Workflow of project risk assessment

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of Project Risk Assessment

    The workflow for project risk assessment integrates Project Portfolio Management with Governance, Risk, and Compliance capabilities. This process is crucial for identifying and managing risks that may escalate to enterprise risks, potentially leading to significant financial or reputational losses.

    Show full answer Show less

    Key Features

    • Risk Identification: Project managers can create or select risks from a library and must hold the itprojectmanager and sngrc.businessuser roles.
    • Risk Assessment Initiation: After adding risks, managers initiate assessments, notifying assessors defined in the Project Integration Configuration form.
    • Risk Assessment Process: Assessors receive email notifications to review risks, which must be in the Pending, Open, or Work in Progress state. They can also access tasks through the Advanced Risk Assessment module.
    • Enterprise Risk Elevation: If a project risk impacts the enterprise, it can be elevated to an enterprise risk, copying it to the enterprise risk register for further assessment.
    • Risk Posture Visualization: The heatmap in the Risk Overview section allows project managers to prioritize high-impact and high-likelihood risks effectively.
    • Aggregated Risk Score: Assessed risks contribute to a single aggregated risk score, facilitating stakeholder reporting.

    Key Outcomes

    By following this workflow, ServiceNow customers can systematically identify, assess, and manage project risks, ensuring that potential enterprise risks are promptly addressed. The heatmap visualization and aggregated risk score enhance decision-making and prioritization, ultimately supporting better project outcomes and compliance management.

    To understand the integration of Project Portfolio Management and Governance, Risk, and Compliance risk management capabilities, it is important to understand the workflow of project risk assessment.

    Project risk assessment follows a sequence of steps. Sometimes, a risk is elevated to an enterprise risk after the risk is assessed. An enterprise risk is a risk that can cause monetary or reputational losses. It can jeopardize your ability to stay in business.

    The workflow of project risk assessment is as follows:
    1. A project manager identifies risks and adds those risks to a project. The manager can either create risks or add them from a library. The project manager has the it_project_manager and sn_grc.business_user roles. For more information, see Add risks for a project.
    2. The project manager then initiates risk assessment for the newly added risks. In the Project Integration Configuration form, the assessors and approvers are defined for the assessment. They get an email notification to assess the risks.
      Note:
      You can only assess the risks that are in the Pending, Open, or Work in Progress state.
    3. If the Project Integration Configuration form has stakeholders selected as assessors, then the project manager must manually assign the risks to the relevant stakeholder.
    4. As a risk specialist, the risk assessor is notified about the new risks for assessment.

      The risk assessor can use the link in the email notification to start the assessment. Alternatively, the risk assessor can navigate to Advanced Risk Assessment > Risk Assessment Tasks > My Tasks to perform advanced risk assessment. See Advanced Risk Assessment.

    5. In the project risk form, the project manager reviews the Risk Assessment Summary section to view the risk assessment scores.
    6. If the project manager determines that the project risk has an impact on the enterprise, then the project manager can elevate the risk to an enterprise risk.
      Note:
      When a project risk is elevated to an enterprise risk, the project risk is copied from the project risk register to the enterprise risk register.
    7. If a risk is elevated to an enterprise risk, the enterprise risk manager is requested to assess the risk.
    8. The project manager views the enterprise inherent risk score and the enterprise residual risk score in the Risk Assessment Summary.
    9. As part of the Project Portfolio Management workflow, if a risk materializes and an action must be taken for this risk, then the project manager can convert the risk into an issue. For more information, see RIDAC (Risk, Issue, Decision, Action, and Request Changes) record entries for a project.
    10. The project manager can also view the project risk posture through the heatmap in the Risk Overview section on the project form. The heatmap displays high impact risks and high likelihood risks. With the heatmap, you can prioritize the risks that need immediate attention. The risks that are assessed contribute to the aggregated risk score. The aggregated risk score is a single score that can be reported to all the stakeholders. For more information, see Create a project.
    11. View the Project Risk Overview dashboard to understand the overall risk posture of project risks and of enterprise risks. For more information, see Project Risk Overview dashboard.
    Note:
    The assessor and the approver must have risk business user role (sn_grc.business_user) to perform the required tasks. If the project risks are reassessed for any reason and the scores change, then the enterprise risk assessor gets an email notification with the option to reassess the enterprise risk.
    The key users and the user journey are shown in the following figures.
    Figure 1. Key users of Project Portfolio Management and Risk Integration
    Key personas who use the PPM and Risk integration feature
    Figure 2. User journey of Project Portfolio Management and risk integration
    PPM and Advanced Risk Assessment integration user journey