Hi every one,Given the number of entities, how are using the Risk appetite and tolerance? are you defining them at the risk statement and autopopulated at the risk record? What is the goal of the risk appetite at the enity level? Your input is very a...
How to add fields from various tables into an audit report template if the template is in HTML format? Thanks
Greetings, I have the following questions in regards to relating an Entity directly to a Control Objective Is it possible to bypass mapping a Control Objective to an Entity Type and instead map the Control Objective directly to an Entity?What would b...
Hi Friends,We are trying to set up the Advanced Risk Assessment where the customer wants to assess each control on 2 factors say Design and Operating Effectiveness.But current OOB ServiceNow solution only provide ability to assess entire control envi...
What is the purpose and advantage/disadvantage of using the 'Applies to record' option on the entity record?
Hi Team, We are trying to set up Advanced Risk Assessment where customer asked to display some additional fields on the Inherent Assessment section. Current OOB layout does not have any dedicated field for Impact and it has only the calculated impact...
In the ServiceNow Regulatory Change Management, What is the difference between the Regulatory Alert and Source Document Alert?Are they related? And should one workflow be performed before another?
Hi Everyone, I have a requirement where I need to show the field message based on field value changes but the message contain a link which not possible in field message but client wants below that field only is there any alternate way to achieve the ...
I have created a scripted indicator to look at Test Results relating to a specific server class. The supporting data field should show all in scope Test Results but for some reason the option to look through all of the results is grayed out and only ...
Is anyone using GRC Audit Management to conduct SOX audits? If so, how are you flagging control test failures that are significant deficiencies or weaknesses? I'm seeing issues and observations but not seeing a way to flag either as a deficiency or...
All, We were advised by our Snow rep to use the Survey Designer instead of Attestation Designer due to the inability of AD to scroll through more than the initial screen resolution when we begin the design. I have to say not having this tested was a...
Hello 1. When a policy exception is created, the Source type can be selected as Policy, and the system forces you to select a policy. I would like to know what happens when a Policy is approved. 2. When the Source type is Control objective, control, ...
Does anyone know of an efficient way to solve for this use case or will it be solved for in upcoming versions? Build and Audience for a campaign - all users in Sys Group Y.Build a Policy Acknowledgement Campaign - Audience "Alll users in Sys Group...
We have noticed that each update to a policy creates a new knowledge article, example is policy 123 which had kb001 now has kb002 and kb003 if another change was done. the latest is the only valid one. The issue is these links back to KBs are shared ...
Hello IRM experts ! I would like to find a way to edit the Task tab in the Risk Workspace. In the Task tab, you can see the different IRM related tasks which are assigned to you such as Control Attestation, Issues, Risk Assessment etc. I would like ...
