Visually Explore Data Relationships to Reduce Business Risk with ServiceNow GRC

• Simplify operations and boost productivity with the new Project & Resource Management features in Rome 
• Create and maintain configuration items to provide visibility with CMDB in Rome and Quebec 
• Manage the life cycle actions, End of Life Policies, detection, and archival of CI Data with the improved CMBD Data Manager in Rome 
• View multiple records in a single window on the new Agent Workspace in Quebec and Rome to give Agents a quick overview of cases
• Assess Vendor Performance Using Configurable Vendor Metric Indicators
• Visually explore data relationships between different critical data types that are enhanced and updated in ServiceNow GRC to reduce business risks

ServiceNow GRC (Governance, Risk, and Compliance) is a powerful tool that assists companies in effectively managing IT and security risks, reducing expenses, and meeting compliance requirements. 

Risk refers to threats an organization faces that can come in many forms, including financial issues, loss of reputation, legal liabilities or leadership errors, accidents, and natural disasters.

It also further develops decision-making and execution through an integrated perspective of how an organization deals with its risks.

This article covers some of the new components and improvements added to Risk Management in the ServiceNow Rome release.

New Risk Management features in the ServiceNow Rome release

1. Risk Portal

In the Rome Release, ServiceNow introduced the Risk Portal for Risk, Audit, Policy, and Compliance. So now we have a relatively lean and sleek out-of-the-box portal. The user now has a single view to check all the assigned tasks and complete them. For instance, if a user has multiple pending assessments, all are visible from the Risk Portal.

Image Source: GRC Risk Portal

On the Risk Portal, the user can do the following:

My pending tasks: View all open and overdue tasks, approvals, new and in-progress tasks of risk assessment, and control attestations so the user can complete all the assessments and attestations in one place.

My group's tasks: View open, overdue, unassigned, new, and in-progress tasks that are assigned to the group.

My items: View the total requested items raised by the user, including remediation tasks, issues, and policy exceptions that the user must resolve.

Report: Quickly report risk events. Users can easily report a risk event from the Risk Portal by clicking on "Risk Event" under "Report," filling the form and submitting it for review.

2. Risk Workspace

ServiceNow GRC's reinvented the user experience to improve decision making and act through real-time insights presented on the workspace homepage with role-based use cases. The workspaces also enhance the efficiency in performing day-to-day activities with a modern user experience and make it easy to view issues, tasks, and quick links all in one place. It helps visualize how everything is connected.

Risk workspace for the IT risk manager

Risk managers need a single pane view for risks so they can see multiple risk assessment viewpoints, a complete overview of the risk profile, highest risks that need attention, overdue tasks across the organization, open issues with the highest priority, and also the tracking indicator status and control test status by classification.

Users can also see Tasks and Quick Actions in the work area. Sometimes risk managers perform multiple tasks like reviewing and approving unassigned tasks, to have all workflows within GRC embedded into one place. So, they introduced all the different workflows that meet risk assessments, risk events, issues, group tasks, and workflows assigned to the user to be consolidated and presented in one place so users can avoid going across multiple modules to complete tasks. x`

Issue management in the Risk Workspace

Issue management highlights significant experiences, quick action buttons, filters, and access to open issues, which are high priority and provide the user with all the information to manage issues in one place.

Issues overview tab shows the number of overdue problems, issue triages by state, issue type, priority, open and overdue remediation tasks associated with issues, and a count of evidence requests opened for issues, and issues assigned to member users group.

List view in the Risk Workspace features breadcrumb navigation for all GRC modules where the user can access all the modules from a single pane with the ability to navigate all the record links. User experience enhancements in the Risk workspace

Client experience improvements are valuable for new GRC users or clients who do not have a complete insight into GRC. A few improvements have been made in the new workspace to facilitate the way users perform their daily tasks.

Views of Risk Workspace 

• You can see the list view by clicking on the "List View" icon in the workspace. It provides a list of all modules.
• The record view delivers detailed information about any record.
• 360º relationship view lets you explore the connections between the several types of data that influence your business, like controls, risks, and issues.
• Breadcrumbs provide familiarity for the users and give access to navigate all GRC modules and the hierarchy of linked pages with related records.
• The consolidated issue page shows you detailed information about the status of issues assigned to a user.
• The overview page of records summarizes all information in a single view.

3. New Module: Heatmap Color Setting

Rome offers the "Heatmap color setting" option to view the criticality of Impact and Likelihood by utilizing a library of risk color styles to use in various assessment types and matrices. However, the heatmap representation can be configured for inherent and residual risks and used in dashboards to monitor the risk posture.

Image Source: Risk heatmap for classic risk assessment

4. New Module: Risk Overview

The Risk Overview module is a new feature that helps you identify areas of concern and quickly take immediate action. It delivers an executive view permitting Risk managers to identify high-risk entities promptly.

Image Source: GRC Risk Overview dashboard

The Risk Overview dashboard provides different types of reports - Inherent Risk Report, Residual Risk Report, Other Risk Reports, and Assessment Overview. To check all the risk action items, you can click on any report and go into the record you want to view.

For instance, look at the Inherent Risk Report tab in the overview. In this module, the Operational Risk Manager can track the risk posture of the organization, view high inherent to low inherent risk based on scores, and measure Inherent Annual Loss Exposures (ALE), Inherent Single Loss expectancy (SLE), and Annualized Rate of Occurrence (ARO). The same applies to the Residual Risk Reports. 

Overview - PA (Performance Analytics) Premium

"Overview – PA Premium" feature enables the Performance Analytics (PA) dashboards. Users can see the information for risk events and risk hierarchy. The performance analytics gives risk executives a graphical interface to create profiles and risk conditions. These connections empower reliable risk planning and display them across the enterprise.

To view Overview – PA Premium, you need to use Performance Analytics – GRC: Risk Management application scope.

5. New Module: Ask our Community Forum

While developing functionalities, you sometimes need to know the best approach and excellent practices to accommodate customers and avoid unintentional complications. Therefore, you need a place to get started and learn more about new Risk Management customizations.

In the previous versions of Risk Management, you could not ask in the community forum. In the Rome upgrade, ServiceNow implemented this new module under Risk, where you can browse the Now Community Forum directly from the instance.

While browsing the Now Community under Risk Management, you can see the step-by-step onboarding path for customers to lower their risk profile quickly, share best practices and thought leadership for a network of risk practitioners and NOW platform users. What's more, you can see many more questions and satisfactory answers.

INRY can help you get a quick risk assessment for your upgrade, plan your upgrade strategy, and provide an estimate for the upgrade. Feel free to contact us today!

About the Author

Pranathi is a ServiceNow Consultant at INRY with experience in GRC and Safe Workplace Solution Suite. She works on policy and compliance management, risk management, and business continuity management for multiple projects and fell in love with the client experience. In this article, Pranathi shares insights on how the new features in the ServiceNow Rome release simplify Risk Management activities and further develop efficiency. She loves to cook, play video games, and watch web series.