0
22.3.3
Australia Patch 3, Australia, Zurich Patch 7, Zurich Patch 4, Zurich, Yokohama Patch 12, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu
Standalone Application
The ServiceNow® Risk Management application within Integrated Risk Management (IRM) provides a centralized process to identify, assess, respond to, and continuously monitor enterprise/IT risks that may negatively impact business operations. The application provides structured workflows to manage risk assessments, risk indicators, and risk issues.
The Risk Management application includes the following features:
- Scoping - entities and entity types
- Risk library - risk frameworks and risk statements
- Risk register - risk creation and management
- Risk assessments
- Risk treatment - accept, mitigate, transfer, and avoid
- Risk monitoring - indicator templates and indicators
- Issue management
- Reports and dashboards
New
- Query ragne ACL's
- Consistent Access Control — All tables include standardized query range security ACLs. These ACLs ensure that authenticated users with appropriate read permissions can query records consistently across the platform.
- Seamless Upgrade Experience — New query ACL rules are installed automatically during upgrade, with no administrator action required. Automated upgrade scripts handle the transition, including detecting and processing previously customized ACLs to ensure existing processes continue without interruption.
- Post-Upgrade Review for Customized ACLs — If the instance includes administrator-modified query range ACLs, review those records after upgrade to confirm they align with the intended access policy.
- Enabled Audit entries support for Risk and related records.
Changed
- Email notification links for Risk Management now redirect users to the appropriate workspace based on their access permissions.
Fixed
- Risk response task due date validation now prevents users from entering past-dated entries.
- Delegated users can now review, approve, and reject action items on response sub-tasks.
- The "Closed At" field now populates correctly when a closed response task is reopened and closed again.
- Users can add controls to risks without being blocked by security constraints.
- Deactivating a risk framework now displays the correct count of affected risks and risk statements.
The following applications are installed automatically when you activate the Risk Management application:
- GRC: Profiles
- GRC: Approver Configurator
Permissions and roles
Role required to install the app: System admin (admin)
To upgrade the Risk Management application, make sure to upgrade the Risk Management Workspace and any other installed GRC applications to the equivalent release version. For example, version 15.x of Risk Management is certified to work with version 15.x of Risk Management Workspace and version 15.x of other GRC applications.