Implementing a 3-class 2-tier risk taxonomy i ServiceNow - how?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-26-2025 11:40 PM
In our risk management framework, we have defined and are using a non-financial risk taxonomy which helps in categorising risk and casual factors. We have based this on the ORX Risk Reference Taxonomy which suits us well. The taxonomy is made of three classes; event, cause and impact, and provides 2-tier structure for various categories in each class.
However, how do we implement this in a feasible way in the Risk Management application?
I have understood that by deselecting "Inherit from risk statement" one can use the Risk Framework and Risk Statement structure to emulate at least our event class, but no without caveats. We are considering using the "Category" field in the risk form for the impact class.
Thoughts and tips, anyone?
- Labels:
-
Integrated Risk Management (IRM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2025 05:43 AM
Hello,
Copying this response since you asked this same question twice and someone answered in another thread:
"
Hey there,
Hard to provide specifics without an example but one way this has been tacked is by doing the following.
What you call events should be loaded into the Risk statement table to then be used to create risk instances from for assessments.
Causes should be stored in the sn_risk_advanced_cause table. Consequences (or impacts) should be stored in sn_risk_advanced_consequence
You will have to do some additional configuration as part of this but you would create a many-2-many relationship between sn_risk_advanced_cause and the Risk statement and risk table, and the same for the sn_risk_advanced_consequence and the Risk statement and risk table. Ideally you would also set up a flow to copy the causes and consequences you link to a Risk statement to a risk as well to help with maintances"