- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2024 07:13 AM
Hello,
New to IRM space and aware that enabling 'Advanced Risk' property introduces new process in risk assessment utilizing RAM, but before I upgrade I want to 'waste' all options related to 'Standard Risk' 🙂
1) Is advanced risk (RAM) the only way to take (dynamic) advantage of Inherent/Residual Heatmap reports from "Risk Overview" dashboard? I ask this since such reports existed even before 'Advanced Risk' is enabled, yet so far, at leased based on my limited understanding, they solely depend on initial 'Risk Statement' values rather than from 'Risk Assessment' responses? Since heatmap reports depend only on "Impact" and "Likelihood" values, then from what I'm understanding "Inherent Risk Heatmap" and "Residual Risk Heatmap" are not so dynamic if you're not using advanced risk. They solely depend on initial 'Risk Statement' values rather than from assessed risk results. Am I correct on this statement?
2) If I continue utilizing non advanced risk, is there a way of creating "Assessment" records which once responded on "Risk Assessment" record they will affect risk's Impact and Likelihood values?
3)Is upgrade to 'Advanced Risk' an absolute recommendation and are there exceptions when you choose not to upgrade to it ?
@Community Alums I appreciate your comments
Thank you
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2024 06:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 08:45 PM
1. Risk statement is just a template and will not hold any values (not atlease in classic risk), so risk heat map values were always dependent on risk score values (output of risk assessment) and in advance risk they are dependent on RAM scores.
2. Yes, this is how it works in classic risk,
- Create assessments template with risk score calculation configuration
- Select the right assessment template and assessor on risk form
- As assessor complete assessment, risk score will be auto populated (impact and likelihood)
3. Classic risk and Advance risk, both have pros and cons, but if you see roadmap of servicenow, they are mainly focused on enhancing or developing new features for advance risk against nothing for classic risk. if not today, tomorrow definitely you may be forced to migrate to advance risk. based on current business objective you can take a call.
If I could help you with your Query then, please hit the Thumb Icon and mark as Correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 05:26 AM
Thank you for your comments @Rakesh Chigari I appreciate it.
One more question 🙂 I have one puzzle that I'm still confused how to resolve. On Classic Risk, can you please help me with a reference how to automatically calculate risk score?
Per resource below it mentions that
"There are two risk assessments - one is the original risk assessment which utilizes the Platform assessment engine. In the baseline that one does NOT update the risk score. If you need it to then you will need to do customization."
I am wondering how and where this customization takes place to make risk score get automatically updated in classic risk.
Many thanks
REF:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2024 06:15 AM
HI @Valqe
Basically, we have 'Risk Assessment' questionnaire with 'Inherent Risk' and 'Residual Risk' categories.
We have 6 questions related to Impact and 1 question related to likelihood under both categories.
Each answer has a value assigned to it ( 1 to 5). e.g. Refer to Health & Safety Impact below.
Inherent Impact = Sum of Inherent Impact Values/6
Inherent Likelihood = Value of likelihood
A similar calculation applies to Residual Risk
In the below scenario, considering the highlighted are answers selected under Inherent Risk in the questionnaire, Inherent impact and likelihood are calculated as below:
Inherent Impact = (Value 2+ Value 2 + Value 2 + Value 2 + Value 2 + Value 2)/6 => 2 - Minor
Inherent Likelihood = Value - 4 => 4 – Likely
Final Risk Score using impact and likelihood is configured in risk criteria
Inherent Risk
* Health & Safety impact
Insignificant (Slight first-aid only injury or health effect) - value: 1
Minor (Minor injury or health effect) - value: 2
Moderate (Major injury or health effect) - value: 3
Major (Fatality or permanent disability) - value: 4
Severe (Multiple fatalities) - value: 5
* Financial impact
value: 1
value: 2
value: 3
value: 4
value: 5
* Operational impact
value: 1
value: 2
value: 3
value: 4
value: 5
* Compliance/Legal impact
value: 1
value: 2
value: 3
value: 4
value: 5
* Reputational impact
value: 1
value: 2
value: 3
value: 4
value: 5
* Employee impact
value: 1
value: 2
value: 3
value: 4
value: 5
* What would be the likelihood of this risk event?
value: 1
value: 2
value: 3
value: 4
value: 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2024 08:41 PM
Thank you so much for all your comments - I appreciate your help.
Was wondering if you have any best practices (or code) to share regarding classic risk:
— risk score roll up calculations from risks to risk statement levels and/or
— risk rollup on entity parent/child risk calculations
I appreciate any help and comments
Thanks a lot.
