hi @garimakharb 

C. When the change request moves to a state of Review

In ServiceNow Change Management, if a change is marked as unauthorized (for example, someone did it without proper approval), the system creates a Post Implementation Review (PIR) task when the change moves into the "Review" state.

The purpose is to let the Change Manager review what happened, assess the risks, and decide on corrective actions

.

your question.

Yeah but I am unsure in A and B because I think For unauthorized changes, ServiceNow automatically creates a Post Implementation Review (PIR) change task at the closure stage.

You are right to pause on A vs C – it can be confusing because PIR tasks are closely tied to the closure/review stages in the Change lifecycle. Let me clarify:

How it works in ServiceNow (out of the box):

• When a change is unauthorized, ServiceNow automatically ensures there is a Post Implementation Review (PIR) change task created.

• This happens at the Review state (answer C), because that’s the point where the system enforces that any unauthorized change must go through a PIR before it can be closed.

• Closure (answer A) comes after the Review state. You cannot close an unauthorized change without a PIR being done — so effectively the PIR is created earlier (Review), not at Closure.

Why not A or B?

• A. When the change request moves to Close ❌
  At this stage, PIR should already exist. ServiceNow does not wait until closure — closure depends on completing PIR.

• B. When a change manager accepts the change ❌
  Acceptance/authorization is part of Assess/Authorize, not Review. PIR is only about what happened after implementation (post-review).

I think the answer is c