Relating SCTasks to Risk Assessment or Entities
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2025 02:48 PM
Hey everyone,
I'm looking for insights on how to best enable business users to report IT risks in ServiceNow. Specifically, I'm interested in establishing a clear link between these reported risks (potentially via SCTasks) and existing Risk Assessments or Entities within the platform.
Has anyone figured out an efficient and user-friendly approach for this?
Thanks,
Thomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2025 09:05 PM
Hi @thomasanton
Instead of using SC Tasks, you can create a record producer on the Issue (sn_grc_issue) table. This allows the user to select the entity and control linked to the risk. It will directly create an issue record under the specified entity and control. Then, risk/control managers can work on remediating or mitigating the issue.
Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-26-2025 11:27 PM
I would suggest to utilize the Risk Events feature for these kind of Bottom - Top approach in Risk. In the latest version, you have grc_employee role and you can grant to employees so that they can report the risks.
If you really wanted to integrated with SCTASK/RITM which is already available, I would suggest you can use Risk Identification Process.
1) You need to create an entity type filter that will turn the RITM/SCTASK into an entity
2) Make sure the created entities are assigned to respective owners and entity class based on your requirement.
3) Create a new risk assessment methodology with risk objects and select the entity classes appropriately.
4) Configure the Risk Identification Process for this.
This will make all your newly created entities (SCTASK/RITM) to be readily available created against risks or risk assessment. But the drawback on this process is the name of the entity will be same as SCTASK/RITM and you cannot change it.