Implementing a 3-class 2-tier risk taxonomy i ServiceNow - how?

Community Alums · ‎03-26-2025

In our risk management framework, we have defined and are using a non-financial risk taxonomy which helps in categorising risk and casual factors. We have based this on the ORX Risk Reference Taxonomy which suits us well. The taxonomy is made of three classes; event, cause and impact, and provides 2-tier structure for various categories in each class.

However, how do we implement this in a feasible way in the Risk Management application?

I have understood that by deselecting "Inherit from risk statement" one can use the Risk Framework and Risk Statement structure to emulate at least our event class, but no without caveats. We are considering using the "Category" field in the risk form for the impact class.

Thoughts and tips, anyone?

Priscilla Muiua · ‎05-05-2025

Hello,

Copying this response since you asked this same question twice and someone answered in another thread:

"

Hey there,

Hard to provide specifics without an example but one way this has been tacked is by doing the following.

What you call events should be loaded into the Risk statement table to then be used to create risk instances from for assessments.

Causes should be stored in the sn_risk_advanced_cause table. Consequences (or impacts) should be stored in sn_risk_advanced_consequence

You will have to do some additional configuration as part of this but you would create a many-2-many relationship between sn_risk_advanced_cause and the Risk statement and risk table, and the same for the sn_risk_advanced_consequence and the Risk statement and risk table. Ideally you would also set up a flow to copy the causes and consequences you link to a Risk statement to a risk as well to help with maintances"