Relating SCTasks to Risk Assessment or Entities

thomasanton
Tera Contributor

‎04-24-2025 02:48 PM

Hey everyone,

I'm looking for insights on how to best enable business users to report IT risks in ServiceNow. Specifically, I'm interested in establishing a clear link between these reported risks (potentially via SCTasks) and existing Risk Assessments or Entities within the platform.

Has anyone figured out an efficient and user-friendly approach for this?

Thanks,

Thomas

0 Helpfuls
  • 536 Views
2 REPLIES 2

J Siva
Tera Sage

‎04-24-2025 09:05 PM

Hi @thomasanton 

Instead of using SC Tasks, you can create a record producer on the Issue (sn_grc_issue) table. This allows the user to select the entity and control linked to the risk. It will directly create an issue record under the specified entity and control. Then, risk/control managers can work on remediating or mitigating the issue.

Regards,
Siva

 

0 Helpfuls

ShafrazMubarak
Giga Guru

‎04-26-2025 11:27 PM

I would suggest to utilize the Risk Events feature for these kind of Bottom - Top approach in Risk. In the latest version, you have grc_employee role and you can grant to employees so that they can report the risks. 

 

If you really wanted to integrated with SCTASK/RITM which is already available, I would suggest you can use Risk Identification Process.

1) You need to create an entity type filter that will turn the RITM/SCTASK into an entity

2) Make sure the created entities are assigned to respective owners and entity class based on your requirement.

3) Create a new risk assessment methodology with risk objects and select the entity classes appropriately. 

4) Configure the Risk Identification Process for this.

 

This will make all your newly created entities (SCTASK/RITM) to be readily available created against risks or risk assessment. But the drawback on this process is the name of the entity will be same as SCTASK/RITM and you cannot change it. 

0 Helpfuls