Evidence Requests/Tasks- different questions and responses needed on same entity/same control

Shirl22
Tera Contributor

Hello -- 

 

Wondering if the information provided below is correct and what recommendations you may have about best practice/best way to assign different evidence request questions that all pertain to the same entity on the same control, but that would need to be answered by different people (by this I mean, not assigning to a group, and it would be ideal if one parent evidence request could have multiple evidence collection details on the same control for the same entity, each assigned to a different "assigned to" -- but my experience with ServiceNow is that the system does not allow for this functionality). 

 

Here's my use case: 
  • I have 5 audit questions on the same entity and same control (or control objective) for the entity, but I need a different person to answer each of the 5 questions. 
  • In the Evidence Request module, the only way I can assign an evidence request task which contains a different question but the question is about the same entity and same control (or control objective) is to create a separate parent evidence request (EVR) and then an ECD (evidence collection detail) for the separate parent evidence request. 
  • For example, I'd create one EVR for Test Entity 1, Control 0020001, and one ECD assigned to the particular person (Person A) and containing question 1. 
  • I'd then create a second EVR for Test Entity 1, Control 0020001, and one ECD assigned to a different person (Person B) and containing question 2. 
  • Repeat this process three more times to create a total of 5 EVRs all for the same entity and same control and each with its own ECD -- and each ECD contains a different question and is assigned to the particular person who needs to answer the particular question. 
  • When I click the Request Evidence button on each of the five EVRs, an individual EVD is sent to the assigned to listed on the ECDs. 
 
This appears to be the only way the system will allow evidence to be collected on the same entity for the same control for a use case of different people needing to answer separate questions on the same entity and same control. 
 
Do you agree? 
 
Is there some other way to use ServiceNow to address this use case? 
2 REPLIES 2

Community Alums
Not applicable

Hi @Shirl22 ,

 We use Evidence collection primarily while using Audit management, else i would still stick to Indicator templates (manual indicators).

For Evidence collection, we can request it adhoc basis, it does not need to impact the control status, supports control tests can be multi-group effort and not mostly to the control owner only.

 

Hello Sandeep,

 

Thank you for your reply. I don't find it helpful since it does not answer my specific questions. I'm not looking for information about indicators. I'd like GRC users' responses to my specific use case and questions. 

 

Kind regards,

Shirl