Automatic Risk and Control relationship

George P
Tera Guru

‎12-07-2023 11:49 AM

It seems to me that if a Control Objective has been mapped to a Risk Statement, that a Control created based on that Control Objective should create a Risk related to the Control, but that does not happen.  Am I missing something?  Do something we customized break an OOTB function?

0 Helpfuls
  • 1,126 Views
6 REPLIES 6

Sebastien Fix
Giga Guru
Giga Guru

‎12-07-2023 12:45 PM

Hi, this is correct behavior.

 

One RS may have a series of potential COs to help mitigate it. Not all COs will always be applicable to every entity where the Risk is present. The mapping however will make it easier for you to pick the mapped COs to your risk.

 

While controls and risks records will not be auto-generated, linkages will occur in this sequence, where risks and controls records exist: The risks associated with the risk statement automatically inherit the controls associated with the control objectives with matching entities. 

 
 
https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-workspace-r...
0 Helpfuls

SanjivMeher
Kilo Patron
Kilo Patron

‎12-07-2023 12:48 PM

 

Based on the doc, the relationship is not created immidiately. 

A schedule job GRC Profile Generation generates the relation later.

https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-risk/task/t...

 


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

George P
Tera Guru
In response to SanjivMeher

‎12-07-2023 01:20 PM

I found this text at the provided link:
"When a control objective and risk statement are associated and the control entity matches the risk entity, the risk-control association is created."
Does that mean I need to manually create the Risk for every Entity before it links the Risk to the Control?

How does this function in relation to CAM where the Entity links to an Authorization Boundary?

0 Helpfuls

SanjivMeher
Kilo Patron
Kilo Patron
In response to George P

‎12-07-2023 02:06 PM

Based on the below, it should auto-map. Did you map the entity to both Control Objective and Risk Statement? Or did you just map to Control Objective?

https://www.servicenow.com/community/grc-forum/automatically-generate-controls-when-relating-an-enti...

 


Please mark this response as correct or helpful if it assisted you with your question.