Workflow of a risk using Advanced Risk

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of a risk using Advanced Risk

    Enabling the Advanced Risk Assessments property in ServiceNow transforms the lifecycle of risks from the classic active/inactive model to a more detailed state-driven workflow. This enhancement simplifies risk management by providing clear stages and actions for risk assessment and response. Once enabled, this feature cannot be disabled.

    Show full answer Show less

    Key Features

    • Risk States: Risks transition through five distinct states: Draft, Assess, Respond, Monitor, and Retire, each reflecting a specific phase in the risk management process.
    • State-Specific Actions: Each state provides tailored actions such as saving, assessing, monitoring, retiring, and navigating to assessment scopes or 360-degree views.
    • Direct Risk Assessment Initiation: Users can initiate risk assessments directly from the risk form for streamlined workflows.
    • Automated Transitions: Risk states automatically update based on actions taken, such as moving from Assess to Respond if a response strategy exists, or to Monitor after response task closure.
    • Audit and Record Keeping: The Retire state allows organizations to maintain records of invalid risks for auditing purposes while keeping them inactive.

    Key Outcomes

    • Improved Risk Visibility: Customers gain enhanced clarity on the status of each risk through defined states, enabling better tracking and management.
    • Streamlined Risk Management: The workflow supports efficient risk assessment, monitoring, and response processes, helping organizations maintain compliance and control.
    • Enhanced Monitoring: Integration with Key Risk Indicators (KRIs) facilitates ongoing risk monitoring once assessments and responses are complete.
    • Flexibility in Risk Handling: Risks can be reactivated from the Retire state or returned to earlier states such as Draft for reassessment, supporting dynamic risk management needs.

    When you migrate to advanced risk assessment, you can view the various states of the risks take the necessary actions. This ability simplifies your view of the risk form.

    When your risk administrator enables the Migrate to Advanced Risk Assessments property located under Advanced Risk Assessment > Administration > Properties, the life cycle of the classic or legacy risks undergo a change. You can also initiate a risk assessment directly from the risk form.
    Note:
    Once you enable this property, you cannot disable it.
    Prior to version 14.0, when the Migrate to Advanced Risk Assessments property was enabled, the risks were only classified as either active or inactive. Starting with version 14.0, as a risk owner, when you enable Advanced Risk, you can view the following states of your risks.
    1. Draft
    2. Assess
    3. Respond
    4. Monitor
    5. Retired
    Figure 1. States of a risk with advanced risk assessment
    States of a risk with advanced risk assessments enabled.
    All the states and the actions available for each state are explained in the following table.
    State Description Actions available
    Draft This is the state of a risk when a risk is created by the second line of defense or identified by the first line of defense.

    The objective in this state is to map and identify the risk pertaining to your organization. If you modify the entity or the primary risk assessment methodology (RAM) for a risk, the state of the risk gets updated based on the primary RAM's latest assessment.
    • Save
    • Assess: Pushes the workflow and initiates the risk assessment.
    • Monitor: If you do not want to assess the risk but want to monitor the risk.
    • Retire: The risk is retired along with all underlying risk assessment and risk response.
    • Navigate to assessment scope: Shortcut to risk assessment scope. The primary risk assessment methodology is passed.
    • 360 degree: View the complete 360-degree relationships for the risk.
    Assess This is the state of a risk when advanced risk assessment is initiated and being performed. If there is a response strategy, then the risk moves to the Respond state otherwise it moves to the Monitor state once the assessment is completed.
    • Save
    • View assessment: Navigates to the actual risk assessment form.
    • Cancel assessment: If you want to cancel the current assessment. The respective risk assessor is notified about the canceled assessment.
    • Return to draft: Cancels the current assessments and returns the risk to the previous state.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    Respond This is the state of the risk when the risk response task is in progress.

    Once the risk response task is closed, the risk is automatically moved into the Monitor state
    • Save
    • Assess: Pushes the workflow back in the workflow. The in-progress risk response task would be canceled.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Monitor This is the state of the risk when the risk has been assessed and the response task is closed.

    If KRIs are defined (through Metrics), they are executed to monitor the risk.
    • Save
    • Assess: Moves the risk back to Assess state and initiates the risk assessment.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Retire This is the state of the risk when the risk is no longer valid but the organization wants to keep a system of record for audit purposes.
    • 360 degree
    • Activate: Reactivates the risk and moves it back to Draft state.
    • Navigate to assessment scope.