Risk Events vs Issue Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2024 09:47 AM
Hi there,
I would like to know what is difference between Risk Events and Issue management. Which option should we choose to implement in Risk Management and based on which reasons?
Many thanks.
Armine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2024 12:21 AM
Hi @Armine John ,
Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization. Risk events are also known as loss events or loss entries.
To effectively manage risks, it's essential to monitor risk events. You must relate them to existing risks, perform a root-cause analysis, and track the remedial tasks. Organizations use risk events to understand their losses and to manage their risks more efficiently. Risk events do not only lead to losses. At times, risk events also result in gains for an organization. For example, in the banking industry, if there’s an error in a trading algorithm, it might result in a gain for an organization.
Any employee can report a risk event. After a risk event is reported, it is analyzed by the risk manager.
- Internal risk events
- Events that occur within your organization.
- External risk events
- Events that occur in other organizations but are shared with the industry to ensure that other organizations can prevent them.
- Concrete data that enables you to better quantify and validate existing risks.
- Visibility into new risks because risk events often recur.
You can view the risk events dashboards by navigating to Risk Events > Overview.
You can measure the effectiveness of your company's risk management program by how quickly and completely it identifies and reacts to risk and compliance issues.
- Employees and business users within your company can self-identify an issue and submit it via the ServiceNow® Service Portal. Following submission, a triage issue is automatically created and the issue triage process begins.
- GRC users can manually create an issue from within their instance to document audit observations and remediations, and compliance and risk issues.
- Control issue: Created when a control attestation is completed, indicating that the control is not implemented, or when an indicator fails.
- Control test issue: Created when a control test is closed complete with the control effectiveness set to Ineffective.
The goals of issue management
The goals of issue management include:-
Eliminating noise.
-
Consolidating duplicate issues.
-
Focusing on issues that expose the organization to the greatest risk.
-
Identifying and prioritizing remediation actions.
-
Identifying new issues across the business operations.
-
Analyzing operational weakness in policies, processes, and controls.
SO LONG STORY SHORT, YOU SHOULD GO WITH RISK EVENTS TO BE MANAGED USING RISK MANAGEMENT NOT ISSUES.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2024 01:57 AM
Hi @Armine John ,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2024 07:52 AM
Many thank @Sandeep for explanation!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2024 07:44 PM
Hi @Armine John ,