What does the term 'overridden' mean in ServicNow GRC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-09-2023 09:53 AM
I have developed a number of RAMs using Qualitative scoring and making use of Qualitative Transformation Criteria and each time I do so I try to figure out what OVERRIDDEN means in the context of Qualitative criteria. I have had it explained to me by out SME but still do not understand what it does and why it is a mandatory field. Does it mean that a risk manager can override the risk score given by the assessor or does it mean that the system overrides the user score and inserts a different one? Nick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-09-2023 08:14 PM
Hey @Nick T,
OOTB the Override score gives a user the ability to override the system-generated score. For example, as part of an Advanced risk assessment you might build your own calculation to calculate the final Qualitative score based on a number of factors. If you user, either a risk manager or an assessor, doesn't agree with the calculated answer they can choose to override and pick another risk rate. OOTB the overridden field isn't mandatory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-09-2023 09:34 PM
Hi @Nick T ,
"Overridden score" is the Score that is used when the assessor overrides the risk rating.
Now what is about is if in my RAM i had said that the assessor could override the score, the when the assessor overrides it, they might select very Low and they're not going to enter a 1,2,3,4,5,6, Score (As this is Qualitative). They are just going to override it by selecting a rating , if they do that , what do i want teh score to be, so that's score is store in this "Overridden score"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-10-2023 03:58 AM
Sandeep, many thanks for your response and that is my understanding of the term.
However... My RAM has been configured without allowing a score to be overwritten, so it should not be necessary for a score to be entered into the 'overridden score' field when creating the transformation criteria. A score must be entered as it's a mandatory field, in this case I entered 11 when the lowest score for the rating was 10. My feeling is that the overridden score has a connection to the way qualitative risk ratings are used and displayed in the tool.
Whilst I'm on the subject - why are there, in a number of lists, two columns named the same (Computed residual risk) that display different scores - one provides the risk rating lowest level and the other presents the actual scored residual risk. The example below shows:
- First column -Risk rating with score of 11 being the mandatory overridden score (although overriding is not permitted in the RAM)
- Second column - Actual residual risk score derived from Impact x Likelihood calculation
- Third column - Residual risk, presumably risk rating with 11 being the mandatory overridden score.
|