GRC Advanced Risk plugin indicators

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC Advanced Risk Plugin Indicators

    The GRC Advanced Risk plugin provides a comprehensive set of indicators designed to help ServiceNow customers monitor and assess various aspects of risk management on a quarterly basis. These indicators enable organizations to track financial and non-financial risks, control effectiveness, risk events, mitigation tasks, and loss metrics, supporting informed decision-making and proactive risk mitigation.

    Show full answer Show less

    Key Features

    • Risk and Control Metrics: Includes counts of high residual risks, ineffective controls, failed control tests, and controls with failed indicators, allowing customers to evaluate risk and control health.
    • Risk Event Tracking: Measures the number of risk events, active events, near misses, and events with significant financial or non-financial impact, providing visibility into risk occurrences and severity.
    • Loss and Financial Impact Analysis: Tracks total gross loss, net loss, average losses per event, recovery made, additional costs, total potential loss, expected loss, and Annual Loss Expectancy (ALE), helping quantify financial exposure from risk events.
    • Risk Assessment and Monitoring: Monitors open risk assessments, those in monitor state, and risk statements active during or before the quarter, facilitating ongoing risk evaluation processes.
    • Task and Test Management: Reports on open mitigation tasks, indicator tasks, overdue tasks, and control tests created per quarter, supporting timely remediation and control validation activities.
    • Indicator Performance: Calculates percentages of failed risk indicators, total failed indicators, and tracks high-risk items with failed indicators, enabling organizations to pinpoint weaknesses in risk controls and monitoring.
    • Entity and Statement Counts: Counts active entities and risk statements updated during or before the quarter, providing scope insight into risk management coverage.

    Key Outcomes

    • Empowers risk managers to track and quantify both financial and non-financial risks effectively on a quarterly basis.
    • Facilitates the identification of ineffective controls and failed tests, promoting focused remediation efforts.
    • Supports detailed financial loss analysis to understand the impact of risk events and recovery effectiveness.
    • Enables monitoring of risk assessment activities and task completion to maintain risk management rigor.
    • Provides actionable metrics to improve risk indicator performance and control reliability over time.
    • Helps prioritize risk mitigation actions by highlighting high-risk areas with failed indicators or controls.

    The GRC Advanced Risk plugin contains various indicators.

    The Advanced Risk plugin includes the following indicators:

    # of high residual risks
    Number of high residual risks per quarter.
    # of ineffective controls
    Number of ineffective controls per quarter.
    Maximum of maximum calculated ALE for this quarter
    Maximum of maximum calculated ALE for this quarter.
    Maximum of maximum acceptable loss expectancy for this quarter
    All active risk statements updated within the current quarter and calculates the average of maximum_acceptable_loss_expectancy
    Number of open mitigation tasks
    Number of risk mitigation tasks in open state in this quarter.
    # of risk events
    Number of risk events that were reported in this quarter.
    Total gross loss
    Total gross loss from financial risk events per quarter.
    Total net loss
    Total net loss from financial risk events per quarter.
    Active Events
    Number of active risk events per quarter.
    # of events with impact > 1 M
    Number of risk events with financial impact greater than one million USD.
    Average residual risk
    Average residual risk score per quarter.
    Average control effectiveness
    Average control effectiveness per quarter.
    Average Inherent Risk
    Average inherent risk score per quarter.
    Risk Assessments (Open)
    Open risk assessments.
    Issues (created this quarter)
    Issues created per quarter.
    Indicator task (created this quarter)
    Indicator tasks per quarter.
    Control tests (created this quarter)
    Control tests per quarter.
    Risk assessments in Monitor state
    Risk assessments in monitor state.
    Non-financial risk events
    Number of non-financial risk events per quarter.
    Total potential loss
    Total potential loss from financial risk events per quarter.
    Total expected loss
    Total expected loss from financial risk events per quarter.
    # of events with high non-financial impact
    Number of risk events with high non financial impact per quarter.
    Average gross loss per event
    Average of the gross loss incurred for each active risk event.
    Average net loss per event
    Average net loss per event. Net loss = Gross loss minus recovery loss.
    Average recovery made per loss event
    Average recovery made per loss event per quarter.
    Average additional cost per event
    Average additional cost per financial risk event per quarter.
    Annual Loss Expectancy
    Average ALE monthly is measured monthly as unit.
    Number of entity
    Number of entities which are in active state and updated during or before this quarter.
    Near Miss
    Number of near miss risk events per quarter.
    Number of risk statements
    Number of risk statement which are in active state and updated during or before this quarter.
    Total control indicators
    Number of control indicators running per quarter
    High risks with failed indicators
    Number of risks with high rating and failed indicators in the quarter.
    Overdue indicator tasks
    Number of indicator tasks due in the quarter.
    Percentage of risk indicators failed
    Percentage of failed risk indicators.
    Total Failed Indicators Quarterly
    Number of failed indicators in the quarter.
    High Risk with Failed Control
    Number of High Risk with Failed Control Test
    Total Risk Indicators
    Number of risk indicators running per quarter.
    # of ineffective controls
    Number of ineffective controls per quarter.
    # of failed risk indicators
    Number of failed risk indicators per quarter.
    # of Failed Control Tests
    Number of failed control tests per quarter.
    Failed Control Test Quarterly
    Number of Failed Control Test Quarterly
    By this quarter
    Total number of remediation task that needs to be completed by this quarter.
    Key Controls with Failed indicators
    Key Controls with Failed indicators is measured quarterly