GRC Risk Workspace

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC Risk Workspace

    The GRC Risk Workspace, introduced in version 13.0.5, offers ServiceNow customers a streamlined, single-pane user experience for managing risk. It consolidates key risk management functions—such as risk assessments and risk event processing—within a highly configurable, role-driven environment. This workspace simplifies application management by reducing the number of apps users must install, enabling organizations to manage risks (e.g., IT risks) through a single application.

    Show full answer Show less

    Activation of the GRC: Risk Management workspace (plugin com.snriskworkspace) is required to use the workspace.

    Key Features

    • Role-Driven Customization: The workspace adapts dynamically to each user’s role, providing tailored views and functionality for roles such as Operational Risk Manager and IT Risk Manager. This ensures users see relevant information and tasks.
    • Home Page Dashboard: The starting point displays a comprehensive risk status overview including key risk indicator (KRI) breaches, risk heatmaps, risk classifications, and entities at highest risk. It highlights tasks assigned to the user or their group, facilitating efficient task management.
    • Advanced Risk Assessments Integration: Enables quick access to assigned risk assessments with a simplified user experience, supporting both individual and group workflows.
    • Customizable Visualizations: Users can configure elements such as color codes for heatmaps and reports to better suit organizational needs.
    • Quick Action Links: Provides convenient shortcuts to schedule risk assessments, create KRIs, and perform other key risk management tasks directly from the workspace.
    • Compatibility: When the Advanced Risk application is not enabled, the workspace still displays classic risk assessment scores, ensuring continuity of information.

    Role-Specific Capabilities

    • Operational Risk Manager: Focuses on managing operational risks arising from internal processes, people, systems, or external events. They oversee risks ranging from minor errors to major incidents like fraud.
    • Business Operational Risk Manager: Acts as the first line of defense within specific business units, managing the risk posture at the business unit level.
    • IT Risk Manager: Responsible for the organization-wide IT risk management program, addressing threats to business data and critical IT systems.

    User Experience Enhancements

    The redesigned workspace includes enhancements that simplify daily risk management tasks, making it accessible for both new and experienced GRC users. These enhancements facilitate a more intuitive and efficient workflow for risk assessment and monitoring.

    Starting with version 13.0.5, the GRC Risk Workspace provides a new and simplified user experience with a single-pane view. In the workspace, you can perform the same functions as the classic environment, but with more intuitive functionality. These functions include risk assessments, risk events processing, and so on.

    The Risk Workspace is highly configurable and role-driven. Being role-driven means that the Risk Workspace is customized or unique for each user or role in your organization. In the workspace, different users with specific roles can perform different functions and have views that differ from each other. The workspace also reduces the number of apps that the users must install to utilize the Risk Management application. For example, if you want to manage your IT risks, you must install only one application. The workspace makes the management and installations of apps easier. To use the Risk Workspace, you must install and activate the GRC: Risk Management workspace (com.sn_risk_workspace) plugin.

    The starting point in the Risk Workspace is the Home page Home page button..

    The Home pages show you the complete view of the risk status across your organization. Some of the key items that you can see are the key risk indicator (KRI) breaches, the risk heatmaps, the risk classification and breakdown, entities at the highest risk and so on.

    The Home page offers the following benefits:
    • Provides a different view for each role.
    • Is designed for the specific responsibilities of each role.
    • Shows the day-to-day tasks for each role depending on the user. For example, the Home page for an Operational Risk Manager differs from that of the Home page of the IT Risk Manager.
    • Displays the key tasks assigned to you and your group. This makes it easier to get a complete view of your actionable tasks. For more information on the new user experience for Advanced Risk Assessments, see Advanced Risk Assessments in the Risk Workspace.
    • Shows the risk profile for the top entities. This consolidated view enables easier reporting.
    • Enables customization to suit your needs. For example, you can configure your own color codes for heatmaps and reports. For more information, see Operational risk heatmap for Advanced Risk Assessment in the Risk Workspace
    • Provides quick links for performing key tasks such as scheduling risk assessments, creating new key risk indicators, and so on.
    • Provides data in a way that you can click and view the details.
    • Shows the classic risk assessment scores if the Advanced Risk application is not enabled.
    Figure 1. Risk Workspace home page without Advanced Risk enabled
    Risk workspace home page.

    Roles and user enhancements in the Risk Workspace

    The roles for the Risk Workspace are the Operational Risk Manager and IT Risk Manager. See the following sections for the description of each role, its responsibilities, and its tasks.
    Note:
    Because the roles in your organization might be different from what is presented here, use these roles as references or models.

    Multiple enhancements have also been made to the user experience in the Risk Workspace. Each enhancement is described in detail in the subsequent sections.