Hi @Priyanka_77 ,

Classic Risk

• You assess risks using fixed factors like Impact and Likelihood.
  Example: You identify a risk that “Server might crash.” You rate it as High Impact and Medium Likelihood, and the system calculates the Inherent and Residual scores.
• It follows a top-down approach — management identifies high-level risks (like “Data Breach”) and then breaks them into smaller, specific risks (like “Unauthorized access to customer data”).
• It’s simple and quick, but not very flexible — you can’t easily change the way assessments are done.

Advanced Risk Management

Advanced Risk is like the “customizable version” with more power and flexibility.

• You can create your own Risk Assessment Methodologies (RAMs) — choose what factors to include (e.g., “Financial Impact,” “Reputation Impact,” “Detectability,” etc.) and how scoring should work.
   Example: You might design one methodology for IT Risks and another for Project Risks, each with different scoring criteria.
• Supports a bottom-up approach — employees or systems can report risks directly using Risk Events.
  Example: If an Incident or Change in ServiceNow could cause a risk, it can automatically generate a Risk Event that goes into the risk workflow for review and approval.
• When a new entity (like an Application, Project, or Department) is onboarded, you can run a Risk Identification Process to map multiple relevant risks automatically.
• Offers advanced controls, automation, and reporting to fit your organization’s unique needs.

Refer below link for more info: 

https://youtu.be/N5n-yX9xQDA?si=A788hGABSM7RfQuQ

If my response helped, please mark it as the accepted solution ✅ and give a thumbs up👍.
Thanks,
Anand