GRC: Risk tables and hierarchy

Go to solution
S_53
Kilo Guru

‎04-30-2020 01:12 PM

hello all,

We recently installed few grc modules and I am trying to figure out the hierarchy of risk levels and tables. We have some custom framework already set up and we have Risk levels 1,2,3,4 as individual tables. Do we have such hierarchy in grc oob tables? Can anyone please brief me around risk and its tables. Thanks in advance!

@Chuck Tomasi @Pradeep Sharma 

0 Helpfuls
  • 7,800 Views
1 ACCEPTED SOLUTION

Go to solution
Eric Le Martre4
Kilo Guru
In response to S_53

‎05-01-2020 09:00 AM

Hi S.

IRM/GRC is built af a top-down architecture. You define your risk Hierarchy in the Risk Statements library. Then you build your Risk Universe (Entity Classes, Entity Types, Entities).

You apply your risk to some Entity types and it generates Risk Instances (sn_risk_risk).

There is not risk hierarchy at that level. A Risk Statement is only instantiated one towards a give Entity.

Now you can relate risk to upstream or downstream risks, from related entities, but not relate several risk instances for a same Entity.

 

Regards

Eric

View solution in original post

7 REPLIES 7

Go to solution
Eric Le Martre4
Kilo Guru
In response to S_53

‎05-01-2020 09:00 AM

Hi S.

IRM/GRC is built af a top-down architecture. You define your risk Hierarchy in the Risk Statements library. Then you build your Risk Universe (Entity Classes, Entity Types, Entities).

You apply your risk to some Entity types and it generates Risk Instances (sn_risk_risk).

There is not risk hierarchy at that level. A Risk Statement is only instantiated one towards a give Entity.

Now you can relate risk to upstream or downstream risks, from related entities, but not relate several risk instances for a same Entity.

 

Regards

Eric

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron

‎05-05-2020 10:06 AM

HI,

I agree with Eric, Risk module gives you flexibility to defined risk framework as per your choice.


Thanks,Ashutosh

Go to solution
Scott Ferguson
ServiceNow Employee
ServiceNow Employee

‎05-08-2020 01:30 PM

Think of risk frameworks as collections or groupings of risk statements.  It is a way for you to gather risk statements into a collection for easy association with entity types. 

The risk statements themselves have a parent field. The parent field allows you to configure an infinite number of levels to a risk hierarchy. 

find_real_file.png

The GRC workbench is then used to visualize the risk hierarchy model.

find_real_file.png

 

This is OOB.

Preview file
68 KB
Preview file
45 KB
Preview file
30 KB
Preview file
45 KB