Risk response approval levels.

Matt125 · ‎01-31-2022

Why does a 'risk acceptance' response require an additional management authorisation / approval step vs. 'risk mitigation, avoidance and transfer' and can the system be configured so these are aligned?? In our business the person with authority to accept a risk is the same person who would approve a risk mitigation, transfer or avoidance plan and therefore it makes no logical sence for the 'accept response' to require an additional level of management approval as currently appears to be the case with the Paris vanilla module?

Matt125 · ‎02-04-2022

I'd be really interested to learn if any other users in the group encountered a similar challenge with the risk acceptance response and if so how has this been overcome?

Ahmed Drar · ‎02-04-2022

Hi Matt, in many org risk acceptance need to be accepted and approved also by leadership therefore ServiceNow introduces a Risk acceptance approval workflow.

if outbox workflow doesn't meet your need then you can customize it to meet your use case OR disable business rule Start risk acceptance approval flow which starts the workflow

Please mark my answer as ✅ Correct / Helpful based on the Impact