Configuring two level of approval for Advanced Risk Assessment

Go to solution
Harsh Chitroda
Tera Contributor

‎10-22-2025 05:21 AM

Is it possible to configure a two-level approval process within the Risk Assessment workflow in ServiceNow Advanced Risk (IRM)?

 

  1. How can we design the approval process so that Level 1 (e.g., Risk Manager or Risk Owner) reviews and approves the assessment first, followed by Level 2 (e.g., Risk Approver or Risk Committee) providing the final approval?

Is there any guidance available on this?

0 Helpfuls
  • 681 Views
1 ACCEPTED SOLUTION

Go to solution
MaxMixali
Mega Sage

‎10-23-2025 09:29 AM

Answer — Yes, it is possible to configure a two-level approval process within the Risk Assessment workflow in ServiceNow Advanced Risk (IRM).

 

You can achieve this through a combination of Flow Designer (or the legacy Workflow Editor) and the Approvals [sysapproval_approver] framework — which supports sequential, multi-stage approvals natively.

 

Below is a detailed approach for implementing Level 1 and Level 2 approvals for Risk Assessments.

 

 

 

🔹

1. Understanding the Context

 

 

In IRM (Integrated Risk Management), the Risk Assessment (asmt_assessment_instance or a custom extension) can trigger approvals as part of the workflow or flow once an assessment is submitted.

 

You can configure approvals in sequence, such that:

 

  • Level 1: Risk Manager / Risk Owner reviews and approves first.

  • Level 2: Risk Approver / Risk Committee receives the request only after Level 1 approval.

 

 

 

 

🔹

2. Implementation Steps (Flow Designer method – recommended)

 

 

 

Step 1: Identify approval roles or user fields

 

 

In your Risk Assessment record, ensure you have reference fields that define:

 

  • risk_owner (Level 1 approver)

  • risk_approver or risk_committee (Level 2 approver)

 

 

If not available, extend the table and add these fields.

 

 

 

Step 2: Create a Flow for Risk Assessment

 

 

  1. Navigate to Flow Designer → New Flow.

  2. Table: asmt_assessment_instance (Risk Assessment).

  3. Trigger: When state changes to “Awaiting Approval” or On Submit, depending on your process.

 

 

 

 

Step 3: Add Level 1 Approval (Risk Owner)

 

 

  • Add an “Ask for Approval” action.

  • Record: current Risk Assessment.

  • Approvers: Data pill → Risk Owner.

  • Wait for: All approvals.

  • If approved → continue; if rejected → update state = “Rejected” and end flow.

 

 

 

 

Step 4: Add Level 2 Approval (Risk Committee / Risk Approver)

 

 

  • Add another “Ask for Approval” action after the Level 1 approval block.

  • Approvers: Data pill → Risk Approver or Risk Committee field.

  • Wait for: All approvals.

  • If approved → continue to closure; if rejected → update state = “Rejected”.

 

 

 

 

Step 5: Update States / Notifications

 

 

  • After both levels approve, add an Update Record action:

     

    • Set state = “Approved”.

     

  • Add email notifications for each stage via Flow Designer (Send Email actions) or use OOB Approval Notifications.

 

 

 

 

🔹

3. Implementation Alternative (Classic Workflow Editor)

 

 

If your environment uses legacy workflows:

 

  1. Open the Risk Assessment Workflow.

  2. Add two Approval activities in sequence:

     

    • Approval 1 → Assigned to Risk Owner.

    • Approval 2 → Assigned to Risk Approver or Risk Committee.

     

  3. Configure transition lines:

     

    • On approval → proceed to next approval.

    • On rejection → end or rollback to draft.

     

  4. Publish and attach the workflow to your Risk Assessment records.

 

 

5. Example Flow Logic Summary

Trigger: Risk Assessment Submitted

→ Ask for Approval (Risk Owner)

      if Rejected → Set State = Rejected → End

→ Ask for Approval (Risk Approver / Committee)

      if Rejected → Set State = Rejected → End

Set State = Approved

→ Notify Requester

 

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
MaxMixali
Mega Sage

‎10-23-2025 09:29 AM

Answer — Yes, it is possible to configure a two-level approval process within the Risk Assessment workflow in ServiceNow Advanced Risk (IRM).

 

You can achieve this through a combination of Flow Designer (or the legacy Workflow Editor) and the Approvals [sysapproval_approver] framework — which supports sequential, multi-stage approvals natively.

 

Below is a detailed approach for implementing Level 1 and Level 2 approvals for Risk Assessments.

 

 

 

🔹

1. Understanding the Context

 

 

In IRM (Integrated Risk Management), the Risk Assessment (asmt_assessment_instance or a custom extension) can trigger approvals as part of the workflow or flow once an assessment is submitted.

 

You can configure approvals in sequence, such that:

 

  • Level 1: Risk Manager / Risk Owner reviews and approves first.

  • Level 2: Risk Approver / Risk Committee receives the request only after Level 1 approval.

 

 

 

 

🔹

2. Implementation Steps (Flow Designer method – recommended)

 

 

 

Step 1: Identify approval roles or user fields

 

 

In your Risk Assessment record, ensure you have reference fields that define:

 

  • risk_owner (Level 1 approver)

  • risk_approver or risk_committee (Level 2 approver)

 

 

If not available, extend the table and add these fields.

 

 

 

Step 2: Create a Flow for Risk Assessment

 

 

  1. Navigate to Flow Designer → New Flow.

  2. Table: asmt_assessment_instance (Risk Assessment).

  3. Trigger: When state changes to “Awaiting Approval” or On Submit, depending on your process.

 

 

 

 

Step 3: Add Level 1 Approval (Risk Owner)

 

 

  • Add an “Ask for Approval” action.

  • Record: current Risk Assessment.

  • Approvers: Data pill → Risk Owner.

  • Wait for: All approvals.

  • If approved → continue; if rejected → update state = “Rejected” and end flow.

 

 

 

 

Step 4: Add Level 2 Approval (Risk Committee / Risk Approver)

 

 

  • Add another “Ask for Approval” action after the Level 1 approval block.

  • Approvers: Data pill → Risk Approver or Risk Committee field.

  • Wait for: All approvals.

  • If approved → continue to closure; if rejected → update state = “Rejected”.

 

 

 

 

Step 5: Update States / Notifications

 

 

  • After both levels approve, add an Update Record action:

     

    • Set state = “Approved”.

     

  • Add email notifications for each stage via Flow Designer (Send Email actions) or use OOB Approval Notifications.

 

 

 

 

🔹

3. Implementation Alternative (Classic Workflow Editor)

 

 

If your environment uses legacy workflows:

 

  1. Open the Risk Assessment Workflow.

  2. Add two Approval activities in sequence:

     

    • Approval 1 → Assigned to Risk Owner.

    • Approval 2 → Assigned to Risk Approver or Risk Committee.

     

  3. Configure transition lines:

     

    • On approval → proceed to next approval.

    • On rejection → end or rollback to draft.

     

  4. Publish and attach the workflow to your Risk Assessment records.

 

 

5. Example Flow Logic Summary

Trigger: Risk Assessment Submitted

→ Ask for Approval (Risk Owner)

      if Rejected → Set State = Rejected → End

→ Ask for Approval (Risk Approver / Committee)

      if Rejected → Set State = Rejected → End

Set State = Approved

→ Notify Requester

 

0 Helpfuls

Go to solution
Harsh Chitroda
Tera Contributor
In response to MaxMixali

a month ago

One follow-up question, do I need to configure an additional field during scoping for standalone risk assessment and risk assessment project?

Specifically, to let the user choose the 1st-level group and then the 2nd-level group, is there a requirement to introduce another field to support that setup?

 

HarshChitroda_0-1764192843681.png

 

0 Helpfuls