skip to content
Sheikh's Sphere Logo Abdul Hadi Sheikh
← All projects

Case Study · ServiceNow SPM · May 2026

How do you give a CEO visibility over $1.55 million of strategic investment she currently can't see at all?

This is the story of building a complete Strategic Portfolio Management implementation on ServiceNow — from blank PDI to executive dashboard — for a fictional company called Acme Corporation.

Platform · ServiceNow Australia Release Instance · dev375412.service-now.com Implementer · Abdul Hadi Sheikh, CSA · CIS-SPM Status · Complete

Act I — The Problem

Acme Corporation is a mid-sized IT services company. 500 employees. Three major initiatives running simultaneously. A cybersecurity expansion. A cloud migration. A new ServiceNow consulting practice.

Combined budget: $1,550,000. Combined visibility for the CEO: zero.

No single view of active projects. Resources double-booked across teams. A board requesting a quarterly roadmap that nobody could produce. Demand arriving from every direction with no process to separate strategic priorities from noise.

Most organizations don't fail at execution because their people are incompetent. They fail because strategy and execution live in different systems — or no system at all.

Cybersecurity Expansion
$500,000
Cloud Infrastructure Migration
$750,000
ServiceNow Consulting Practice
$300,000
Total Portfolio
$1,550,000

Act II — The Architecture

Before any demand was entered or any project created, the organizational foundation had to exist. In ServiceNow SPM this means thinking in layers — and getting the layers right before anything else.

1
Organizational layer. Acme Corporation as the primary Business Unit. Five departments. Five cost centers. Everything financial rolls up here.
2
Access Control layer. Nine role-based groups. Zero direct role assignments. User → Group → Role — the only sustainable approach as a team grows.
3
Strategic layer. Three enterprise goals. One portfolio as the executive container. Three programs, each owned by a named manager, each linked to a goal.
4
Governance layer. Standardized demand intake. Scoring on Impact, Risk, and Strategic Priority. No project starts without a business case.
5
Execution layer. Projects created only from approved demands — never manually. Every project linked to program, portfolio, goal, and cost center.
Acme Corporation
└── Acme Strategic Portfolio 2026
├── Cybersecurity Expansion · $500K · Sarah Ahmed
├── Security Assessment & Gap Analysis
├── Endpoint Protection Implementation
└── SOC Setup and Monitoring
├── Cloud Infrastructure Migration · $750K · Ali Hassan
├── Cloud Readiness Assessment
├── Infrastructure Migration Phase 1
└── Testing and Go-Live
└── ServiceNow Consulting Practice · $300K · Maria Khan
├── Practice Setup and Hiring
├── First Client Acquisition
└── Delivery Framework Development

Act III — The Governance Test

The first test of any portfolio management system is not whether it can track projects. It is whether it can prevent the wrong projects from starting.

Before a single resource was allocated, the Zero Trust Security initiative went through a structured evaluation process that most organizations skip entirely. The result was a defensible, financially justified, strategically aligned project — not just a good idea from a senior manager.

DMND0001101 → PRJ0010001

Zero Trust Security Implementation

Approved

Capital Expenditure

$500,000

Operating Expenditure

$250,000

Total Planned Cost

$750,000

Financial Benefit

$1,500,000

ROI

100%

Assessment Score

65–70

Assessment scores

Business Value
8/10
Strategic Priority
9/10
Risk (lower is better)
2/10
Draft Submitted Screening Qualified Approved → PRJ0010001

Five stages. Each one a gate. The project exists because the business case earned it.

Act IV — The Execution

PRJ0010001 was generated automatically from the approved demand. Not created manually. That distinction matters — it means the financial case, the strategic linkage, and the program ownership all carried forward without anyone having to remember to fill in a field.

Weeks 1–2
Security Assessment. Security audit, gap analysis. Dependencies enforced — nothing starts before its predecessor completes.
Weeks 3–8
Implementation. Endpoint protection, identity and access configuration. Two cybersecurity engineers, one cloud architect.
Weeks 9–12
SOC Setup. Monitoring framework, incident response design. One SOC analyst. Final deliverable: operational security operations center.

The dependency chain is deliberate: Security Audit → Gap Analysis → Implementation → SOC Setup. You cannot start phase two without completing phase one. That is not overhead. That is the difference between a project and a plan.

Act V — What the CEO Sees

Phase 5 answers the CEO's actual question — not "what are we building" but "are we on track to meet our goals."

$1.55M
Total Portfolio
3
Programs · All Green
9
Projects
Real-time
Reporting

The CEO no longer asks which project to fund next. The data answers that question before the meeting starts.

The Access Model

Seventeen users. Nine groups. Zero direct role assignments. Adding a new project manager takes one action: add them to the ACME Project Managers group. Everything else follows.

Group Key Roles Members
Portfolio Leaders it_portfolio_manager, itfm_admin John Smith
Demand Managers it_demand_manager, assessment_admin Lisa Wong
Executive Viewers business_stakeholder CEO, CFO
Program Managers it_program_manager Ahmed, Hassan, Khan
Project Managers it_project_manager, resource_user 9 PMs
Security Engineers ★ it_project_user, resource_user Lee, Wilson, Farooq
Cloud Architects ★ it_project_user, resource_user Sharma, Carter, Malik
SN Consultants ★ it_project_user, resource_user R.Khan, Ahmed, Hussain
Resource Approvers resource_manager, timecard_approver Robert Chen

★ Group Type: pps_resource — required for Resource Management Workspace. Most common SPM config mistake. Easiest to miss.

The Delta

Project Visibility 0% — spreadsheet based 100% real-time dashboards
Strategic Alignment Best guess 1:1 mapping to enterprise goals
Resource Conflicts High — frequent burnout Managed — capacity planned
Reporting Time 3–5 days manual Instant self-service
Demand Governance Ad hoc project starts Scored, assessed, approved
Financial Visibility Unknown until quarter end Real-time CapEx vs OpEx

What This Taught Me

Governance before execution.

The demand intake process is more important than any technical configuration. Organizations that skip scoring and strategic linkage build fast and deliver wrong. Every rogue project I've ever seen started because someone with seniority asked for it. The intake process is how you say no to that politely.

pps_resource is the detail that breaks implementations.

Resource groups without this group type are invisible to the Resource Management Workspace. It's not in the obvious documentation. It's the kind of thing you only know if you've actually built it.

SPM is an organizational discipline, not a technology project.

ServiceNow is the structural body that makes decisions visible and enforceable. But the decisions themselves — who approves demands, what goals everything links to, how resources are governed — have to exist before you open the platform. The technology amplifies your governance. It cannot replace it.

Architecture boundaries are design decisions, not failures.

Phase 4 resource management here is role-based rather than fully automated. That was a deliberate choice given the PDI environment. Identifying what's out of scope and why is a sign of implementation maturity. Forcing an incomplete feature into production to look thorough is the opposite.

Implemented by

Abdul Hadi Sheikh

ServiceNow CSA · CIS-SPM

ServiceNow Australia Release

dev375412.service-now.com · May 2026

← Back to all projects