Use case: Ensure your compliance program effectively supports your business services Behind the curtain that separates the front and back office lies a battalion of systems, processes, and hardware. You9ll also find a variety of monitoring tools4 tools that create a mountain of data about compliance and security violations. These violations include faulty employee termination processes, unauthorized to mission-critical or sensitive data, security incidents, unpatched systems, unapproved hardware and software changes, emergency changes, and many others. Combing through this data manually to uncover and prioritize the most critical business risks is a formidable effort. Without automated processes to ensure compliance, system, process, and hardware owners spend huge amounts of time analyzing data so they can attest that they follow the proper policies. And manual processes create a high risk of errors and issues slipping through the cracks. By using the same integrated, automated ServiceNow risk platform you rely on every day, you can be confident you9re capturing the most critical issues while reclaiming thousands of work hours for high-value projects. You9re able to easily and confidently prove compliance, and you make providing supporting evidence for audits virtually painless. An audit manager at work As an internal auditor, I know from experience that planning is important. Recently, I9ve been working on my audit plan for the year. The business control owners have completed the risk assessments I sent them, and I9ve defined the scope of my audit for this year, including PCI and SOX, our SAP Financial Accounting business service, our Linux servers, and server hardening. These are all defined in my Configuration Management Database (CMDB), so scoping them was easy. I don9t have a very mature CMDB, but I9ve made sure the 20 most critical assets, processes, and systems are represented correctly. Based on the results of my risk assessments, I9ve decided to begin my audit with the SAP Financial Accounting business service. I can see from my dashboard that I have a compliance violation. Continuous Figure 13: Regular monitoring ensures best practices are being followed. 17