Risk statement scoring system

Go to solution
Tadz
Kilo Sage
Kilo Sage

‎02-06-2022 09:47 PM

Hi Everyone,

I'm new to GRC. I have this requirement where I have two risk statements in two difference categories:

Example:

Financial Category:

Risk statement 1: The companies year founded. If company year founded is greater than 5 years it would score 10 else it would be 1.

Risk statement 2: Company rating. If rating is 3 stars score = 3 and so on.

 

The other category is Financial where it is calculated via risk assessment survey. I'm still doing POC on this part.

 

Is there a way we can configure this on GRC? to set specific points to specific conditions in Financial Category? 

Can we set a weight like 85% would go to Risk statement 1 and 15% goes to risk statement 2?

I haven't found any documentation saying this would be possible in GRC application.

 

Thanks in advance.

Tadz

Labels:
0 Helpfuls
  • 1,147 Views
1 ACCEPTED SOLUTION

Go to solution
Sebastien Fix
Giga Guru
Giga Guru

‎02-07-2022 05:35 AM

Hi, if you are new to GRC, keep it simple 🙂

 

Your two example of risk statements are in reality Factors to define Risk Scores within a Risk Statement. Based on the responses provided there (Years in business & Company Rating), the Risk Score would be higher or lower. 

Using factors in a Risk Assessment Methodology (RAM) which is available in Advanced Risk, you can define Weights for each of the them. 

GEneral : https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/concept/f...

See Qualitative Weighting (%) section: https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/task/defi...

View solution in original post

4 REPLIES 4

Go to solution
Sebastien Fix
Giga Guru
Giga Guru

‎02-07-2022 05:35 AM

Hi, if you are new to GRC, keep it simple 🙂

 

Your two example of risk statements are in reality Factors to define Risk Scores within a Risk Statement. Based on the responses provided there (Years in business & Company Rating), the Risk Score would be higher or lower. 

Using factors in a Risk Assessment Methodology (RAM) which is available in Advanced Risk, you can define Weights for each of the them. 

GEneral : https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/concept/f...

See Qualitative Weighting (%) section: https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/task/defi...

Go to solution
Tadz
Kilo Sage
Kilo Sage

‎02-07-2022 08:09 PM

Thank you Sebastien, I have tried the RAM in advanced risk :).

Question though, would this be possible without installing advanced risk plugin?

0 Helpfuls

Go to solution
Sebastien Fix
Giga Guru
Giga Guru
In response to Tadz

‎02-07-2022 11:21 PM

Advanced Risk is only for customer with IRM Pro or Enterprise licenses. If they do not have those licenses, you cannot install the Advanced Risk plugins in their production environment and therefore cannot use RAMs. 

0 Helpfuls

Go to solution
User480943
Tera Contributor
In response to Tadz

‎05-21-2022 04:24 AM

No , Advance Risk Plugin is a mandatory to calculate teh factors out of the box

0 Helpfuls