IRM - Issue Management

prashant_a_
Kilo Contributor

3 weeks ago

Hi Community — I am looking for an IRM Issue Management implementation guide, as well as information on OOTB issue fields, configurations, and notifications. Please guide me.
0 Helpfuls
  • 544 Views
4 REPLIES 4

Karin4
ServiceNow Employee

2 weeks ago

The content you are looking for is all the Best Practices site (formerly NowCreate). You can log in and find implementation and process guides.

 

Here is a link to the GRC Issue Management Process Guide: https://mynow.servicenow.com/now/best-practices/assets/grc-issue-management-process-guide

0 Helpfuls

Aditya_hublikar
Kilo Sage

2 weeks ago

Hello @prashant_a_ ,

 

Below is a simple and clear explanation of IRM Issue Management based on the Yokohama release, covering how it works OOTB, key tables, lifecycle, roles, approvals, and notifications.

What is Issue Management in IRM?

Issue Management in ServiceNow IRM is used to track, manage, and remediate issues identified during audits, risk assessments, indicators, control testing, attestations, or risk events.

An Issue represents a confirmed weakness or problem that needs to be analyzed, responded to, reviewed, and closed.

Why Issue Management is important

It helps organizations to:

  • Identify operational and control weaknesses

  • Focus on high-risk issues

  • Track remediation actions

  • Avoid duplicate issues

  • Improve risk and compliance posture

How Issues are created (OOTB)

Issues can be created in multiple ways:

  • Automatically when:

    • An indicator fails

    • A control attestation is marked Not Implemented

    • A control test is marked Ineffective

    • A risk event occurs

  • Manually by GRC users (Audit, Risk, Compliance)

  • Via Issue Triage when employees report issues through the Service Portal

Issue lifecycle (OOTB)

The standard Issue lifecycle includes these states:

  1. New – Issue is created and assigned

  2. Analyze – Issue details are reviewed and enriched

  3. Respond – Response selected (Accept or Remediate)

  4. Review – Optional review by Issue Manager

  5. Closed – Issue closed as Complete or Incomplete

This lifecycle is OOTB and recommended to follow for easier upgrades.

Key Issue table

  • Issue table: sn_grc_issue
    (This table extends the Task table)

Issues are linked to risks, controls, policies, entities, and engagements using OOTB related lists (M2M tables).

Issue Triage (optional but powerful)

Issue Triage allows business users / employees to report issues via the Service Portal.

Triage helps decide whether a reported item is:

  • A real Issue

  • A Risk Event

  • A Recommendation

  • Noise / Non-issue

Based on classification, triage issues are automatically assigned to:

  • Risk Managers

  • Compliance Managers

  • Triage Teams

Roles involved (OOTB)

  • Business User – Reports issues

  • Issue Owner – Resolves the issue

  • Issue Manager / Manager Group – Reviews and approves issues

  • Risk / Compliance / Audit Users – Analyze and manage issues

Remediation Tasks

If the response is Remediate:

  • One or more Remediation Tasks can be created

  • Each task has its own lifecycle (Open → Work → Review → Closed)

  • Issues can be auto-closed once all remediation tasks are completed

Approvals & Notifications

  • Approvals are handled via Flow Designer or Approval Rules

  • Approval records are stored in sysapproval_approver

  • Approvals typically go to:

    • Issue Manager

    • Risk Manager

    • Compliance Manager

    • Configured approval groups

OOTB notifications exist for:

  • Issue creation

  • Assignment

  • Overdue issues

  • Approval requests

  • Issue closure

Reporting & Workspace

Issue Workspace provides OOTB reports and dashboards such as:

  • Issues by state, type, and rating

  • Overdue issues

  • Issue triage aging

  • Remediation task status

  • My Issues / My Group’s Issues

Key takeaway (simple)

Issue Management in IRM is a structured, end-to-end process to identify, analyze, remediate, and close issues across Risk, Compliance, and Audit, using OOTB lifecycles, roles, approvals, and reports.

 

 

You can also refer this : 

https://www.servicenow.com/community/new-customers-policy-risk/2024-q1-grc-back-to-basics-issue-mana...

 

 

https://mynow.servicenow.com/now/best-practices/assets/grc-issue-management-process-guide

 

 

Hope this helps.
If this answers your question, please mark it as Helpful and Accept as Solution 😊

Regards,
Aditya

0 Helpfuls

Simon Hendery
Tera Patron

2 weeks ago

lol, @Aditya_hublikar. just because it's possible to copy and paste from ChatGPT, doesn't always mean you should. 😆

Vinod54
Tera Expert

2 weeks ago

Hello @prashant_a_ 
ServiceNow's best practice site gives you OOTB process guide, Use cases, documentation and lot more. Please review it and you can also download those documents from the site. 

https://mynow.servicenow.com/now/best-practices/homehttps://mynow.servicenow.com/now

Thanks,

Vinod Kumar M

If this answers your question, please mark it as Helpful. 

 

 

0 Helpfuls