Hi Syed,

Indicators can be automated (= Scripted result) or manual (= Task assigned to someone, ending with a state of Passed or Failed). 

Examples of automated indicators would be check that all Servers in the CMDB are up to date, or that all LDAP passwords are less than 3 months old.
One example of manual indicator would be to ask the network admin that annual Network Penetration Test were conducted and the results attached to the task.

Indicator Results are used to trigger the creation of GRC Issues (Task to determine if some remediation is required), if a result indicates Failed or Not Passed. Assessment also can be used to achieve the same usage, but in the form of a questionnaire.
Indicator Templates can be linked to Policy Statements, or to Risk Statements, to automatically create Indicator for your Controls, or Risks.

Controls' status is also automatically calculated by the linked Indicator Results... And that may affect any linked Risks.
Risk's Calculated Risk Score is adjusted automatically by the Risk's Indicators results. There is a Indicator Failure Factor field in the Risk table that display the impact of those.

Please note that Indicators are not weighted. So, when looking at their impact on a Control or Risk they will all be considered equally. Indicators are not executed when Risks and Controls are in Retired state.

I hope this help!
∴
Best regards from Switzerland
Shiva, ServiceNow Architect and GRC Expert :¬,

If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.