Cobit 2019
Apart from sheets df 1 - df 10, which other sheets must be filled in or changed in the toolkit?What is the actual use of df1-map and others?
Forum Posts
Risk Assessment Scope Approval
Hello, We had a customer provide a requirement in which they want to review and approve the scope of a risk assessment and all the responses after the completion of all the assessments. Essentially they want a way to show an entity owner signing o...
GRC - Risk manager unable to see buttons for mitigation task
Our scenario is that our compliance team has created a Risk and it is owned by a standard GRC user. The assessment was taken and the response was set to mitigation. A mitigation task opened as expected and the GRC user who is assigned to the task wro...
M2m table List View is not showing the Information even though Read and Write Access is configured
Hi Friends,I am facing an odd issue that, Step 1: I have configured an m2m table to select Dependent Business Process for BIA ( Business Impact Analysis ) record.M2m TableStep 2: I have also added Access Controls on this m2m table (Create, Read and W...
Resolved! Test Templates Vs Test Plans
HiWhat is the difference between a test template and test plan? Looking at the system architecture the test templates are linked to the control objective which in turn than links to the test plan when generating a control test. What is the reason for...
How to retreive task number in email notification
Hi Team,I am using GRC Module in ServiceNow. In GRC under policy and exception management task is created. I need to fetch task number in email notification along with link. How to fetch it. Could anyone help me on this.
Date validation
In pm_project table,1. How to check current date is 30 days greater than project start date.2. There should be a minimum of 5 recourse plans tagged to Project.
Risk Response and Object based risk assessments in ARA
According to the SN documentation for Vancouver for Advanced Risk Assessments, the risk response workflow is not available for object-based risk assessments. What are the alternatives to document a risk response? For example, if I do an object-based ...
How are risk scores calculated after multiple assessments completed?
When there are 2, 3, 4, or more Tiering Assessments or Vendor Risk Assessments – all with different scores – how does the system arrive at just one overall value at the Vendor (Company) level? For example, Company XIt’s Risk rating is “4 – Low”.This ...
Resolved! Third Party Risk - Due Diligence Request - Vancouver Release
Hi, The Vancouver release of TPRM provides a catalog item that can be used to submit a due diligence request for a number of scenarios. My question is related to option to onboard a new engagement. Per ServiceNow documentation, we are informed the ...
Process inbound emails for locked out vendor contacts
Hi, We have users with vendor_contact roles i.e. vendor contacts. Usually after few days of inactivitiy from vendors, we are locking the vendor accounts. However, when we receive emails from them, the emails won't be processed as the field "locked ou...
Resolved! Difference betweern Risk Assessment scheduler and Risk assessment Scope
Helllo @Community Alums , I am new to GRC i want to find difference between Risk Assessment scheduler and Risk assessment Scope
Notification remainders for due 60 days
Hello Experts, Scenario: In policy form we have a fields called "valid to" and "approver" , if a person selects the policy valid to date as 25-03-2024, then it should send the notification to the Approver.For example: Valid To field count the days fr...
HOW TO ACHEIVE This requirement by using workflow
"Generate an approval request for any table. If the approval status remains 'requested' for 3 days and is not approved, send a notification reminder. Then, if the approval is still in the 'requested' state after 5 days, check again. If it is still 'r...
