Duplication of Risk Records

brandoncalero · ‎06-03-2024

I need a solution on how to address Duplicating Risk records.

The current build in the background prevents duplicate risks when there is the same combination of Risk Statement and Entity.

My use case would be that we have to itemize these across a fleet, so the same risk could exist across multiple locations and they each have their own treatment plans and timelines.

Is there a way to either shut this off or add an extra field to the duplication calculation?

For example, allow duplication as long as Risk Statement and Entity and CustomField are different?

Rakesh Chigari · ‎06-04-2024

@brandoncalero

It is not recommended to change this configuration to avoid duplicate risk creation and resulting in presenting wrong risk posture at the org level. but if the business requirement demands, There is a business rule "Enforce Unique Item" on Control/Risk [sn_grc_item] or table which control this behavior, this rule will validate the unique combination of risk statement and entity and display error message.

If I could help you with your Query then, please hit the Thumb Icon and mark as Correct. Thank you

brandoncalero · ‎06-04-2024

Enforce Unique Item was already inactivated. I am receiving the error in the image posted.

Jan Spurlin · ‎06-04-2024

Why aren't your "locations" set up as entities?

What you have stated sounds like the reason ServiceNow provided entities and Entity types.

Without customization there is not a way to turn this off.

brandoncalero · ‎06-04-2024

My entities are "business applications". I have these applications across a fleet of ships, and these apps have the same risk but we cannot mitigate at the same time. Could be a 6 month to 2 year period, depending on dry docking. We want to be able to measure risk and mitigations without leaving a risk open for 2 years, when half the fleet has been remediated.