Manage issues

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage issues

    The Manage issues functionality in ServiceNow helps organizations efficiently identify, track, and remediate risk and compliance issues. It supports submissions from both employees/business users via the Service Portal and GRC users within the instance. This process ensures timely reaction to risks, improving overall risk management effectiveness.

    Show full answer Show less

    Key Features

    • Issue Submission: Employees and business users can self-report issues through the Service Portal, triggering automatic creation of a triage issue to begin analysis. GRC users can manually create issues related to audits, remediations, compliance, and risk.
    • Automatic Issue Generation: Issues such as control issues and control test issues are automatically created based on control attestations or test results indicating non-compliance or ineffectiveness.
    • Issue Management Goals: Focus on eliminating duplicate or irrelevant issues, prioritizing those with greatest risk, identifying remediation actions, and uncovering operational weaknesses.
    • Issue Management Workflow: The lifecycle includes intake, investigation, remediation, and review. Triage issues are assigned to teams for analysis, potentially involving compliance or risk managers, followed by remediation steps and final approval by policy owners.
    • Issue Tracking and Organization: Users can track all issues or individual cases via the Workspace’s Issues module. Issues can be grouped to organize related cases, streamlining management and saving time.

    Key Outcomes

    • Improved identification and prioritization of risk and compliance issues across the organization.
    • Structured investigation and triage process ensures issues are thoroughly analyzed and escalated appropriately.
    • Clear remediation steps support maintaining control compliance and reducing organizational risk.
    • Review and monitoring phase enables tracking of overdue tasks, benchmarking timelines, and identifying past loss mitigation opportunities.
    • Workspace tools facilitate efficient issue tracking and grouping, optimizing issue management workflows.

    You can measure the effectiveness of your company's risk management program by how quickly and completely it identifies and reacts to risk and compliance issues.

    Issues can be submitted using two methods, depending on the type of user involved:
    Note:
    Various types of issues can also be automatically generated under the following conditions (these types of issues are not triaged):
    • Control issue: Created when a control attestation is completed, indicating that the control is not implemented, or when an indicator fails.
    • Control test issue: Created when a control test is closed complete with the control effectiveness set to Ineffective.

    Goals of issue management

    The goals of issue management include:

    • Eliminating noise​.

    • Consolidating duplicate issues​.

    • Focusing on issues that expose the organization to the greatest risk.

    • Identifying and prioritizing remediation actions​.

    • Identifying new issues across the business operations​.

    • Analyzing operational weakness in policies, processes, and controls​.

    Issue management workflow and life cycle

    By remediating issues, controls can be kept compliant, and risk can be mitigated​. The Issue Management workflow and life cycle are illustrated and described here.
    Figure 1. Issue Management workflow
    Issue Management Workflow
    Table 1. Issue Management life cycle
    Stage Description
    Issue intake As described earlier, issues can be submitted using two methods, depending on the type of user involved:
    • Employees and business users within your company can self-identify an issue and submit it via the ServiceNow® Service Portal. Following submission, a triage issue is automatically created and the issue triage process begins.
    • GRC users can manually create an issue from within their instance. These types of issues are not triaged.
    Investigate the issue During the investigation phase, it is determined whether the issue requires additional study. If a triage is being performed, the triage issue is assigned to a triage team for analysis. The triage team may request more information from the issue creator. The team can also optionally send the issue to the compliance manager, risk manager, or triage manager with a triage result.
    Remediate the issue After the team has confirmed the issue, the necessary steps to remediate it are performed. If a triage was performed, the triage issue is converted into an actual issue or risk event. The team may also decide to track the issue as a recommendation or close it as a non-issue.
    Review and monitor the issue Prior to closing the issue, the policy owner reviews and approves it. The review also allows the organization to:
    • track past due tasks
    • benchmark issue timelines
    • identify where losses could have been mitigated
    • reduce gaps in the future