectives, enhance operational effectiveness, and ensure compliance with policies, laws, and regulations. Adequate internal controls ultimately decrease the risk of waste, abuse, and fraud. Additionally, the organization did not have the ability to put control activities in place, resulting in a lack of ownership and accountability across teams.

Our Solution

The organization’s leadership team was determined to change its ineffective risk, auditing, and compliance processes through increased automation. They initially approached Thirdera through a partner to install shelfware for them. After getting to know Thirdera’s Security and Risk team during the presales process, however, they were impressed with the team’s thorough knowledge of integrated risk management (IRM). They were confident Thirdera had the skills and expertise to tackle this problem.
 
With help from Thirdera, the organization implemented three solutions within ServiceNow’s GRC suite: Policy and Compliance Management, Risk Management, and Audit Management. In addition, Thirdera helped the company build a dedicated control library with over 1800 control objectives available for use. 
 
The Thirdera team created a centralized risk register and established over 200 statements to track across the business. This register enables teams to see at a glance what risks they face, which are the most threatening, how to deal with them, whether some risks should be accepted, and the mitigation plan. 

The Result

With the ServiceNow solutions implemented by Thirdera, the four teams now collaborate using a single platform. The role-based dashboard allows accelerated reporting at every level and gives real-time insights critical for decision-making and risk management. With their new solutions, the teams are monitoring over 400 active risks to keep member information safe. All of the organization’s policies, procedures, standards, and exceptions are managed annually in ServiceNow. It has over 113 applications in scope for quarterly reviews with 100% compliance for on-time submissions.

Team members can stay on top of risks with increased access to the information required to do their jobs. Establishing 600 governance documents in ServiceNow’s approval system, the organization has been able to streamline their processes on one unified platform. With enhanced collaboration, they can easily link controls to policies, connect risks to controls, and build an integrated risk environment. 
 
Improved visualization and communication also enable the teams to establish clear ownership across each business area. They can better align their resilience initiatives to manage disruption with a unified recovery and risk program on one platform. Continuous monitoring enables them to proactively manage risks—instead of scrambling to react. This makes them more efficient than ever: the team only increased their headcount from three to five, but manages 932 more controls—a 550% increase. 
 
While audits were once a struggle for the organization, the ServiceNow solutions implemented by Thirdera made them easy. With continuous compliance monitoring, auditors can stay ahead of issues and eradicate recurring findings. Automated evidence collection and smart issue management also reduce the manual effort of audits and dramatically improve productivity. Plus, automated attestation and control management processes enable them to maintain compliance while improving productivity.
 
With the combined strength of Thirdera and ServiceNow, the company has been able to embed risk-informed decisions in daily work, enhance collaboration, and continuously monitor risk to build a resilient, compliant enterprise.

About Thirdera

As the largest global pure-play ServiceNow partner, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.

Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.