Control Assessment and Effectiveness - Control Environment Assessment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
In the assessment grid, the system is displaying all controls (both Key and Non-Key). My requirement is to have this grid display only key controls. However, I am unable to find a way to apply a filter directly to the grid to restrict the view. could someone point me to correct solution?
- Labels:
-
Integrated Risk Management (IRM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Buddy,
This is normal when using control environment assessments in RAM. The assessment grid is driven by the assessment scope, not by grid-level filters, which is why you’re seeing both Key and Non-Key controls.
Out of the box, there is no option to apply a filter on the Control Environment Assessment grid to only display Key controls. When the assessment is generated, ServiceNow pulls in all controls associated to the scoped control objectives, regardless of the Key flag.
My Recommendations are:
Control the scope of the assessment so it only includes control objectives tied to Key controls.
Create a separate Control Environment Assessment specifically for Key controls (this is the most common and recommended approach).
Leave the assessment as-is and filter on Key = true in reports or dashboards after the assessment is completed.
Customizing the assessment grid is technically possible but not recommended due to upgrade and support impacts.
Basically, filtering the grid itself isnt supported OOTB; scoping or separating assessments is the right way to meet this requirement.
Hope this helps my Friend 🙂
@sibayanchak - Please mark Solution Accepted and Thumbs Up if you found Helpful!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @sibayanchak ,
I have a solution for you.
Diectly It's not possible to select the control only that is marked as Key control.
But there is an alternate way that worked for me.
you may try that.
Create a Query Business rule in Control table :
Table : Control (sn_complaince_control)
Query : True
When : Before
Code :
(function executeRule(current, previous /*null when async*/ ) {
var addedquery = false;
var currentUserRole = gs.getUser().getRoles();
var gr = new GlideRecord('sys_user_grmember');
gr.addQuery('group', 'sys_id'); // any group who is using the risk management modules
gr.addQuery('user', gs.getUserID());
gr.query();
if (gr.next()) {
return;
} else if (currentUserRole.indexOf('admin') > -1) {
return; // all records visible for admin
} else if (gs.hasRole('sn_risk_advanced.ara_assessor')) { // check if the user is having only assessor role to conduct the assessment
current.addEncodedQuery('key_control=true'); // only key controls
addedquery = true;
}
} else if (!addedquery) {
current.addEncodedQuery("sys_idISEMPTY");
}
})(current, previous);
Use this code that will always return Key controls if the assessment it accessed by any user with 'sn_risk_advanced.ara_assessor' role.
Please try it and if you find it helpful then please mark it as helpful and accept the solution.
Regards,
Sagnic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Matthew_13 ,
I tried this solution. It will work because for the query business rule it will only show the records that is returned as an encodedQuery.
So please share your thoughts as well,.
Regards,
Sagnci
