GRC | How risk is impacting control posture

MR13
Tera Contributor

Hi folks - 

 

Trying to understand - how risk and control are linked. 

For example - let's say a risk is evaluated and a mitigating control is added, still the residual risk remains the high it doesn't change why?.

Secondly, when a control is moved from non-compliant to compliant, then what is the impact on the risk?

1 REPLY 1

Community Alums
Not applicable

Hi @MR13 ,

I believe you are using Classic Risk management, you won't see the Risk Rollup for this, you need to  use Advanced risk management for the same.

Please refer to my answer in this thread :https://www.servicenow.com/community/new-customers-policy-risk-forum/standard-risk-vs-advanced-risk-...