Workflow of risk response task

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of risk response task

    The risk response task workflow in ServiceNow provides a structured approach to managing assessed risks by defining and executing plans to accept, mitigate, avoid, or transfer those risks. This workflow guides users through the lifecycle of a risk response task from creation to closure, ensuring proper review and approval processes are followed.

    Show full answer Show less

    Workflow States and Stages

    • Draft: Initial state after creating a risk response task.
    • Work in progress: When the task owner actively works on the task and prepares it for approval.
    • Awaiting approval: The state where assigned approvers review the risk response plan.
    • Closed: Final state after approval.

    Key Steps in Managing Risk Response Tasks

    • Create a risk response task: Users with the snriskadvanced.araassessor role can create tasks and assign them to users with the snrisk.user role. Tasks start in the Draft state.
    • Create action items: Risk assessors can define multiple strategies and granular action items within a risk response task to address risks. These can be added while the task is in Draft or Work in progress states. Action items have their own workflow and must be closed before the task can proceed. Note that action items cannot be created for Risk acceptance tasks.
    • Respond to risk response tasks: The assigned task owner moves the task to Work in progress to develop the plan of action. After completing the plan, the owner requests approval. Approval settings default to a single level, typically the risk owner, but can be customized. Once approval is requested, the task enters the Awaiting approval state.
    • Approve or reject risk response tasks: Approvers review the plan and either approve or reject it. Approval advances the task to Closed. Rejection returns the task to Work in progress for further action.

    Practical Considerations for ServiceNow Customers

    • Ensure proper role assignments (snriskadvanced.araassessor and snrisk.user) to enable task creation and assignment.
    • Use action items to break down risk responses into manageable tasks, enhancing risk management effectiveness.
    • Configure approval workflows to match your organizational requirements, including multi-level approvals if needed.
    • All associated action items must be closed before moving the risk response task to approval, enforcing completeness of risk mitigation efforts.

    The risk response task workflow is a structured process to manage assessed risks by defining plans of action to either accept, mitigate, avoid, or transfer those risks.

    Exploring the user journey for Risk response task

    The states of a risk response task are as follows:
    1. Draft: The default state when a risk response task is created.
    2. Work in progress: The state when the risk response task owner starts working on it and sends it to the approver for review.
    3. Awaiting approval: The state when the approver reviews the risk response task and either approves or rejects it.
    4. Closed: The state when the approver approves the risk response task, moving it to the Closed state.
    The risk response task workflow consists of the following stages:
    Create a risk response task
    After an assessor identifies the risk response plans, the assessor then creates risk response tasks. The user with the sn_risk_advanced.ara_assessor role can create a risk response task and assigns them to the risk user with the role sn_risk.user. After creation, the risk response task moves to the Draft state. For more information, see Create a risk response task in the Risk Workspace.
    Create action items
    The risk assessor can create multiple strategies with various action items for each risk response task. Action items are specific, granular tasks defined within a risk response task to address and manage risks effectively. Action items can be created and defined when the risk response task is in either the Draft state or the Work in progress state. For more information, see Create an action item in the risk response task.

    Action items have their own independent workflow. For more information, see Workflow of action item in risk response task.

    Note:
    You can create risk response action items for all types of risk response tasks except for Risk acceptance tasks.
    Respond to the risk response tasks
    After the risk response task is assigned, the risk response task owner moves the risk response task to the Work in progress state. In this stage, the risk response task owner defines a plan of action for the risk response task. After defining the plan of action, the task owner can request for approval from the approvers defined in the approval configurator. By default, a single level of approval is enabled for all types of risk response tasks, where the risk owner can approve the tasks. These approvals can be configured based on requirements. After the task owner request for approval, the risk response task moves to the Awaiting approval state.
    Important:
    All action items associated with the risk response task must be closed to move the risk response task from Work in progress to Awaiting approval state.
    Approve or reject the risk response task
    In the Awaiting approval state, the approvers defined in the approval configurator can review the plan of action and either approve or reject the risk response task. The risk response task moves to the Closed state, if the all the approvers approve the task. If any of the approvers reject the task, then the risk response task moves back to the Work in progress state.