Risk Assessment Questionnaire Calculation

Fed3
Kilo Explorer

Hi there,

I have implemented some risk assessment questionnaires based on my client requirements. However, once the questionnaire is filled and submitted, the score dis not affected in the scoring tab within the risk record.

find_real_file.png

 

 

Is the scoring automated based on the assessment questions response or it is meant to be manually entered?

find_real_file.png

PS: this is not vendor risk management but just risk management

Thanks for your help

Fed

6 REPLIES 6

p t1
Kilo Sage
Kilo Sage

Hi,

 

Risk Scoring is calculated based on Default Scores given in risk Statement. 

 

 

find_real_file.png

Fed3
Kilo Explorer

thanks for your reply.

two questions:

 

Are you saying that is predefined and manually enter in risk statement?

Risk can be assessed separately depending on risk profile linked and so the score can be different. I believe the assessment questionnaire is to define the score?  otherwise What is the risk assessment there for then?

Hi,

you Have to enter data manually in risk statement..

check risk critiria table..

1.go to navigator

2.type risk critiria

and check

Thanks

 

Jan Spurlin
ServiceNow Employee
ServiceNow Employee

Currently, the risk scores are not adjusted based on the answers to the risk assessment.  I'm pretty sure that is in the backlog of enhancements. I think it is difficult because customers can change those questions - it is just a survey.

Preethi is right that the SLE and ARO are inherited from the Risk Statement, however it is intended that they should be modified on the registered risk - because as you state the values could be different for each profile.

On the registered risk, in addition to the SLE and ARO you also have the ALE and Score.  These are calculated.  For Inherent and Residual, the ALE is SLE x ARO.  The score is a look up on the Risk Criteria table that Preethi referenced.

The Calculated ALE and thus score are adjusted based on Controls and Indicators.  On the Registered Risk there is a tab called Monitoring. there you find the Calculated risk factor.  This value is the average of the Control failure factor and the Indicator failure factor.  

The control failure factor is driven by control compliancy and their weight.

Indicator failure factor is driven by the result of the indicator. Pass/Fail

Then this formula is used to determine the Calculated ALE

find_real_file.png

Then the value that is returned is used to look up a risk score on the Risk Rating scale and that is updated in the Calculated Score field.