Table of Contents
Overview
The Risk Framework in Account Lifecycle Events (ALE) delivers a structured and automated approach to identifying, assessing, and managing risks across the entire customer engagement lifecycle. It enables Customer Success, Delivery, and Onboarding teams to proactively surface and address potential issues before they escalate—improving outcomes, enhancing customer satisfaction, and driving long-term retention. At its core, the Risk Framework powers the systematic and consistent creation of risk records, ensuring early warning signs are captured, tracked, and acted upon with transparency and accountability throughout the journey.
Planning
Requirements gathering
Understanding what events should be considered as a risk signal is an important step. Partner with business stakeholders to understand what data you may have currently or plan to collect that could be analyzed to determine if there is a potential risk to an engagement.
Things to consider:
- What changes in current data should be considered as a risk?
- Are there specific engagements or accounts should have events or values that differ from the rest of the portfolio. What are those values, and how do we identify similar accounts?
- Are there any integrations necessary to have access to data stored in other systems?
- When an event or value is recognized, how should the Risk record be created? What are the attributes that should be set?
- How will risks be segmented or categorized?
Components
Risk portfolio dashboard
The Risk Portfolio Dashboard offers a centralized, real-time view risks across customer engagements. It empowers Customer Success Managers to monitor emerging trends, identify high-risk accounts, and take targeted action. Interactive visualizations segment risks by scope, probability, and category, making it easy to pinpoint areas that require attention. Additionally, a filtered risk list highlights all risks associated with a specific Customer Success Manager’s portfolio, providing a view of all risks associated with their portfolio in one place.
Tables
Engagement Risk Definitions [sn_acct_lc_eng_risk_def] are configurable templates that define the logic and conditions under which risks are automatically generated during customer engagements. These definitions are triggered by key metrics, milestones, or data signals—ensuring proactive detection of potential issues. Each Risk Definition specifies attributes such as category, severity, and ownership, driving consistency in how risks are identified, managed, and reported across the organization. Triggers can be based on conditions from related records or scoring thresholds derived from Performance Analytics, allowing for flexible and data-driven risk detection.
Risk Threshold Overrides [sn_acct_lc_risk_threshold_override] - A Risk Threshold Override allows you to adjust the default threshold values defined in a Risk Definition for a specific engagement or group of engagements. This enables more tailored risk evaluation based on the unique context, expectations, or service level of a particular customer. When an override is in place, it takes precedence over the default values in the Risk Definition during evaluation. Overrides are considered in order of lowest rank first.
Overrides can be used to:
- Raise or lower the trigger threshold for a metric (e.g., allow more delay before flagging a milestone as risky)
- Apply customized risk sensitivity for high-touch or strategic accounts
Risk and Issues [sn_acct_lc_risk_signal_issue] - Risk and Issues records represent an identified issue or potential threat within a customer engagement. Created automatically based on Risk Definition logic—or manually, if needed—it captures key details about the nature, severity, and context of the risk. They serve as actionable objects that can trigger workflows, reporting, and remediation efforts.
Risk Occurrences [sn_acct_lc_risk_occurrence] - A Risk Occurrence is a specific instance where a risk condition—defined in a Risk Definition—is met and triggered within a customer engagement. While the Risk Definition outlines the detection logic, the Risk Occurrence captures the actual event, including when the condition began and ended, along with critical details such as the current metric value, the threshold, and the gap to threshold at the time of detection. Occurrences are created when a risk record exists for the same engagement, risk definition, and source record. They provide visibility into how frequently risk conditions are triggered, enabling trend analysis, pattern recognition, and evaluation of detection effectiveness over time. They play a vital role in auditing, refining Risk Definitions, and ensuring the Risk Framework operates accurately and efficiently across engagements.
Data sources [sn_data_ctx_engine_src] – A data source is used to select the data for analysis by the Data Context Engine. Data can be acquired by selecting an indicator configured with Performance Analytics or by using an external source. Once defined, data sources can be reused across health metric configurations, and risk definitions.
Note – The context associated with the Data source acts as a connection between the Risk definition and the engagement.
ALE Choices [sn_ti_core_ale_choice] - Risk categorization in the Risk Framework is configured through ALE Choices with a category of “Risk and signal issue”, which serve as the source of structured values applied to Risk Definitions and Risk records. Each ALE Choice represents a selectable value and includes attributes that help define its purpose in the context of risk management. The selected ALE Choice provides structured classification metadata for downstream use in reporting, automation, and playbook routing.
Scheduled Jobs
Customer Success Risk Analyzer (sysauto_script_4b40f2ac4ff81210c5ff2624b2ce0b84) is responsible for evaluating each Risk Definition against the applicable engagements defined in its conditions. It determines whether a risk condition has been met and based on that evaluation, decides whether to create a new Risk record or log a Risk Occurrence for an existing risk.
Configuration
- Configure any necessary Performance Analytics Indicators that will be used with data sources. Ensure the “Publish to Analytics Hub” or “Show in Library” option selected under the Access Control tab of all indicators. The label of this field may vary depending on your instance version.
- Configure any ALE Choices necessary for categorizing risks. Ensure the category for the ALE Choice is set as “Risk signal and issue”.
- Configure the Engagement Risk Definitions based on the business needs.
- Set the type as Metric or Table.
- For Metric based:
- Select the data source, set the threshold condition, and the threshold that should be used for evaluation.
- Configure any applicable Risk Threshold Overrides by providing the threshold, rank and conditions that identify applicable engagements.
- For Table based – Select the source table and the conditions of the records on the table that indicate a potential risk.
- For Metric based:
- Configure the template to be applied to the resulting risk. If an active risk already exists for an engagement that matches the Engagement Risk Definition, a Risk Occurrences will be created and associated with the existing Risk.
- Publish the definition after testing is complete.
- Set the type as Metric or Table.
Testing
Prerequisites
Performance Analytics Data – Testing metric-based Risk Definitions requires that relevant data is available for Performance Analytics to collect and generate scores. These scores—and their breakdowns—are critical inputs for the Risk Framework to evaluate conditions accurately. It’s important to note that only data collected from the point of configuration onward is included in the daily analysis; historical data is not retroactively processed. When the Risk Analyzer is executed, it evaluates only the scores from the previous day, ensuring the most recent performance data informs risk detection.
- If the indicators intended for use in the health score already exist and have been recording scores, no further action is required.
- If the indicators are present but the data is missing, you can manually generate scores for the respective indicator by updating the associated score sheet. See Performance Analytics in Appendix A for more information.
Table Data – Testing table-based Risk Definitions requires that records exist on the configured table. To validate the configuration, ensure that there is sufficient data to test both positive (risk condition met) and negative (risk condition not met) scenarios. For metric-based definitions containing a Risk Threshold override, identify both positive (risk condition met) and negative (risk condition not met) scenarios in addition the configuration on the parent risk definition. From within the Risk Definition, you can evaluate the condition logic by using the “No. of records matching the condition” URL displayed above the Conditions field. If the condition is modified, click the yellow arrow icon to refresh the matching records list based on the updated logic. This helps confirm that the definition is behaving as expected before enabling it for automated evaluations.
Executing
Testing one definition – Each Risk Definition includes a “Rerun Risk Check” button at the top of the form. Clicking this button manually triggers the evaluation of the definition’s configured conditions to determine whether a new Risk or Risk Occurrence should be created. If the evaluation is successfully executed, a confirmation message is displayed.
Executing Customer Success Risk Analyzer – Executing this job initiates the evaluation of all published Risk Definitions and their configured conditions to determine whether a new Risk or Risk Occurrence should be created.
Verifications – Before running the evaluation, review the existing engagements and identify the expected outcomes. If an active Risk record already exists for a given Risk Definition, a new Risk Occurrence should be generated and linked to that existing risk. If no active risk is found for the definition, the evaluation should result in the creation of a new Risk record, applying the values defined in the associated Risk Template.
High level flow
Troubleshooting
Metric-based definitions
- The expected risk or risk occurrence was not created
- Ensure the last run value on the risk definition is before “now”.
- Ensure the threshold of the risk definition is set correctly.
- Ensure the engagement being used for validation appears in the records matching the condition.
- If a risk threshold override is being evaluated:
- Validate the engagement being used for validation appears in the records matching the condition.
- Ensure the threshold of the override is set correctly.
- Ensure the rank is correct respective to any other risk threshold overrides.
- Ensure there are performance analytics scores available for evaluation by navigating to the indicator associated with the data source and click the Scores for this indicator related link at the bottom of the form. Confirm there is a score in the table for "yesterday". If no score is present, it can be manually entered or the data collector associated with the indicator can be executed. For formula indicators, navigate to the Contributing indicators related list and validate score information for any rows listed as "Automated". Formula indicator scores are evaluated at run-time using the scores from these supporting indicators and do not record their own scores. Note that other formula indicators may be listed as contributing indicators; open those formula-type indicators and verify their automated contributing indicators have the appropriate scores.
For all automated indicators, ensure the “Publish to analytics hub” or “Show in library” option on the Access control tab is checked. The label of this field may vary depending on your instance version. See Performance Analytics in Appendix A for more information.
- A new risk was created when an occurrence was expected
- Verify there is an active risk for the engagement with a matching value in the Engagement Risk Definition field. If there is not, then the created risk is the expected outcome.
- A new risk occurrence was created when a risk was expected
- Before evaluating with the expectation of a risk occurrence to be created, verify there is not an active risk for the engagement with matching values in the Engagement Risk Definition and Source record fields.
Table-based definitions
- The expected risk or risk occurrence was not created
- Ensure the last run value on the risk definition is before “now”.
- A new risk was created when an occurrence was expected
- Verify there is an active risk for the engagement with a matching value in the Engagement Risk Definition field. If there is not, then the created risk is the expected outcome.
- A new risk occurrence was created when a risk was expected
- Before evaluating with the expectation of a risk occurrence to be created, verify there is not an active risk for the engagement with matching values in the Engagement Risk Definition and Source record fields.
Appendix A
Performance Analytics
Configure Performance Analytics fundamentals on ServiceNow Docs site
Performance Analytics (PA) Fundamentals On Demand on NowLearning
Add or edit indicator scores manually
Domain separation and Performance Analytics
