Delegation of risk assessment

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Delegation of risk assessment

    The delegation of risk assessment feature in the ServiceNow AI Platform allows a risk assessor to appoint a delegate to perform risk assessments on their behalf when they are unavailable. This delegation is time-bound and enables continuity in risk assessment activities by assigning authority to another qualified user.

    Show full answer Show less

    Key Features

    • Delegates can perform risk assessments from both the Risk Workspace and Risk Portal.
    • Delegates receive all system notifications sent to the original assessor.
    • The assessment instance displays both the original assessor’s and delegate’s names once the delegate starts the assessment.
    • Delegates can reassign tasks, view ongoing assessments of the original assessor, create issues, and initiate risk response tasks with approval requests.
    • All delegate activities are tracked in the activity stream for transparency and auditing.
    • Delegates must have the snriskadvanced.araassessor role to perform risk assessments and are considered licensed users, which is monitored for GRC usage.
    • Delegation is limited to performing assessments only; delegates cannot approve risk assessments.
    • Only individual users (not groups) can be assigned as delegates.

    Practical Application for ServiceNow Customers

    To enable delegation, risk assessors should configure their user profiles to display the Delegates related list and refer to the procedures for configuring delegates for their tasks. When a delegate is assigned, the original assessor remains listed in the Assessor field, with the delegate’s name shown in a separate Assessor’s delegates field, maintaining clear accountability.

    This feature ensures uninterrupted risk assessment operations during assessor absences by empowering designated delegates to continue the work seamlessly, while maintaining compliance, tracking, and role-based security controls within the ServiceNow platform.

    If a risk assessor is unavailable to perform a risk assessment, the assessor can appoint a delegate to perform the risk assessment for a specified time period. The ServiceNow AI Platform enables you to appoint your delegates.

    Delegation is the assignment of authority to another person to perform specific activities. It is a process of entrusting work to another person. In the context of risk assessments, at times, it may happen that the assigned assessor for a risk assessment is unavailable to perform their risk assessments. In such a scenario, the assessor can assign another user as a delegate and the delegate can perform the risk assessment on behalf of the original assessor for a specified time period. A delegate can perform the risk assessment from the Risk Workspace and the Risk Portal. A delegate also receives a copy of all the system notifications that are sent to the original assessor. Once the delegate starts performing the assessment, the delegate's name is visible on the assessment instance. Delegate on the risk assessment instance.

    As a risk assessor, to understand how you can assign a delegate, refer to Configure a delegate for your tasks.

    To delegate tasks to another user, configure your user profile form to display the Delegates related list. For details, refer to Add the Delegates related list.

    It is important to note the following points when you assign a delegate.
    • The ability to assign a delegate is only available to perform an assessment. You cannot assign a delegate for approving a risk assessment.
    • After a delegate is assigned an assessment, the assessment shows the names of the original assessor as well as the delegate.
    • You can only assign an individual user as a delegate and not a group.
    • A delegate must have the sn_risk_advanced.ara_assessor role to perform risk-based assessment.
    • A delegate must have the sn_risk_advanced.ara_assessor to perform any object assessment.
    • All delegates are considered licensed users and are tracked for their GRC usage.
    • When the delegate logs in to perform the risk assessment on behalf of the assessor, the original assessor's name remains in the Assessor field. The new field Assessor's delegates displays the name of the delegate.
    • The delegate can reassign the task to another user.
    • The delegate can view the on-going assessments for the original assessor under Tasks in the Workspace.
    • The delegate can create issues.
    • The delegate can create risk response tasks and request approval.
    • All activity performed by the delegate is captured in the activity stream.