Difference betweern Risk Assessment scheduler and Risk assessment Scope

Shital14
Tera Contributor

Helllo @Community Alums ,

 

I am new to GRC i want to find difference between Risk Assessment scheduler and Risk assessment Scope 

1 ACCEPTED SOLUTION

Community Alums
Not applicable
4 REPLIES 4

Community Alums
Not applicable

Hi @Shital14 ,

Welcome to IRM world firstly !!

You have to be clear one thing which is, these two terms goes hand by hand, which means that Risk Assessment scheduler and Risk assessment Scope works linearly, one after one. 

You will need to Scope the Risk assessment and then Schedule it.

Create a risk assessment scope to define and identify risks for an entity. Identify assessors and approvers for assessments, and define the frequency of assessments and then Schedule risk assessments automatically for multiple entities. The risk assessment scheduler helps the risk administrators save time by automatically initiating the assessments based on the frequency that you want.

You can initiate assessments after you create the scope. This process provides visibility and accurate reporting for the management team:

  1. Navigate to All > Advanced Risk Assessment > Risk Assessment Scope > Create.
  2. On form, fill in the fields.
  3. Right-click and save the form.
  4. (Optional) To view a summary of assessments, click the Summary section.
    The Summary section has the following fields. These fields are populated only when you add risks to the assessment scope and when you initiate assessments:
    • No. of risk assessments closed
    • No. of risks not assessed
    • No. of ongoing risk assessments
  5. Right-click to save the form.
  6. If you want to add existing risks, then do the following:
    1. In the Risks related list, click Add to add existing risks.
    2. From the Choose Risks window, select the risks that you want to add.
    3. Click Add Risks.
    4. To select control objectives that do not have a control for the entity, click Create from library.
    5. From the Choose Risk Statements window, select what risk statements to apply and click Create From Library.
    6. Click Initiate Assessments either for all the risk records or for the selected risk records.
      Ensure that the selected records are in either the Draft or Closed state.
    7. To add new risks, click New, fill in the details, and click Submit.
      The newly added risks appear in the Risks related list.
  7. To apply the new settings, click Settings.
  8. On the form, fill in the fields.
     
  9. To save the form, click Submit.
  10. To generate the assessments, click Initiate all assessments.
    When you generate an assessment, the assessor receives an email notification stating that the assessment is assigned to the assessor or to the assessor's group.

For Scheduling:

  1. Navigate to All > Risk > Risk Workspace.
  2. To get to Assessment Scheduler form, do any of the following:
    • On the home page, under Quick actions, click Schedule risk assessment.
    • Navigate to Risk Workspace > Risk assessment planning > Scheduled assessments and click New.
    The Assessment Scheduler form is displayed.
  3. In the General section, in the Risk assessment methodology field, select the risk assessment methodology.
    The First entity class field appears and is set to the corresponding class.
  4. Click Save.
  5. Click Select scope.
  6. Click Add entities and do the following:
    1. From the Entities window, select the entities that you want to assess.
    2. Click Add.
  7. To specify the settings that must apply to the assessments that are generated through the scheduler, do the following:
    1. Click Define assignment.
    2. In the General Assessor and Approver section, from the Assessor type field, select the assessors for the risk assessments.
    3. From the Approver type field, select an approver.
  8. To define the schedule, do the following:
    1. Click Define schedule
    2. In the General Assessor and Approver Schedule section, from the Frequency field, select the frequency of assessment.
    3. In the Assessment duration field, enter the number of days after which an assessment is considered overdue from the date of assessment initiation.
    4. In the Initiation date field, select the date on which you want to schedule an assessment.
  9. To initiate the assessments now or later, do one of the following:
    Option Description
    To initiate the assessments now
    1. Click Initiate assessments.

      The Initiate assessments confirmation window appears.

    2. Click Initiate.
    To initiate the assessment later
    1. Select the Initiate later option.

      The Initiation date field appears.

    2. In the Initiation date field, select the date on which you want to schedule an assessment.
  10. To initiate the assessments, click Initiate assessments.
    The Initiate assessments confirmation window appears.
  11. Click Initiate.

Result

The assessments are initiated. You can view all the scheduled assessments under Risk assessment planning > Scheduled assessments.

Community Alums
Not applicable

Hi @Shital14 ,

 

prashant_gadgil
Tera Contributor

Hello,

We have only GRC Risk Management, not GRC: Advanced Risk.

Then how do I schedule regular assessment to be done periodically ? 

I presume I wont have access to anything like Risk Assessment, Risk Assessment scheduler, etc?  

Community Alums
Not applicable

Hi @prashant_gadgil ,

Using Classic Risk you won't get Risk Assessment scheduler to Schedule or periodically do assessments.

It would manual while you are in "Assess" phase of a Risk Lifecycle.

https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-risk/concep...