Transcript
GenAI with KPMG and ServiceNow
Does your organization use ServiceNow? If so, you already benefit from AI.
ServiceNow infuses AI capabilities across the platform.
Now it’s time for Gen AI. Put next-level intelligence into action in ways that can benefit your company, employees and customers most. This is where the KPMG team makes the difference.
Let’s evaluate and streamline your most impactful processes to determine where Gen AI can bring the most value. Then analyze your data. Use Gen AI in responsible ways.
ServiceNow takes it from there…
…so you can empower users with better search results and supercharge productivity. Deliver better self-service with a virtual agent. Identify issues and discover trends to improve.
Companies that use ServiceNow can already do these things – and KPMG can help you achieve more.
Work smarter. Make better decisions faster.
Reimagine how your business runs.
ServiceNow Creator Workflow Partner of the Year 2024
At KPMG, our ServiceNow practice team build apps – fast – and modernize legacy apps too, all on the ServiceNow low code platform. That’s why ServiceNow named KPMG Americas Creator Workflows Partner of the Year 2024! We get creative with Creator Workflows to solve our clients’ unique challenges in every industry and enterprise function. Propel innovation at the speed of low code with KPMG and the ServiceNow platform.
KPMG Partners’ Perspectives on The Impact of AI and New Challenges in GRC
INTRO Angie Legget
:05 Angie Leggett:
Hi, I'm Angie Leggett. I'm a managing director. I've been at KPMG for now, 15 years. And as part of kind of the last eight years or so, I've been supporting many of our, GRC transformations, including ServiceNow, IRM.
:20 Angie Leggett
I was actually the first architect at the firm and implemented our first ServiceNow IRM implementation. It was eight years ago. It was on Helsinki. And we've been supporting ServiceNow IRM transformations ever since. I support many of our cyber transformations at the firm. As an alliance, we've been supporting , ServiceNow as an alliance partner since 2011.
TECH Q1: What challenges in technology and cyber risk are your customers sharing with you?
:46 Leggett
In a world where security incidents are ever looming, I think really understanding and focusing on the strategy of your cyber organization, building in a program, that really looks holistically at risk and understands the the threats that are, within your organization ties in, products within the ServiceNow, architecture, like ServiceNow, incident management, vulnerability response and really tying those to the IRM, module, really understanding and mapping your controls using the compliance module, be able to map risk to security incidents within the ops module, and really build an integrated solution that's going to help them be able to monitor risk and ultimately be able to, provide that data to the CSO organization in a one central, centralized place.
TECH Q3: How are you equipped to succeed in managing Tech/Cyber risk on the ServiceNow Platform with Security Operations solutions?
1:40 Angie Leggett
We have, a proven framework. We actually call it a our powered framework where we have a strategy framework architecture. We have accelerators that come with that delivery model, which include, process flows and update sets in order to jumpstart your implementation. So we help our clients really build out that framework, strategy roadmap and ultimately implement a solution, in an accelerated manner using our powered solution.
2:12 Angie Leggett - redo answer
KPMG has a proven methodology and framework. We call it our powered solution, which enables our clients to jump start their delivery. This includes accelerators like, process flows, update sets, really a target operating model in order to, to deliver. And this allows, again, a jumpstarted transformation. So we at KPMG are able to move faster, deliver quicker, and provide a proven solution .
AI Q1: What AI Governance challenges are your customers experiencing with GenAi / Agentic AI across their organizations?
2:41 Angie Leggett
Something that we're seeing, and many of our clients asking about is around AI and governance of AI and, and the risks surrounding AI assets. We've invested very heavily in a solution that actually partners with what ServiceNow is offering from an AI solution perspective. I think it's called AI governance. But our solution is trusted AI, and that allows and builds out a framework and a strategy for, supporting those assets and defining controls and a framework around, how to manage and monitor all of the AI assets within an organization.
TECH Q5: What are common pitfalls customers make in addressing their Tech/Cyber risk programs?
3:19 Angie Leggett
I think many of our customers are, trying to do too much, too fast. And sometimes it's important to take a look at short term wins and really understand what is going to help them kind of accomplish that. Those goals, both from a short term and long term perspective. And so at KPMG, we help our clients really build out that strategy and roadmap to understand how do we have some quick wins with also achieving that long term goal.
INTRO :05
My name is Melinda Mothander, and I work for KPMG. I've been with the company for about 15 years, and I am a managing director, and I help organizations digitize their risk and compliance programs. Very excited about our partnership with ServiceNow. That is longstanding and really find it beneficial for our organizations to team together to bring them the best . What technology can help solve their business use cases?
It's been a really fun journey recently because as KPMG has been changing their structure a bit internally, ServiceNow has also combined the risk and cyber areas of their business, similar to what KPMG did as well.So the way that we're able to collaborate and team together to really bring a lot of new, innovative solutions to our clients has been something that we're really excited about and looking forward to helping a lot of clients move forward with that.
TECH Q7: What Case Studies or success stories can you share with the audience?
1:04 Melinda Mothander
I've had the pleasure of leading, two large risk transformations for, one in the TMT sector and one in the lif e sciences sector. And I'll start with the TMT sector first. And it was about a 24 month journey, and we were able to successfully get over 25, plus stakeholder groups on the ServiceNow platform, all utilizing common taxonomies, utilizing common workflows, and really streamlining the reporting across the enterprise.
1:36 Melinda Mothander
We were able to really show the stakeholders within the organization the value of bringing all of the different risk functions together so that initial group that we went in with was more of the enterprise function. But after they saw the success thatwe were having, the cyber group wanted to join in and they were part of the collective stakeholder group that we ended up, being very successful and showing how all of the different risk functions, come together. And really that value to that organization.
2:08 Melinda Mothander
And the other one that I wanted to share a little bit of really started more from, risk transformation from a process side.
So this organization was traditionally operating in a lot of, risk silos, doing a wonderful job managing their risk within the silos, but really needed to take a step back and think about how they could think about their risk on a more horizontal plane. And, we had a KPMG team out there helping them from a process perspective. And then when it came time, they pulled me in from a technology perspective and really helped to think about the different opportunities that were in front of them and how they could think about automating. A lot of the business process improvements that we had, help them with.
TECH Q4: How important was organizational culture for these organizations in enabling their risk transformations?
2:54 Melinda Mothander
Change management is probably the key to any successful, technology implementation. I was once told that you could implement any technology to meet every single business requirement, but if you didn't take the right amount of time and effort to make sure that you were bringing the users along the journey and focusing on that user adoption, you might as well have not even spent the money to implement the tool, because no one's going to use it. So it's always at the forefront of how we think through helping our organizations, making sure that the change that we're bringing from a process side that ultimately is enabled in the tool is also being in accepted into those stakeholders day to day business so that they understand how the changes are going to impact what they're doing. And ultimately, how the tool is going to support the ways that they're going to change, their business processes.
TECH Q3: How are you equipped to succeed in managing Tech/Cyber risk on the ServiceNow Platform with Security Operations solutions?
3:50 Melinda Mothander
From a KPMG perspective, how we help organizations through their risk transformations. And one of the key success factors is making sure that we're thinking about it from a business perspective first. Yes, a tool is there to enable it, but it's more important to make sure that it's a business led transformation that is enabled by a technology first.
INTRO on Business Disruptions:
:05 Nickolas Schweitzer
If there's anything that we've learned over the last five years, it's that business disruption is constant. It's not a question of if, it's a question of when and how. And I think organizations are looking to understand how can they become more proactive in terms of how they monitor or prepare and anticipate those business disruptions, as opposed to being more reactive? And I think that's where organizations are looking to elevate and mature what might be their legacy business continuity programs to be more operational, resilient programs where they are going from that reactive posture towards a proactive posture.
:38 Nickolas Schweitzer
And in order to achieve that, it's really how do they connect the dots across their other areas of the organization? We think about risk third party cyber and resilience, because that's really how you can start to get some of that direct connectivity and insights, both from an internal organization standpoint. But also how do you start to incorporate some external signals and external monitoring so that you can really start to have a sense of even some of the more macro trends that may be driving towards potential risks and operational events that you can get ahead of.
TECH Q2: How should customers address Tech/Cyber risk challenges?
1:10 Nickolas Schweitzer
When we think about these types of transformations and whether you're talking about operational resilience, cyber risk, compliance, they all come together in terms of how KPMG thinks about risk transformation. And that spans more than just technology itself, right?
As we've been talking about with a lot of our clients, it is an exercise of people process data and technology. So it's really an exercise of thinking about culturally, how to bring together the various components and the functional areas of our organization to have a common vision and a North Star goal in terms of where we're looking to go with our broader transformation efforts, and the role of technology is increasingly becoming more important.
1:49 Nickolas Schweitzer
I'd say historically, there was a notion of solve for your process, your methodology first, and then think about the role of technology as enabler anymore. Technology itself is the accelerator to really drive towards this transformation. So you really need to think about how they all are operating kind of coherently together. And where technology has a role to maybe even leapfrog your, acceleration towards maturity.
TECH Q3: How are you equipped to succeed in managing Tech/Cyber risk on the ServiceNow Platform with Security Operations solutions?
2:17 Nickolas Schweitzer
As we approach these transformations from a KPMG lens, we are business lead in our transformation. So it's not just the technology perspective. So understanding the needs of the business and where they're heading. And then how to incorporate the technology components to help enable that is how we really drive these efforts. And when we think about the various accelerators that we bring to the table, you know, we have our powered solution and that powered solution spans both powered risk powered cyber and powered resilience.
So those that's where we bring together the what good looks like perspective from each of those individual domains. But then how do you start to connect the dots horizontally so that you can start to drive the synergies, interconnectivity? Because in reality, I think one of the things that our clients are increasingly recognizing is that risks don't occur in discrete instances.
3:03 Nickolas Schweitzer
They are an interconnected network of risks. So when you think about operational resilience, as an example, if you have an operational event, whether it be at a facility or with a third party, you know, the question that clients are asking is like, if I squeeze this third party like pops, that something happens here, what's the downstream impact? Or even the upstream impacts to either our processes, our products, our customers that they need to be aware of.
And that's where I think this interconnectivity concept of risk is really gaining traction in terms of how to drive your risk transformation forward.
TECH Q4: How important was organizational culture for these organizations in enabling their risk transformations?
3:36 Nickolas Schweitzer
There are, I'd say, some unique circumstances that we're seeing across various sectors and then the trees. But then I think some common underlying denominators. I'd say oftentimes regulatory compliance and the expectations and the scrutiny of regulators is driving a lot of transformation needs. But at the same time, I would describe that as almost table stakes.
3:56 Nickolas Schweitzer
common denominator that we're seeing is that, you know, being a business led transformation is an opportunity to align the risk, compliance, cyber functions with the business strategy. So you become more of a partner to the business in terms of driving operational goals and objectives, while at the same time addressing regulator, regulator expectations, those requirements. And that really positions these functional areas to be more of a driver of value, and business value, where you're ultimately gaining more trust amongst your stakeholders, both internal and external, your regulators, one of those stakeholders who are driving and expecting more trust across the organization.
4:35 Nickolas Schweitzer
But as you're driving the transformation efforts, it's an opportunity to gain more trust with your business partners. As you think across the three lines of offense your customers, the board, and your shareholders as well.
OR Q8: What is the typical engagement process for the maturity journey of these companies?
4:48 Nickolas Schweitzer
No journey is the same, right? It's individual to each organization. And our approach starts with meeting you where you are, you know, where what is your current level maturity and what's your focus? What's your target? Because when we think about risk management maturity, getting to the most advanced or integrated state is not always the target for every organization. So understanding where you're looking to go versus where you are today is where we sort of set out that specific roadmap for your organization.
5:15 Nickolas Schweitzer
That is going to be a multifaceted approach, right. It's going to start with people first. What is the cultural alignment and what is necessary to drive that alignment in order to gain the understanding, the commitment and the in in terms of where you're looking to go and then starting to understand from a process, methodology, data and technology perspective, where are you currently, where the gaps and then what does that roadmap look like in order to get you to where your target state is?
AI Q4: What AI ROIs do you share to set expectations for your cutomers?
5:42 Nickolas Schweitzer
I think AI's unique, in some circumstances, but I think similar to a lot of other ways we think about risk transformation and the benefit in the ROI. Yes, there are ways you can quantify ROI on these journeys, but a lot of it is qualitative in nature. And then especially want to think about AI itself. You know, AI is both an opportunity and a risk. So in order to help organizations fully realize the opportunity of AI and adopting and applying AI, jet AI in terms of their organizational operations.
6:10 Nickolas Schweitzer
They also need to think about the risk component of that. How do they apply that in a responsible manner, in an ethical manner, and in a efficient manner, so that they can truly accelerate the path towards adopting that to drive more business value across the organization?
AI Q1: What AI Governance challenges are your customers experiencing with GenAi / Agentic AI across their organizations?
6:28 Nickolas Schweitzer
I think it's just trying to understand the direction that regulators are going and the various frameworks and regulatory bodies in terms of whether there's going to be a common set of expectations and regulatory requirements, or is it going to be varied across jurisdiction or Geo?
6:43 Nickolas Schweitzer
I would say that demonstrating that you've got a framework in place and a direction you're going from an AI governance perspective is a good demonstration to the regulators that you're taking it seriously. You have a plan in place and you can actually start to be more proactive in terms of how you're looking to, you know, look at both the risk component of AI, but also drive towards that opportunity component as opposed to just waiting to understand what those expectations are from a regulatory perspective.
AI Q7: What are earlier implementors of Gen AI gaining on other customers not yet in AI?
7:13 Nickolas Schweitzer
Well, you know, again, as we think about AI and the application of AI, it is both an opportunity and a risk. So the more you embrace and address the risk component of AI enables you to move forward on applying those concepts with more confidence so you can start to gain more competitive advantage in terms of what these solutions and technologies can help drive in terms of your organizational growth, your strategy, and your overall objectives.
AI Q5: How do you see ServiceNow fitting into a holistic AI governance program?
7:41 Nickolas Schweitzer
I think that the power of the platform spans, not just AI considerations, but to think about risk transformation journeys, as we talked about operational resilience, cyber risk, third party, how you bring those aspects together on the platform is an organic approach to how you can best integrate horizontally, like organizations looking to do across their programs.
8:01 Nickolas Schweitzer
So you've got that data at your fingertips that can drive more real time insights, reporting and information that will drive business decisions. With data that can be trusted. And you know, is relevant to, you know, where you are currently in your journey.
TECH Q4: How important was organizational culture for these organizations in enabling their risk transformations?
8:19 Nickolas Schweitzer
You know, it's an interesting discussion we're having across a lot of our clients today. I'd say that there are numerous drivers towards why organizations are embracing the need to, you know, pursue over this transformation journey. Cost and efficiency is an obvious one that gets the attention of a lot of organizations today. And whether that's just efficiency across their risk management programs in terms of how to do things better, faster,
8:41 Nickolas Schweitzer
How organizations have gotten to where they are today is not going to be how they're going to get to the future where they're looking to go. We see a lot of organizations that have fragmented technology stocks that are overburdened with cost and support programs that see an opportunity to consolidate onto a common platform, such as ServiceNow, to drive more direct cost savings from a tech perspective. But then also, understand and appreciate some of the more indirect savings you can get through enhanced capabilities such as automation, continuous control, monitoring.
9:09 Nickolas Schweitzer
So that's really driving a lot of conversations today. But even beyond just cost savings, there's obviously the regulatory compliance component where you have to understand where our regulators today, where are they going? How do you become more proactive in terms of your risk management program and how technology can play a role there?
9:25 Nickolas Schweitzer
I think even more recently, organizations are starting to shift from more of the conservative cost savings component to a more pro active component of how do we think about how risk management, transformation and technology can help drive our organizational growth, our strategy, you know, whether you're growing organically or in inorganically, you got to do and you got to do so in a responsible manner. And that's where risk management can really be more of a partner to the business to drive that organizational
