Risk Calculation in Advance Risk Management

Rakesh11
Tera Contributor

We are planning to implement Advance Risk Management for one our customer.
We need to understand how all the risk calculation happened from back end.

Risk calculation for below fields:

Inherent Risk/Score,

Residual Risk/Score,

Aggregate Risk Scores etc.

 

I am new to GRC module , please help me to understand end to end risk calculation in Advance risk management.

3 REPLIES 3

jaikishan1
ServiceNow Employee
ServiceNow Employee

Hi @Rakesh11 ,
The inherent and residual scores for risk are calculated using the risk criteria, likelihood, and impact. These are defined while setting up the Risk Assessment Methodology.
You can find the details on how the calculation is done in below answer:
https://www.servicenow.com/community/grc-forum/inherit-and-residual-risk-scores-calculation/m-p/2352...

 

Aggregation of the scores can happen on entity hierarchy, statement hierarchy or both. The aggregation can be based on sum, average, maximum, minimum. The individual assessment scores gets aggregated at the entity and risk statement level and reports can be generated on them.
More details can be found in the below provided document:
https://docs.servicenow.com/bundle/washingtondc-governance-risk-compliance/page/product/grc-risk/con...

 

You can also refer to this video explaining the steps involved:
https://www.youtube.com/watch?v=Bn03SrHCpr4&ab_channel=ServiceNowCommunity

 

Please mark the answer as helpful if it answers your queries.

Please mark this as helpful if it solves your query.

Regards,
Jai

Community Alums
Not applicable

Hi @jaikishan1 ,

The link you shared of my answer that's for classic risk management not Advance Risk .

Hello @Rakesh11 ,

For Advance Risk, all you want to know is how RAMs are configured as that's the whole thing which will tell you how to use Advance Risk and Risk calculations as the calculations happens based on assessments being taken.

The risk assessment is performed for the following: 

  • Inherent risks
  • Effectiveness of controls
  • Residual risks
  • Target risks

At a whole you need to follow the below thumb rule:

1. Configure a risk assessment methodology.

2. Create a risk assessment scope and initiate assessments or Create a risk assessment scope in the Risk Workspace.

3. Perform advanced risk assessment in the Risk Workspace.

 

Hope this helps you!!