Dear Community, I have below scenario for Risk Assessment and want to check your openinon - We have 2 different RAMs with same Class and currently If we perform Risk Assessment on (Risk Register R1) with Entity "Fashion" , the same (Risk Register R1)...
Can someone please guide me for the following scenario I am trying to setup . I have a control that no user should have admin rights . I am now designing an indicator for this control . This will be a manual indicator , but in supporting data i...
Hi, We did some testing to see how the answers affect Risk Statements and Control Objectives. We delete the attestations but the results are not removed from the Control Objective Compliance Score. Is there a way to reset all the scoring for Entity ...
Hi Team, I want to create a report on audit management. Client has shared us few fields which they have for audit, we have mapped those fields with the fields which we have in servicenow. Few fields belongs to engagement table and few fields belongs ...
There were some instances where the users contacted us asking to modify their responses as they misunderstood the questions or they had incorrect information at the time. Policy violation and fraudulent aside, from a technical perspective, is there a...
Hello, How can we map all IT Assets from CMDB to IRM Module in best effective way so that we can do Reporting on the Threat & Vulnerabilities associated with all IT Assets ? Do we need to create all IT Assets (CI Records) as Entity Records as a manda...
Can anyone please explain how compliance score is calculated. I'm using pdi (personal development instance) with servicenow sample data (san diego) In attached screenshot can anyone please explain why control is non compliant but control objective co...
New to ServiceNow and trying to clean up some older/stale policies. I have three records in "Awaiting Approval" state but do not show in the approval queue for the listed "Approver." How might I approach setting the records back to a Draft state t...
We are setting up GRC and using OOTB as much as possible but we have a slightly different response to our Risk Acceptance workflow. The OOTB behaviour is that the response approach of 'Accept' for a risk requires an approval from the risk owner. We w...
According to the IRM training guide Controls in the Draft, Retired or Not Applicable state are not included in the Control Objective Compliance Score Calculation. However, possible states of Controls are: draft, attest, review, monitor, retired, so N...
Hello Experts, I have seen in the attestation level the user able to re-assign the attestation's, If the user want to Delegate the attestation tasks. How to proceed. * added delegated user in the User profile, but delegated user did receive the at...
I have a notification with the following line. Evidence Collection Instructions: ${mail_script:evidence_evidence_collection_instructions} Looking at the mail script, I have the following. Line 7 & 8 should point to the following field on the screen...
When previewing a document template for BCM the document shown displays in Calibri font, as intended. However, when we generate PDF documents from BIAs Plans or Events the system changes the font to either Arial or times new roman. I have changed all...
Hello All, Can someone please help in providing the references for study material or Question dumps for CIS - Risk and Compliance certification? I have the eBook with me which I got during training. Thanks in Advance.
Hi all, I have a question about the new feature of the Confidentiality flag for audit and compliance records. It refers to "My tasks" in the workspace. Does that mean this feature is only available with the workspaces? Thanks. M.
