CaseWare IDEA vs. ServiceNow Governance, Risk, and Compliance

One example of specific scenario in [CaseWare] IDEA is the ability to run samples separately and then based off of the results, compare and contrast the values recorded and easily discern if there are any variables or discrepancies within the data itself. Also, we can test journal entries with certain parameters to check the audit for any issues that may arise pertaining to the criteria. By testing, we are able to make sure the data is accurate and sufficient.

Incentivized

Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.

Incentivized

• Easy to understand and easy to use.
• Can use on large quantities of data and quickly analyze them.
• Uses logic that can be followed if one is an auditor. I, for example, could understand the logic in a number of samples, i.e how the number of samples thrown changes when risk changes from low to moderate in proportion taking in consideration the materiality.
• Other audit firms are using 2 software for the process that IDEA alone can do. So IDEA has a definite advantage here.
• Customizable by the company.

• Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
• Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
• Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one

Incentivized

• Bit of a learning curve for the advanced features as a beginner.

Incentivized

• Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
• Easier way to implement workflow.
• Offering better metrics without buying add-on tools.

Incentivized

I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.

Incentivized

I would rate it a 9 because I never really needed support on this but if I did, there was the necessary support given promptly.

It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.

Incentivized

I have used Microstart and would definitely vote for IDEA because IDEA combines what Microstart does with the help of one/more softwares. Where Microstart just gives a number of samples, IDEA selects the number of samples based on materiality, risk, and other factors. It selects those samples from the population leaving out line items that are invalid/ zero. I would prefer using IDEA any day.

We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.

Incentivized

• We were able to save time by over 200 billable hours over our last busy season cycle
• We saved roughly 12% on costs compared to the last program we used.

Incentivized

• Effective Enterprise Risk Management
• Holistic Real-time Monitoring of your technology and Risk
• Negative - Asset Management has some issues and Ghost / Shadow IT is big issue