GRC Advanced Risk plugin indicators

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC Advanced Risk Plugin Indicators

    The GRC Advanced Risk plugin provides a comprehensive set of indicators designed to help ServiceNow customers monitor and manage risk effectively on a quarterly basis. These indicators cover various aspects of risk management, including risk levels, control effectiveness, financial impacts, and task statuses, enabling organizations to gain detailed insights into their risk posture and mitigation efforts.

    Show full answer Show less

    Key Indicators and Their Practical Use

    • Risk Levels and Scores: Track counts of high residual risks, average residual risk, inherent risk scores, and the number of risks with failed indicators or high ratings. These metrics help prioritize focus areas.
    • Control Effectiveness: Measure the number of ineffective controls, average control effectiveness, failed control tests, and key controls with failed indicators to identify weaknesses in risk controls.
    • Financial Impact Metrics: Monitor total gross and net loss from financial risk events, average losses per event, recovery rates, additional costs, and the number of events with impacts exceeding one million USD, supporting financial risk assessment and loss prevention.
    • Risk Events and Assessments: Track the number of risk events (including non-financial and near misses), open risk assessments, risk assessments in monitor state, and newly created issues, tasks, and control tests each quarter to maintain active risk management processes.
    • Task and Indicator Management: Keep an eye on open mitigation tasks, overdue indicator tasks, total failed indicators, and remediation tasks due for completion to ensure timely risk response and compliance.
    • Loss Expectancy Metrics: Use maximum and average calculated and acceptable loss expectancy (ALE) values monthly and quarterly to forecast potential risk impacts and guide resource allocation.
    • Entity and Statement Tracking: Count active entities and risk statements updated within or before the quarter to maintain an up-to-date risk inventory.

    Key Outcomes for ServiceNow Customers

    • Gain detailed, quantifiable insights into risk exposure, control performance, and financial impacts to inform decision-making and risk prioritization.
    • Monitor risk mitigation progress through task and indicator statuses, enabling proactive management and timely remediation.
    • Improve compliance and governance by tracking control effectiveness and failed tests, reducing operational and financial risk.
    • Leverage comprehensive quarterly metrics to support reporting, audit readiness, and continuous improvement of risk management practices.

    The GRC Advanced Risk plugin contains various indicators.

    The Advanced Risk plugin includes the following indicators:

    # of high residual risks
    Number of high residual risks per quarter.
    # of ineffective controls
    Number of ineffective controls per quarter.
    Maximum of maximum calculated ALE for this quarter
    Maximum of maximum calculated ALE for this quarter.
    Maximum of maximum acceptable loss expectancy for this quarter
    All active risk statements updated within the current quarter and calculates the average of maximum_acceptable_loss_expectancy
    Number of open mitigation tasks
    Number of risk mitigation tasks in open state in this quarter.
    # of risk events
    Number of risk events that were reported in this quarter.
    Total gross loss
    Total gross loss from financial risk events per quarter.
    Total net loss
    Total net loss from financial risk events per quarter.
    Active Events
    Number of active risk events per quarter.
    # of events with impact > 1 M
    Number of risk events with financial impact greater than one million USD.
    Average residual risk
    Average residual risk score per quarter.
    Average control effectiveness
    Average control effectiveness per quarter.
    Average Inherent Risk
    Average inherent risk score per quarter.
    Risk Assessments (Open)
    Open risk assessments.
    Issues (created this quarter)
    Issues created per quarter.
    Indicator task (created this quarter)
    Indicator tasks per quarter.
    Control tests (created this quarter)
    Control tests per quarter.
    Risk assessments in Monitor state
    Risk assessments in monitor state.
    Non-financial risk events
    Number of non-financial risk events per quarter.
    Total potential loss
    Total potential loss from financial risk events per quarter.
    Total expected loss
    Total expected loss from financial risk events per quarter.
    # of events with high non-financial impact
    Number of risk events with high non financial impact per quarter.
    Average gross loss per event
    Average of the gross loss incurred for each active risk event.
    Average net loss per event
    Average net loss per event. Net loss = Gross loss minus recovery loss.
    Average recovery made per loss event
    Average recovery made per loss event per quarter.
    Average additional cost per event
    Average additional cost per financial risk event per quarter.
    Annual Loss Expectancy
    Average ALE monthly is measured monthly as unit.
    Number of entity
    Number of entities which are in active state and updated during or before this quarter.
    Near Miss
    Number of near miss risk events per quarter.
    Number of risk statements
    Number of risk statement which are in active state and updated during or before this quarter.
    Total control indicators
    Number of control indicators running per quarter
    High risks with failed indicators
    Number of risks with high rating and failed indicators in the quarter.
    Overdue indicator tasks
    Number of indicator tasks due in the quarter.
    Percentage of risk indicators failed
    Percentage of failed risk indicators.
    Total Failed Indicators Quarterly
    Number of failed indicators in the quarter.
    High Risk with Failed Control
    Number of High Risk with Failed Control Test
    Total Risk Indicators
    Number of risk indicators running per quarter.
    # of ineffective controls
    Number of ineffective controls per quarter.
    # of failed risk indicators
    Number of failed risk indicators per quarter.
    # of Failed Control Tests
    Number of failed control tests per quarter.
    Failed Control Test Quarterly
    Number of Failed Control Test Quarterly
    By this quarter
    Total number of remediation task that needs to be completed by this quarter.
    Key Controls with Failed indicators
    Key Controls with Failed indicators is measured quarterly