Delegation of risk assessment

  • Release version: Australia
  • Updated May 4, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Delegation of Risk Assessment

    In ServiceNow's risk management, if the assigned risk assessor is unavailable, they can appoint a delegate to perform the risk assessment on their behalf for a specified period. This delegation is facilitated by the ServiceNow AI Platform and enables continuity in risk assessment activities without delays.

    Show full answer Show less

    Key Features

    • Delegates can perform risk assessments via the Risk Workspace and the Risk Portal.
    • Delegates receive all system notifications sent to the original assessor, ensuring they stay informed.
    • The assessment instance clearly displays both the original assessor's and delegate's names for transparency.
    • Delegates must have the snriskadvanced.araassessor role to conduct risk or object assessments.
    • Only individual users (not groups) can be assigned as delegates.
    • Delegates are licensed users tracked for Governance, Risk, and Compliance (GRC) usage.
    • Delegates can reassign tasks, view ongoing assessments assigned to the original assessor, create issues, and initiate risk response tasks including requesting approvals.
    • All delegate activity is recorded in the activity stream for auditability.

    Important Considerations

    • Delegation applies only to performing risk assessments; approval tasks cannot be delegated.
    • The original assessor's name remains in the Assessor field, while the delegate’s name appears in a new field called Assessor’s delegates.
    • To assign delegates, assessors need to configure their user profile to include the Delegates related list.

    Practical Benefits for ServiceNow Customers

    This delegation capability ensures uninterrupted risk assessment workflows when primary assessors are unavailable. It supports operational resilience by allowing authorized delegates to maintain progress on risk evaluations, notifications, and related risk response actions—all while preserving clear accountability and audit trails within the ServiceNow platform.

    If a risk assessor is unavailable to perform a risk assessment, the assessor can appoint a delegate to perform the risk assessment for a specified time period. The ServiceNow AI Platform enables you to appoint your delegates.

    Delegation is the assignment of authority to another person to perform specific activities. It is a process of entrusting work to another person. In the context of risk assessments, at times, it may happen that the assigned assessor for a risk assessment is unavailable to perform their risk assessments. In such a scenario, the assessor can assign another user as a delegate and the delegate can perform the risk assessment on behalf of the original assessor for a specified time period. A delegate can perform the risk assessment from the Risk Workspace and the Risk Portal. A delegate also receives a copy of all the system notifications that are sent to the original assessor. Once the delegate starts performing the assessment, the delegate's name is visible on the assessment instance.

    As a risk assessor, to understand how you can assign a delegate, refer to Configure a delegate for your tasks.

    To delegate tasks to another user, configure your user profile form to display the Delegates related list. For details, refer to Add the Delegates related list.

    It is important to note the following points when you assign a delegate.
    • The ability to assign a delegate is only available to perform an assessment. You cannot assign a delegate for approving a risk assessment.
    • After a delegate is assigned an assessment, the assessment shows the names of the original assessor as well as the delegate.
    • You can only assign an individual user as a delegate and not a group.
    • A delegate must have the sn_risk_advanced.ara_assessor role to perform risk-based assessment.
    • A delegate must have the sn_risk_advanced.ara_assessor to perform any object assessment.
    • All delegates are considered licensed users and are tracked for their GRC usage.
    • When the delegate logs in to perform the risk assessment on behalf of the assessor, the original assessor's name remains in the Assessor field. The new field Assessor's delegates displays the name of the delegate.
    • The delegate can reassign the task to another user.
    • The delegate can view the on-going assessments for the original assessor under Tasks in the Workspace.
    • The delegate can create issues.
    • The delegate can create risk response tasks and request approval.
    • All activity performed by the delegate is captured in the activity stream.