Mary Hain
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on
12-22-2025
08:52 AM
- edited
3 weeks ago
by
shimoligand
Risk identification in ServiceNow Risk Management is the process of systematically capturing potential risks related to business entities. It ensures that risks are identified early, recorded, monitored, and reported on consistently.
Risk Identification Workflow (using Smart Assessment Engine)
Risk identification helps risk teams identify risks associated with applications, processes, services, or business units. It creates a structured entry point into the risk lifecycle.
The process begins when an entity is selected for review. A risk identification record is created to guide information collection. Questionnaires, powered by ServiceNow’s Smart Assessment Engine, are used to gather stakeholder input. These responses help surface potential threats and control gaps.
Workflows manage task assignments and status changes. This ensures accountability and traceability throughout the process. Watch the Risk Management Speed Learning Series video on the Risk Identification Workflow to learn more.
Risk Identification Agent
With the Dec 2025 release, our new AI-powered risk identification assistant guides users through smart, conversational workflows, pulling context from internal and external sources to surface critical insights and recommendations. Capturing all data related to a risk in one place ensures that risk managers have access to comprehensive, consistent, and up-to-date risk coverage for more informed decisions.
Organizations benefit from faster, smarter decision-making and improved operational efficiency. Using agentic processes for risk identification ensures that some common processes can be automated through an agent, with risk managers still in the loop. See a demo and review this Speed Learning video for a detailed walk-through of the feature.
Functional Outcomes of Risk Identification
Identified risks are stored in a centralized risk register. This enables tracking and reuse of data across risk activities. Captured risks can move directly into risk assessments, which supports timely evaluation of likelihood and impact.
Risk identification improves data quality for reporting. It provides a clear view of risk sources and patterns.
FAQs
1. Why do I need Risk Identification if I already have Risk Statements?
Risk Identification is about identifying risks associated with specific entities (applications, processes, and business units). Risk Statements define what risks look like at an enterprise level. Risk Identification connects the two — it helps you determine which Risk Statements apply to which entities and surfaces new risks that may be missing from your library.
2. What triggers the Risk Identification workflow?
When an entity is created, a Risk Identification record is automatically generated based on your Risk Identification configuration. The state depends on whether the Entity Owner field is populated. If so, it starts gathering information. A questionnaire is sent to the entity owner. If no owner is assigned, it stays in the status of new until one is added.
3. Can I use Smart Assessment Engine for Risk Identification questionnaires?
Starting with recent releases, you can create Risk Identification questionnaires using the Smart Assessment Engine's intuitive assessment designer. A migration utility is available in the ServiceNow store to move existing questionnaires into Smart Assessment.
4. What's the benefit of Smart Assessment for Risk Identification?
It offers a more user-friendly experience: modern drag-and-drop template builder, contemporary respondent experience that improves engagement and completion rates, better workflow integration, and future support for AI-powered capabilities.
5. What does the Risk Identification Agent do?
The agent uses conversational AI to automatically pull entity context, guide users through risk domain selection, and surface relevant risks from internal libraries, industry patterns, and external sources. It produces a consolidated, ready-to-triage risk list — reducing manual effort and ensuring consistent coverage.
6. Do I need Now Assist for IRM to use the Risk Identification Agent?
The Risk Identification Agent requires the Now Assist for IRM application and appropriate licensing. We recommend connecting with your account team for entitlement details. It's available starting with the December 2025 release.
7. Is the human still in the loop with the Risk Identification Agent?
Yes. The agent suggests risks and automates data gathering, but risk managers review and approve the results. It's designed to assist, not replace, human judgment.
Resources
- Product Documentation: Risk identification workflow
- Product Documentation: Configure risk identification
- Product Documentation: Smart Assessment Engine
- ServiceNow Store: Now Assist for IRM
- Speed Learning: Risk Identification Workflow
- Speed Learning: Risk Identification Agent Demo
- Community Article: Build your Gen AI skills using our Now Assist for IRM speed learning content
- Speed Learning Playlist: IRM Risk Management
- 1,001 Views
