Preparing for your IRM Risk Management adoption

Note: This is a developing series, and we’ll continue to release new content over time. Bookmark this page to stay up to date and let us know in the comments what topics you’d like to see.

 

Welcome to the Speed Learning Series for IRM Risk Management where you’ll find everything you need to succeed with ServiceNow Risk Management, one of the core apps in our Integrated Risk Management (IRM) suite of products.

 

The Classic Risk Management app within IRM provides a centralized solution to identify, assess, mitigate, and continuously monitor enterprise, operational, and IT risks that may negatively impact your business. It enables organizations to establish risk frameworks, perform basic assessments, and implement workflows to manage risks and issues effectively.

 

The app also supports a range of risk response strategies—such as accept, mitigate, share, or decline risks—while offering continuous monitoring of risk exposures. The Advanced Risk app offers risk assessment methodologies for additional structure and analysis.

 

Here are some of the Risk Management app’s key capabilities to help you get started:

 

Planning and preparation

Features that help you centralize your risk statements, which group individual risks, and risk frameworks, which organize statements into categories, and your risk authority documents and citations.  It also stores your policies, control objectives, controls and organizational data. By setting up a library as a central repository, the risk team can easily access and share information across the organization.   

 

Libraries >

Identification and evaluation

Features that help you analyze, identify, and understand risks that might affect your organization. This is where you identify integrated risk workflows, both manual and automated, link risk frameworks to risk statements, and specify actions in case of a breach. Assessments enable you to gather information from first-line users and assign the appropriate risk responses, including issue creation. The identification and prioritization of these risks are shaped by the organization’s risk appetite.  

 

Assessments >

 

Appetite (Coming soon) >

 

Identification (Coming soon) >

 

 

Enterprise monitoring and review

Features that help you effectively manage risk events by tracking end-to-end lifecycles of financial and non-financial losses – both potential or actual, near misses, and gains.  You can also manage external losses using Operational Risk Management. Continuous monitoring enables you to be aware of these events and enables measurement of their impact.

 

Events (Coming soon) >

 

Indicators and insights

Features that help you identify and collect indicator data, detect risk events caused by non-compliant data, and proactively address them before an audit. Indicators enable you to verify that your risk management program is fully aligned to your organization’s risk goals and appetite. Platform Analytics enables you to generate manual and automated reports and keep executive leadership updated on the risk program.

Indicators and Metrics (Coming soon) >

 

Speed Learning Series – IRM Risk Management playlist

Risk Taxonomy

Classic Risk Assessment

Advanced Risk: Setup and Navigation

Risk Assessment Lifecycle

Risk Assessment Methodology

Advanced Risk Assessments

Now Learning

GRC: Integrated Risk Management (IRM) Implementation

GRC: Classic Risk Assessment Fundamentals

GRC: Integrated Risk Management (IRM) Implementer (learning path)

GRC: Integrated Risk Management (IRM) Simulator (Xanadu)

Platform Analytics (PA) Overview

 

FAQs

1. What is the main purpose of ServiceNow Risk Management?
   ServiceNow Risk Management is designed to help organizations identify, assess, respond to, and monitor risks in a structured and automated way. It enables ongoing control and visibility into organizational risks.

 

2. What are the key steps in the risk management process within ServiceNow?
   The process involves identifying risks, assessing their impact and likelihood, responding with appropriate actions, and monitoring risk status and mitigation progress over time using indicators.

 

3. How do I create and document a new risk in ServiceNow?
   You can create a new risk directly in the app by filling out details such as risk type, description, potential impact, likelihood, and affected business areas. The app tracks each risk as a record in the system.

 

4. Can I assign ownership and responsibility for risks in ServiceNow?
   Yes, you can assign a risk owner and related stakeholders to each risk record. This helps clarify accountability and ensures risks are actively managed and monitored.

 

5. How does the app help with risk assessment and prioritization?
   ServiceNow offers built-in tools for scoring risks based on impact and likelihood, helping you prioritize which risks need immediate attention or escalation.

 

6. What options does ServiceNow provide for managing risk response actions?
   You can document and assign mitigation, acceptance, or avoidance actions within each risk record, track its status, and automate workflow steps for follow-up.

 

7. How can I monitor ongoing risk activities and outcomes?
   You can use dashboards, reports, and automated notifications in ServiceNow to monitor risk status, progress on mitigation actions, and overall risk trends across your organization.

 

8. Where can I find guidance or support to set up risk management workflows in ServiceNow?
   ServiceNow provides in-app documentation, product documentation, and an active user Community with best practices for configuring and operating risk management processes. Instructor-led and on-demand resources are also available for new users and administrators in ServiceNow University.