Risk Events vs Issue Management

Armine John · ‎04-23-2024

Hi there,

I would like to know what is difference between Risk Events and Issue management. Which option should we choose to implement in Risk Management and based on which reasons?

Many thanks.

Armine

Community Alums · ‎04-24-2024

Hi @Armine John ,

Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization. Risk events are also known as loss events or loss entries.

To effectively manage risks, it's essential to monitor risk events. You must relate them to existing risks, perform a root-cause analysis, and track the remedial tasks. Organizations use risk events to understand their losses and to manage their risks more efficiently. Risk events do not only lead to losses. At times, risk events also result in gains for an organization. For example, in the banking industry, if there’s an error in a trading algorithm, it might result in a gain for an organization.

Any employee can report a risk event. After a risk event is reported, it is analyzed by the risk manager.

Risk events can be of two types:

Internal risk events: Events that occur within your organization.
External risk events: Events that occur in other organizations but are shared with the industry to ensure that other organizations can prevent them.

You can create a risk event using either the Service Portal or your ServiceNow instance. Risk events provide the following:

Concrete data that enables you to better quantify and validate existing risks.
Visibility into new risks because risk events often recur.

You can view the risk events dashboards by navigating to Risk Events > Overview.

You can measure the effectiveness of your company's risk management program by how quickly and completely it identifies and reacts to risk and compliance issues.

Issues can be submitted using two methods, depending on the type of user involved:

Employees and business users within your company can self-identify an issue and submit it via the ServiceNow® Service Portal. Following submission, a triage issue is automatically created and the issue triage process begins.
GRC users can manually create an issue from within their instance to document audit observations and remediations, and compliance and risk issues.

Note: Various types of issues can also be automatically generated under the following conditions (these types of issues are not triaged):

Control issue: Created when a control attestation is completed, indicating that the control is not implemented, or when an indicator fails.
Control test issue: Created when a control test is closed complete with the control effectiveness set to Ineffective.

The goals of issue management

The goals of issue management include:

Eliminating noise.
Consolidating duplicate issues.
Focusing on issues that expose the organization to the greatest risk.
Identifying and prioritizing remediation actions.
Identifying new issues across the business operations.
Analyzing operational weakness in policies, processes, and controls.

SO LONG STORY SHORT, YOU SHOULD GO WITH RISK EVENTS TO BE MANAGED USING RISK MANAGEMENT NOT ISSUES.

Community Alums · ‎04-25-2024

Hi @Armine John ,

Armine John · ‎04-25-2024

Many thank @Sandeep for explanation!

Community Alums · ‎04-25-2024

Hi @Armine John ,