What does the term 'overridden' mean in ServicNow GRC

Nick T
Tera Contributor

‎03-09-2023 09:53 AM

I have developed a number of RAMs using Qualitative scoring and making use of Qualitative Transformation Criteria and each time I do so I try to figure out what OVERRIDDEN means in the context of Qualitative criteria. I have had it explained to me by out SME but still do not understand what it does and why it is a mandatory field. Does it mean that a risk manager can override the risk score given by the assessor or does it mean that the system overrides the user score and inserts a different one? Nick 

0 Helpfuls
  • 939 Views
3 REPLIES 3

Connor Levien
ServiceNow Employee
ServiceNow Employee

‎03-09-2023 08:14 PM

Hey @Nick T,

 

OOTB the Override score gives a user the ability to override the system-generated score. For example, as part of an Advanced risk assessment you might build your own calculation to calculate the final Qualitative score based on a number of factors. If you user, either a risk manager or an assessor, doesn't agree with the calculated answer they can choose to override and pick another risk rate. OOTB the overridden field isn't mandatory.

 

0 Helpfuls

Community Alums
Not applicable

‎03-09-2023 09:34 PM

Hi @Nick T ,

"Overridden score" is the Score that is used when the assessor overrides the risk rating.

Now what is about is if in my RAM i had said that the assessor could override the score, the when the assessor overrides it, they might select very Low and they're not going to enter a 1,2,3,4,5,6, Score (As this is Qualitative). They are just going to override it by selecting a rating , if they do that , what do i want teh score to be, so that's score is store in this "Overridden score"

Nick T
Tera Contributor
In response to Community Alums

‎03-10-2023 03:58 AM

Sandeep, many thanks for your response and that is my understanding of the term.

However... My RAM has been configured without allowing a score to be overwritten, so it should not be necessary for a score to be entered into the 'overridden score' field when creating the transformation criteria. A score must be entered as it's a mandatory field, in this case I entered 11 when the lowest score for the rating was 10. My feeling is that the overridden score has a connection to the way qualitative risk ratings are used and displayed in the tool.

Whilst I'm on the subject - why are there, in a number of lists, two columns named the same (Computed residual risk) that display different scores - one provides the risk rating lowest level and the other presents the actual scored residual risk. The example below shows:

  • First column -Risk rating with score of 11 being the mandatory overridden score (although overriding is not permitted in the RAM)
  • Second column - Actual residual risk score derived from Impact x Likelihood calculation
  • Third column - Residual risk, presumably risk rating with 11 being the mandatory overridden score.

 

RAM - showing override disallowedRAM - showing override disallowed

 

Risk Assessments View: risk_approvalRisk Assessments View: risk_approval

 

0 Helpfuls