GRC - Risk Statement - Cascade Changes - Risk State - 'draft'

Manus_Bolton
Tera Contributor

Hi All, 

 

Please can someone assist, when updating a Risk Statement, a OOB Business Rule - 'Cascade Changes' set the State of all risks to 'draft' I made the changes to the business rule to exclude updating the Risk state 'draft' when the risk.category is 'Operational', however it does not seems to be working.

 

Any Advise would be appreciated , please find script below: 

 
(function executeRule(current, previous) {
    var risk = new GlideRecord('sn_risk_risk');
    risk.addQuery('content', current.sys_id);
    risk.addQuery('instance'true);
    risk.query();

    while (risk.next()) {
        // Update the risk name if it matches the previous name
        if (risk.name == previous.name) {
            risk.name = current.name + '';
        }
       
        // Update other fields
        risk.description = current.description + '';
        risk.reference = current.reference + '';
        risk.category = current.category + '';
        risk.type = current.type + '';
        risk.classification = current.classification + '';
        risk.attestation = current.attestation + '';

        // Check if the risk category is not "IT risk" before setting the state to "draft"
        if (risk.category != 'Operational') {
            risk.state = 'draft'// Set state to draft only if category is not Operational
        }

        // Update the risk record
        risk.update();
    }
})(current, previous);



Look forward to your support and recommendations. 
Regards
M
4 REPLIES 4

Shivalika
Mega Sage

Hello @Manus_Bolton 

 

What is the backend values of "Operational" and "Draft"  value in state field ? It doesn't works when you give frontend value. 

 

Additionally change that to - 

 

If(!(risk.category == 'BACkEND VALUE OF OP'))

risk.state = 'BACKEND VALUE OF DRAFt';

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

 

 

 

Shivalika
Mega Sage

@Manus_Bolton Additionally I wanted to ask that if risk category is not operational you want it to match parent's state right ? 

 

Then add "Else" block to your IF Also - 

 

else 

risk.state = current.state //AS You HAVE OTHER FIELDS UPDATED. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

 

Manus_Bolton
Tera Contributor

Hi @Shivalika , 

 

Thank you for your feedback, I suppose you referring to 

sn_risk.risk.category.Operational , I will test this. 
 
Thank you Manus

ShafrazMubarak
Giga Guru

Your current script updates the risk.category field before it checks if (risk.category != 'Operational') to decide whether to set the state to 'draft'. 

This means that if the Risk Statement's category is not 'Operational', the risk.category variable inside the loop gets set to that new category first. Then, the if condition checks this new category value. If that new category is also not 'Operational', the state will be set to 'draft', even if the original Risk record was 'Operational'.

You want to prevent the state from becoming 'draft' if the Risk record's category is 'Operational' at the time the loop is processing it, regardless of what the Risk Statement's category is changing to.

 

You need to move the check for the 'Operational' category before you update the risk.category field within the loop, or ensure the state change only happens if the category is not Operational after the update.

The simplest way to implement your requirement (Prevent draft if the risk ends up as 'Operational' or was 'Operational before this update) is to place the state update conditional on the category after you've applied the changes from the Risk Statement.

(function executeRule(current, previous) {
    var risk = new GlideRecord('sn_risk_risk');
    risk.addQuery('content', current.sys_id);
    risk.addQuery('instance', true); // Assuming you only want to affect Risk instances, not other statements
    risk.query();

    while (risk.next()) {
        // Check if the risk name matches the previous Risk Statement name before updating
        // This prevents overwriting a manual change on the Risk name
        if (risk.name == previous.name) {
            risk.name = current.name + '';
        }

        // Update other fields based on the current Risk Statement
        risk.description = current.description + '';
        risk.reference = current.reference + '';
        risk.category = current.category + ''; // Update the category
        risk.type = current.type + '';
        risk.classification = current.classification + '';
        risk.attestation = current.attestation + '';

        // --- IMPORTANT CHANGE HERE ---
        // NOW, check if the category is NOT 'Operational' AFTER it potentially has been updated
        // If the category is 'Operational' (either it was and wasn't changed, or it was changed to Operational),
        // this condition is false, and the state will NOT be set to draft.
        if (risk.category != 'operational') { // <-- **Also check the case and exact value!**
             risk.state = 'draft'; // Set state to draft only if category is NOT Operational
        }
        // --- END IMPORTANT CHANGE ---


        // Update the risk record
        risk.update();
    }
})(current, previous);