Mary Hain
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
3 weeks ago
- edited
3 weeks ago
by
Shimoli Gandhi
To learn more about implementing IRM Risk Management, including setting up libraries, visit our IRM Risk Management Speed Learning Series on YouTube.
Risk libraries contain your organization’s risk frameworks and risk statements. In short, they enable the central cataloging and systemizing of your risk data. A robust library provides a common language for risk across the enterprise and creates a clear structure for ownership and reporting.
Before you set up your risk libraries, it’ important to understand two critical concepts: risk taxonomy and entities.
Start with a standardized risk taxonomy.
Risk teams need a shared framework to identify, assess, and report risks, while automatically rolling up scores from operational levels to enterprise oversight. Clear hierarchies enable you to trace risks across functions and maintain a consistent Risk Register. This IRM Risk Management Speed Learning Series of videos explains the basics of Risk Taxonomy.
Centralized risk data enables you to create an integrated view of your risk posture. A single system ensures that your Enterprise, Operational, and Technology risks are connected, transparent, and managed consistently.
Embrace entity management.
Entity management is the backbone of a scalable risk program. Entities—applications, processes, departments, infrastructure, or people—connect your risk taxonomy to the real-world assets you are assessing. In ServiceNow, you define entity types, classes, and tiers, then map them to risk statements.
As you add new entities or update existing ones, risk instances are automatically generated, keeping your risk data current and aligned.
By leveraging entity management, you can maintain consistency across functions, reduce manual effort, and scale the program as needed. As your organization grows, you will see the risk library evolve from a static repository into a dynamic, actionable tool. Here is a great resource on entities: How to Effectively Plan and Manage Entities.
The ServiceNow GRC: Workbench is a useful resource to visualize entity relationships during your implementation journey. Accessing the Workbench can help you create and manage entities and their risk relationships. The Workbench provides a clear visualization of how risks and assets are interconnected across your organization.
Lay a strong data foundation.
The maturity of your libraries is closely linked to the maturity of your risk program. Along with regular updates, standardized taxonomies and entity frameworks enable risk teams to move from initial setup to enterprise-wide adoption of ServiceNow IRM Risk Management with confidence.
Resources
- Unraveling risk terminology
- Entity Management – Whitepaper
- Deep dive: How to Effectively Plan and Manage Entities
- Automating Entity Management
- What is the GRC Entity Framework and how does it work?
- Entities for GRC and how to set them up
- Entity Management Process Guide (slide 21 onwards)
