Duplication of Risk Records
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2024 06:57 AM
I need a solution on how to address Duplicating Risk records.
The current build in the background prevents duplicate risks when there is the same combination of Risk Statement and Entity.
My use case would be that we have to itemize these across a fleet, so the same risk could exist across multiple locations and they each have their own treatment plans and timelines.
Is there a way to either shut this off or add an extra field to the duplication calculation?
For example, allow duplication as long as Risk Statement and Entity and CustomField are different?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2024 05:44 AM
It is not recommended to change this configuration to avoid duplicate risk creation and resulting in presenting wrong risk posture at the org level. but if the business requirement demands, There is a business rule "Enforce Unique Item" on Control/Risk [sn_grc_item] or table which control this behavior, this rule will validate the unique combination of risk statement and entity and display error message.
If I could help you with your Query then, please hit the Thumb Icon and mark as Correct. Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2024 05:51 AM
Enforce Unique Item was already inactivated. I am receiving the error in the image posted.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2024 05:48 AM
Why aren't your "locations" set up as entities?
What you have stated sounds like the reason ServiceNow provided entities and Entity types.
Without customization there is not a way to turn this off.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2024 05:53 AM
My entities are "business applications". I have these applications across a fleet of ships, and these apps have the same risk but we cannot mitigate at the same time. Could be a 6 month to 2 year period, depending on dry docking. We want to be able to measure risk and mitigations without leaving a risk open for 2 years, when half the fleet has been remediated.