Yokohama |
- Generative AI risk assessment summarization
- Generate a risk assessment summary from your inherent, residual, target risks, and control effectiveness data using the Now Assist for IRM application. The summary highlights key insights to help your approvers quickly understand the context before approving the risk assessments. You can also analyze details such as open issues,
risk response tasks, action items, and calculated risk scores to support your approval decision. Check your entitlements to confirm whether you have access to risk assessment summarization.
- Reassess a risk assessment project
- Review completed risk assessment projects to reflect new insights or changing conditions. All previously assessed risks in this project are automatically carried over and reassigned to the designated assessor. Confirm
continuity, minimize manual effort, and enhance efficiency in your risk management process.
- Copy risk responses from the previous assessment
- Copy responses from a previous risk assessment during the reassessment of a risk assessment project to streamline the assessment process. All prior responses are automatically copied, saving time and maintaining
consistency.
- Remove risks from assessment
- As a risk assessor, you can remove risks from the risk assessment project while performing the assessment, which also removes all responses associated with that risk. Removed scoped risks remain part of the project but are
marked as not applicable for reporting purposes. However, removed ad hoc risks are completely deleted.
- Manage risk response task workflow
- Manage and enable the risk response task workflow from the RAM form to enable users to create, delete, remove, edit, and link risk response tasks within an assessment.
- Reassign assessor for a risk assessment project
- Reassign assessors for multiple in-progress risk assessment projects simultaneously to minimize disruptions during stakeholder transitions.
- Configure risk color styles for the Next Experience
- Define and preview colors for the risk and advanced risk components in the Next Experience through a configurable system rather than having to use hex codes. The transition has been made from a hex code color management system to a configurable system that supports the highlighted value
component colors. This feature addresses theming and accessibility issues. You can define the color and variant, and preview them using the Next Experience color styles tab on the Risk color style form.
Note: The default color for the customized risk color style is set to Critical, with the variant set to Primary. You can manually change the color and
variant based on the requirement.
|
Zurich |
- Identify risks for an
entity
- If you’re a Workspace user with the sn_grc_sharegenai.risk_suggestion_aiagent_user role, you can use the Risk Suggestion AI Agent to identify risks related to an entity. The AI agent analyzes the entity and suggests relevant risks from various sources, consolidating them into a reviewable list to verify for
accuracy. Risk managers can then confirm and promote these risks to the risk register for further assessment. This feature automates risk discovery, helping identify potential risks and prepare for compliance
requirements.
- Reporting views from Risk Assessment Methodology
- The reporting view provides an overview of all assessments under a specific Risk Assessment Methodology (RAM). It consolidates assessment data such as factor responses, scores, issues, controls, and associated risks into a
single structure. When a RAM is published, the system automatically creates this view, which you can use to review assessments and build custom reports. It simplifies report and dashboard creation for risk
assessments.
Note: Automatic creation of Reporting views is not supported on Xanadu. For instructions on creating them manually, refer to KB2547071
- Risk event summarization
- Generate risk event summary using the Now Assist for IRM application. Risk event summarisation is a Generative AI driven capability that generates clear and consistent summaries automatically. It reduces the need for manual effort, helps risk managers
save time, and enables approvers to quickly understand the key details for faster decisions. Check your entitlements to confirm whether you have access to risk event summarization.
- Grid based risk and control assessment
- Gain efficient control over risk assessments with the new grid-based Risk and Control Self Assessment (RCSA). Quickly compare, edit, and prioritize risks and controls using the flexible, spreadsheet-style interface. Use
side-by-side views and bulk editing to complete assessments faster.
- Matrix report in Risk Workspace
- Access and analyze the risk posture of your organization using entity-related data, such as risks, controls, KRIs, and events in a centralized, configurable grid-based view. This feature reduces time spent switching views
and helps risk managers assess data more easily, leading to more proactive and streamlined risk management.
- Support third party large language models
- Risk assessment summarization and Risk event summarization support the LLMs from the third party providers, such as Anthropic Claude, Google Gemini, and OpenAI, in addition to Now LLM. This enhancement gives you greater flexibility to choose the model that best fits your organization’s needs for generating risk assessment and risk event summaries.
|
Australia |
- Worst case aggregation rollup for risk scoring
- After upgrading to version 22.3.2, use the worst case aggregation rollup method that derives all scores from a single risk record based on the highest residual risk. You can configure this option on the Risk Assessment
Methodology (RAM) form. By using a single risk record as the source, this method keeps all rolled-up scores aligned to a real risk scenario, supporting traceability, audit requirements, and enterprise governance.
- Hide Not applicable option in control and residual assessments
- After upgrading to version 22.3.2, configure the Risk Assessment Methodology (RAM) to hide the Not applicable check box in control effectiveness and residual assessment sections by using the Hide assessment not
applicable option. This change reduces calculation errors and improves the reliability of assessment results.
- Parallel review and feedback for Risk assessment project
- Parallel review and feedback is now enabled by default on the risk assessment project record page and the project assessment page, in both stacked view and grid view. You can use collaborative review workflows without manual
configuration, which removes the setup overhead previously required by the custom page structure of risk assessment projects.
- Redirect GRC notification links to the appropriate workspace
- After upgrading to version 22.3.2, redirect to the appropriate workspace when accessing GRC records from email notifications, based on the access and role. This feature improves usability, reduces confusion, and supports adoption of workspace-based workflows.
- Template versioning for Risk Identification
- After upgrading to version 22.3.2, Risk Identification supports smart assessment template versioning. New versions can be created from existing templates without creating a new template, and assessments use the latest
published version.
- Audit entry field on Risk Assessment Project
- After upgrading to version 22.3.2, Risk Assessment Projects support audit entries to track changes and activity history. An audit entry framework separates audit-specific (third-line) records from operational (second-line)
records and controls visibility.
Note: This option is available if Audit Management and Audit Workspace are installed. Assign the sn_audit_ws.third_line_manager role to a user to use this feature.
- Risk event response template enhancements
- After upgrading to version 22.0.x, users with the Risk Manager [sn_risk.manager] or Risk Admin [sn_risk.admin] role can configure risk event response templates using dynamic, entity‑driven assignments. These changes enable
assignments to be derived from entity data alongside existing static user or group selection.
You can select user fields defined on the entity (such as Owner or Sub-owner) or entity stakeholder personas when configuring:
- Risk event owner assignment
- Issue creation and assignment
- Risk event approvers
- Risk Suggestion AI Agent enhancements
- After upgrading the Now Assist for Integrated Risk Management (IRM) application to version 22.x, the Risk Suggestion AI Agent supports a more context‑aware and conversational workflow. After selecting risk types, you can provide additional context to refine search results, with the agent dynamically asking
follow‑up questions when needed. Before adding risks to the suggested risk section, you can review and modify suggested risks by updating descriptions, renaming risks, or removing items from the list.
- Control Objective workflow
- After upgrading to version 22.0.x, you can use a defined workflow to update control objectives. Changes can be drafted and reviewed without changing the current active version, which helps avoid unintended changes to related
controls, and risk records. Only approved updates become active. The workflow also sets clear responsibility for making updates and helps keep control objective information consistent and up to date.
|