GRC Risk Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC Risk Workspace

    The GRC Risk Workspace, introduced in version 13.0.5, delivers a streamlined, single-pane user interface for managing risk within ServiceNow. It consolidates functionalities traditionally available in the classic environment—such as risk assessments and risk event processing—into a more intuitive and role-driven experience. This workspace customizes views and functions based on each user's role, helping organizations tailor risk management activities effectively.

    Show full answer Show less

    To enable the Risk Workspace, ServiceNow customers must install and activate the GRC: Risk Management workspace (com.snriskworkspace) plugin.

    Key Features

    • Role-driven customization: Different roles (e.g., Operational Risk Manager, IT Risk Manager) have distinct home pages and capabilities aligned with their specific responsibilities.
    • Unified application installation: Simplifies management by requiring only one application installation per risk domain (e.g., IT risk management).
    • Comprehensive Home page: Displays key risk indicators (KRIs), risk heatmaps, risk classifications, and top-risk entities to provide a consolidated risk status overview tailored per role.
    • Actionable task visibility: Shows user- and group-assigned tasks, making it easier to track and manage risk-related activities.
    • Customization options: Allows configuration of visual elements such as color codes for heatmaps and reports to fit organizational preferences.
    • Quick links and detailed data access: Facilitates efficient navigation to tasks like scheduling assessments and creating KRIs, with clickable data for deeper insights.
    • Advanced Risk Assessments integration: Supports an enhanced user experience for performing advanced risk assessments, accessible directly from the Risk Workspace or GRC Risk Portal.
    • Legacy support: Displays classic risk assessment scores when the Advanced Risk application is not enabled.

    Role-Specific Capabilities

    • Operational Risk Manager: Focuses on managing risks stemming from internal processes, people, systems, and external events, ranging from minor errors to significant threats like fraud.
    • Business Operational Risk Manager: Acts as the first line of defense for individual business units, managing the risk posture specific to their line of business.
    • IT Risk Manager: Manages threats related to IT systems and data, responsible for establishing and maintaining the organization-wide IT risk management program.

    User Experience Enhancements

    The Risk Workspace introduces multiple improvements aimed at simplifying daily risk management tasks, particularly beneficial for users new to GRC or those less familiar with the platform. These enhancements improve accessibility and usability across risk management activities.

    Starting with version 13.0.5, the GRC Risk Workspace provides a new and simplified user experience with a single-pane view. In the workspace, you can perform the same functions as the classic environment, but with more intuitive functionality. These functions include risk assessments, risk events processing, and so on.

    The Risk Workspace is highly configurable and role-driven. Being role-driven means that the Risk Workspace is customized or unique for each user or role in your organization. In the workspace, different users with specific roles can perform different functions and have views that differ from each other. The workspace also reduces the number of apps that the users must install to utilize the Risk Management application. For example, if you want to manage your IT risks, you must install only one application. The workspace makes the management and installations of apps easier. To use the Risk Workspace, you must install and activate the GRC: Risk Management workspace (com.sn_risk_workspace) plugin.

    The starting point in the Risk Workspace is the Home page Home page button..

    The Home pages show you the complete view of the risk status across your organization. Some of the key items that you can see are the key risk indicator (KRI) breaches, the risk heatmaps, the risk classification and breakdown, entities at the highest risk and so on.

    The Home page offers the following benefits:
    • Provides a different view for each role.
    • Is designed for the specific responsibilities of each role.
    • Shows the day-to-day tasks for each role depending on the user. For example, the Home page for an Operational Risk Manager differs from that of the Home page of the IT Risk Manager.
    • Displays the key tasks assigned to you and your group. This makes it easier to get a complete view of your actionable tasks. For more information on the new user experience for Advanced Risk Assessments, see Advanced Risk Assessments in the Risk Workspace.
    • Shows the risk profile for the top entities. This consolidated view enables easier reporting.
    • Enables customization to suit your needs. For example, you can configure your own color codes for heatmaps and reports. For more information, see Operational risk heatmap for Advanced Risk Assessment in the Risk Workspace
    • Provides quick links for performing key tasks such as scheduling risk assessments, creating new key risk indicators, and so on.
    • Provides data in a way that you can click and view the details.
    • Shows the classic risk assessment scores if the Advanced Risk application is not enabled.
    Figure 1. Risk Workspace home page without Advanced Risk enabled
    Risk workspace home page.

    Roles and user enhancements in the Risk Workspace

    The roles for the Risk Workspace are the Operational Risk Manager and IT Risk Manager. See the following sections for the description of each role, its responsibilities, and its tasks.
    Note:
    Because the roles in your organization might be different from what is presented here, use these roles as references or models.

    Multiple enhancements have also been made to the user experience in the Risk Workspace. Each enhancement is described in detail in the subsequent sections.