Risk statement scoring system

Tadz
Tera Guru
Tera Guru

Hi Everyone,

I'm new to GRC. I have this requirement where I have two risk statements in two difference categories:

Example:

Financial Category:

Risk statement 1: The companies year founded. If company year founded is greater than 5 years it would score 10 else it would be 1.

Risk statement 2: Company rating. If rating is 3 stars score = 3 and so on.

 

The other category is Financial where it is calculated via risk assessment survey. I'm still doing POC on this part.

 

Is there a way we can configure this on GRC? to set specific points to specific conditions in Financial Category? 

Can we set a weight like 85% would go to Risk statement 1 and 15% goes to risk statement 2?

I haven't found any documentation saying this would be possible in GRC application.

 

Thanks in advance.

Tadz

1 ACCEPTED SOLUTION

Sebastien Fix
Giga Guru
Giga Guru

Hi, if you are new to GRC, keep it simple 🙂

 

Your two example of risk statements are in reality Factors to define Risk Scores within a Risk Statement. Based on the responses provided there (Years in business & Company Rating), the Risk Score would be higher or lower. 

Using factors in a Risk Assessment Methodology (RAM) which is available in Advanced Risk, you can define Weights for each of the them. 

GEneral : https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/concept/f...

See Qualitative Weighting (%) section: https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/task/defi...

View solution in original post

4 REPLIES 4

Sebastien Fix
Giga Guru
Giga Guru

Hi, if you are new to GRC, keep it simple 🙂

 

Your two example of risk statements are in reality Factors to define Risk Scores within a Risk Statement. Based on the responses provided there (Years in business & Company Rating), the Risk Score would be higher or lower. 

Using factors in a Risk Assessment Methodology (RAM) which is available in Advanced Risk, you can define Weights for each of the them. 

GEneral : https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/concept/f...

See Qualitative Weighting (%) section: https://docs.servicenow.com/bundle/quebec-governance-risk-compliance/page/product/grc-risk/task/defi...

Tadz
Tera Guru
Tera Guru

Thank you Sebastien, I have tried the RAM in advanced risk :).

Question though, would this be possible without installing advanced risk plugin?

Advanced Risk is only for customer with IRM Pro or Enterprise licenses. If they do not have those licenses, you cannot install the Advanced Risk plugins in their production environment and therefore cannot use RAMs. 

User480943
Tera Contributor

No , Advance Risk Plugin is a mandatory to calculate teh factors out of the box