Capturing Lessons learned in the risk management module
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-24-2025 07:57 AM
Subject: Best Practices for Capturing Lessons Learned in ServiceNow Risk Management
Hi ServiceNow Community,
I'm looking for best practices on how to effectively capture lessons learned within the Risk Management module in ServiceNow. Our goal is to create a system where we can document, track, and apply lessons learned to improve our risk management processes.
We're particularly interested in understanding how other organizations are:
- Capturing lessons learned: Are you using a dedicated table/field within the Risk Management module, or are you leveraging a separate application (e.g., Knowledge Management)? What specific fields are you using to capture relevant information (e.g., description, category, related risk, recommendations, owner, status)?
- Linking lessons learned to risks: How are you connecting lessons learned to specific risks within the system? Is it through related lists, custom fields, or other methods?
- Integrating lessons learned into risk processes: How do you ensure that lessons learned are considered and applied in future risk assessments, mitigation planning, and other risk management activities? Are you using workflows, approvals, or other automation?
- Reporting and analyzing lessons learned: What reporting mechanisms are you using to track lessons learned and identify trends? Are there any best practice reports or dashboards you can recommend?
- Managing the lifecycle of lessons learned: How do you manage the lifecycle of a lesson learned, from initial capture to implementation and eventual closure?
Any insights, examples, or best practice recommendations you can share would be greatly appreciated. If you have any resources (e.g., articles, community posts, or even examples from your own implementation) that you think would be helpful, please feel free to share those as well.
Thanks in advance for your help!
Best regards,
Thomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2025 04:26 AM
Capturing:
Continual improvement would, I would argue, be best served by using the Continual Improvement Management module, assuming you/your customer is licenced. This is because it is designed for it and has a modular, agnostic and structured nature by default for improvement actions.
Otherwise, I'd argue that combination of Issues and their Remediation Tasks (maybe with dedicated "type=Lesson" fields) to handle lessons and their associated fixes are the easiest and cheapest way of not customising
Linking:
As above, linking Issues and/or CIM artefacts would be my recommendation
Integrating:
Having a regular Control Indicator that adopts anything by changing/updating the Risk Assessment? nice and easy and clean
Reporting:
If CIMs, then you'll have dedicated analytics else you can use the Type=Lesson data point above to isolate and report?
Managing lifecycle:
Deming cycle Plan-Do-Check-Act type approach? Or use OOTB CIM or Issue/Rem Task with a linked IRM Policy (Type=Procedure) to ensure you're getting the process/outcomes you want?
hth
R
(If helpful, please mark as so to help others)