Property Insurer Streamlines Risk Management With ServiceNow GRC

Against the backdrop of a complex risk landscape, this U.S. property insurer sought a modern digital solution to create value and minimize internal risk in all its forms: compliance, policy, IT, security and vendor.

NTT DATA assessed the organization’s current state, challenges, and ideal future state to help the insurer implement ServiceNow’s Governance, Risk and Compliance (GRC) module, which delivers a risk management framework that automates siloed and labour-intensive workflows into an integrated program on a single IT platform.

young boy leaning on shoulders of father who works at computer

Business Needs

No industry is more familiar with risk than the insurance sector. As this homeowner insurance company can attest, risk must be efficiently and effectively managed.

As the insurance sector expands to offer new products and leverage analytics and big data to quantify risk better, this digital transformation introduces new forms of risk for the insurers themselves. Insurance providers have seen a substantial increase in cyberattacks. Further, insurers face more stringent data protection regulations on information and communication technology (ICT) governance and risk mitigation.

To help navigate these uncertain times, this insurer needed a new solution to help create value and minimize internal risk in all its forms: compliance, policy, IT, security and vendor. However, the insurer’s existing ServiceNow partner lacked the knowledge about GRC to implement the project. ServiceNow recommended that NTT DATA, an experienced ServiceNow Elite Partner, take over the GRC implementation.


80% Reduction in audit costs
  • Provides real-time, continuous risk monitoring
  • Decreases errors and oversights in risks and issues
  • Accelerates incident response
  • Simplifies policy, compliance and audit management
  • Frees up more time for value-added work


Replace manual processes with automation

Manual GRC processes are a source of inefficiency, error and oversight. Critical items can be overlooked, and it may not even be apparent that some risks remain unmanaged. With that in mind, the company sought a governance, risk and compliance solution that would deliver:

  • The ability to embed rules and controls that align with its internal policies, regulations and best practices
  • A single platform to manage policy and compliance management, risk management, issue management and audit management, across the enterprise
  • Real-time monitoring and insight to improve management and support decision-making
  • Simplified reporting to meet internal and compliance requirements
  • Automated risk and issue scoring to better manage and mitigate risk and optimize escalations

This insurer’s ServiceNow GRC implementation replaces inefficient and error-prone manual processes with automation, which is particularly significant for an organization of over 12,000 employees.

Furthermore, automating the GRC processes has minimized the risk of human bias during a vulnerability response. NTT DATA helped the company configure the ServiceNow GRC module to reflect the insurer’s internal policies, regulatory requirements and controls and define risk levels and the appropriate escalation sequences.

Automations in ServiceNow GRC alert the insurer to vulnerabilities, with those alerts escalating depending on risk level or time—variables over which the company has complete control. After the successful configuration, these automations ensure a more accurate issue prioritization and accelerated escalation and response.

Real-time risk identification and management

Beyond effectively responding to GRC issues when they arise, ServiceNow GRC enables the insurer to identify potential risks and assess their impacts based on enterprise-wide data. Together, the insurer and NTT DATA designed a framework to identify and prioritize remediation actions based on a qualitative rating system that is either low, medium or high.

Further, with artificial intelligence-powered user experiences and simplified dashboards and reports, the organization can now continuously monitor activities in real time and communicate effectively with the board, C-Level or external auditors.

Simplified compliance reduces audit costs

As a not-for-profit insurer, this organization faces a high regulatory and compliance burden with the need to frequently report on operations and meet the requirements of an oversight panel. In addition, the company must meet the general compliance obligations of the financial services industry. Two solution components of ServiceNow GRC make a massive difference in reducing compliance burdens: Policy and Compliance Management and Audit Management.

  • Policy and Compliance Management - Reduces the insurer’s manual effort and cost through automated compliance testing, continuous monitoring for violations and resolving issues before they become audit findings.
  • Audit Management - Improves preparation for audits, automates evidence collection, improves evidence requests, and leverages artificial intelligence to assign, group and suggest remediation for issues.

ServiceNow GRC also significantly improves reporting times. More efficient and responsive reporting, combined with the Policy and Compliance Management and Audit Management components, has substantially reduced the insurer’s audit costs.

The future is bright

Working with NTT DATA, the insurer implemented ServiceNow GRC successfully and integrated it with its overall ServiceNow platform. Looking to the future, the company plans to expand its ServiceNow platform to better support its hybrid workplace with modern digital experiences in support of continued digital transformation.

About This Case Study

A U.S. property insurer deployed ServiceNow GRC to streamline its risk management and compliance processes. The implementation led to a reduction in audit costs, real-time risk monitoring and improved incident response.




United States

More Case Studies