Risk Implementation Approach Flashcards
Risk admin [sn_risk.admin]
Set up the risk management and advanced risk applications
Coordinate and facilitate configuration requests
Maintain connections across the enterprise and integrations throughout the ServiceNow platform
Risk manager [sn_risk.manager]
Create and manage entity types and entity filters
Only role that can see the Advanced Risk Dashboard
Leverage entity types and entities for scoping
Define risk criteria and overall risk management framework
Create standard risk management taxonomy and map recommended controls to mitigate those risks
Define the key risk indicators
Review the work performed by the first line and offer continuous support and guidance on risk management
Define the scope of risk assessments and initiate risk assessments
Track the status of critical open incidents and follow up with incident owners
Escalate issues, risks, remediation tasks to senior management that may threaten the organization business objectives
Manage the risk event for their business
Risk user [sn_risk.user]
Manage the risks owned by their respective business / assets including identification, assessment, and response
Monitor the progress of the risk response tasks and ensure they are remediated within the timelines
Monitor and escalate the risks to the risk manager which may impact the enterprise
Manage the risk assessments for their respective business and ensure risk assessors are completing the tasks
This role is frequently assigned to risk owners
Risk Reader [sn_risk.reader]
GRC business user [sn_grc.business_user]
–
Leveraged across GRC applications. Risk-specific activities include:
Respond to risk assessments
Respond to issue tasks, indicator tasks, remediation tasks, and risk event tasks
Report risk events in their business
Advanced Risk Assessment engine focuses on three principles
Risk identification
Analysis
Evaluation
The ARA engine helps to configure multiple types of risk assessments in a single application with unique components and calculations.
What is a RAM?
A RAM is a unique risk assessment template that can be applied to assess a risk scoped with an entity or an object.
An object might be a regulation, department, change request, a policy, or an HR case. Technically, an object is any record in a ServiceNow table. Several RAM templates are included in the baseline implementation of GRC: Advanced Risk, which can be used as-is or modified.
What is an RCSA?
The RCSA is a process that allows an organization to evaluate all risks and control effectiveness related to a specific entity, commonly a line of business (LOB) or department, on a set frequency.
