Global Investment Bank Migrates to Modern Risk Management Platform with KA2 and ServiceNow


As part of a wider transformation programme, the Bank decided to modernise its risk management system by migrating from its in-house legacy system to the ServiceNow platform, utilising the ServiceNow GRC module and workflow capability.

To support the initial business case, KA2 analysed the ServiceNow platform capability and then led the design, implementation, and testing of the solution. KA2 co-sourced the project team of customer resources, KA2 Solution Consultants and Development Specialists to deliver the project within an aggressive nine-month timeframe

The challenge

The bank sought to complete a complex migration of more than 30 critical processes – with more than 90 business dependencies. Each process and function from the legacy system were reviewed/redesigned by the project team to ensure efficiency and consolidation.

The new Risk Platform was designed to meet key outcomes:

  • Automated risk control review process, including attestation reviews to include validation of data held within the CMDB
  • Transfer of risk process ownership from IT to business and product stakeholders
  • Implement centralised management of risk policy and compliance process with supporting documentation required to meet regulatory and audit obligations
  • Transition to the ServiceNow platform of Operational Impact Assessments, which managed the introduction of new business services, detailing the risk of the service to production and business continuity
  • Capture of data classifications for operational services to support the risk tolerance of individual service types, such as holding personal data etc.
  • Capture and automation of Confidentiality, Integrity & Availability (CIA) metrics, with an automated rating matrix that defined the CIA ratings for all services and providers/vendors
  • Be the central repository for disaster recovery and failover plans for services
  • Transition of the legacy platform BMC Remedy Service Catalogue and Service Request front end to the ServiceNow Service Catalogue to support the new risk processes
  • Automate the management of the Role Base Access Controls process
  • Integration of internal messaging and notification service into ServiceNow risk processes for BCP communication and alerting
  • Implement automated workflows for commissioning/decommissioning IT services and hardware assets that ensured the accuracy of the CMDB to support broader risk and ITIL-based processes. The workflows would also allocate tasks required to undertake the commissioning/ decommissioning to the relevant support teams

The solution

KA2 was initially engaged to implement the Bank’s enterprise platform for ITSM, ITAM, and ITOM. With its deep understanding of the bank’s platform and expertise across ServiceNow GRC, Integration Hub and IT workflows, KA2 could also ensure a highly successful and accelerated ServiceNow deployment to replace the legacy risk system.

The KA2 Smarter Framework agile delivery method enabled the team to plan project sprints, which delivered further enhancements and functionality on the platform. KA2 aimed to take the ServiceNow GRC functionality ‘out the box’ with zero customisation, retain the platform as a single source of data and challenge status quo thinking with the business stakeholders to achieve the best outcomes.

The business requirements were captured in a series of workshops and discovery sessions. The KA2 domain practitioners translated the requirements into a working solution on the ServiceNow platform and the development stories were written in the ITBM module.

The stakeholders were fully involved at each step, with regular ‘playback’ and ‘show and tell’ sessions, together with training delivered to resources involved in operating the new processes.

Each delivery utilised elements of the extensive ServiceNow workflow capability and its architecture including Integrations, Mid Servers, Service Portals, CMDB and its data model.


  • The project successfully moved the bank from a siloed legacy risk platform with heavily manual, analogue processes to a fully digital, automated solution which supported the bank’s cloud-first agenda and strengthened the risk posture
  • The power of the ServiceNow platform, with the supporting CMDB and redesigned data model, enabled the new processes to benefit from enhanced automation, integration into the wider ITIL processes and a much-improved interface and UX for the 5000+ users
  • Integrated the new ServiceNow GRC functionality with other tooling and services to ensure a cohesive, cost-effective, scalable operating model.
  • Consolidated dependencies and processes and provided a single source of data for many associated services.
  • Supported the transfer of the ownership of risk processes to business and product stakeholders.
  • Provided real-time reporting and enhanced dashboarding capability to support audit and risk control points.

Global Investment Bank

“It was important to have an enterprise Risk solution that fully integrated with the wider ServiceNow processes we had adopted already. KA2 delivered great new functionality and automation to the GRC processes and worked collaboratively with us to achieve first-class results. The complex project not only met our stated business outcomes but exceeded them.”

Senior Business Analyst