Workflow of risk response task

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of risk response task

    The risk response task workflow in ServiceNow is a structured process designed to manage assessed risks by establishing plans to accept, mitigate, avoid, or transfer those risks. It guides users through creating, responding to, and approving risk response tasks to ensure effective risk management within an organization.

    Show full answer Show less

    Workflow States

    • Draft: Initial state when a risk response task is created.
    • Work in progress: When the task owner begins working on the task and prepares it for approval.
    • Awaiting approval: When the task is under review by the approver(s).
    • Closed: Final state after approvers approve the task.

    Key Steps in the Workflow

    • Create a risk response task: Users with the snriskadvanced.araassessor role create and assign risk response tasks to users with the snrisk.user role. The task initially enters the Draft state.
    • Create action items: Assessors define granular action items for each risk response task to address risks effectively. These can be created while the task is in Draft or Work in progress states and have their own independent workflow. Note that action items cannot be created for Risk acceptance tasks.
    • Respond to risk response tasks: The task owner moves the task to Work in progress, defines a plan of action, and then requests approval. Approval configurations allow for customization, but by default a single level of approval by the risk owner is enabled. All associated action items must be closed before requesting approval.
    • Approve or reject risk response tasks: Approvers review the plan during the Awaiting approval state. If all approve, the task moves to Closed; if any reject, the task reverts to Work in progress for further updates.

    Practical Benefits for ServiceNow Customers

    This workflow provides a clear, enforceable process for managing risk responses, ensuring accountability and proper review. By following these stages, customers can systematically track risk mitigation efforts, ensure all necessary actions are completed before approval, and maintain governance over risk handling activities.

    The risk response task workflow is a structured process to manage assessed risks by defining plans of action to either accept, mitigate, avoid, or transfer those risks.

    Exploring the user journey for Risk response task

    The states of a risk response task are as follows:
    1. Draft: The default state when a risk response task is created.
    2. Work in progress: The state when the risk response task owner starts working on it and sends it to the approver for review.
    3. Awaiting approval: The state when the approver reviews the risk response task and either approves or rejects it.
    4. Closed: The state when the approver approves the risk response task, moving it to the Closed state.
    The risk response task workflow consists of the following stages:
    Create a risk response task
    After an assessor identifies the risk response plans, the assessor then creates risk response tasks. The user with the sn_risk_advanced.ara_assessor role can create a risk response task and assigns them to the risk user with the role sn_risk.user. After creation, the risk response task moves to the Draft state. For more information, see Create a risk response task in the Risk Workspace.
    Create action items
    The risk assessor can create multiple strategies with various action items for each risk response task. Action items are specific, granular tasks defined within a risk response task to address and manage risks effectively. Action items can be created and defined when the risk response task is in either the Draft state or the Work in progress state. For more information, see Create an action item in the risk response task.

    Action items have their own independent workflow. For more information, see Workflow of action item in risk response task.

    Note:
    You can create risk response action items for all types of risk response tasks except for Risk acceptance tasks.
    Respond to the risk response tasks
    After the risk response task is assigned, the risk response task owner moves the risk response task to the Work in progress state. In this stage, the risk response task owner defines a plan of action for the risk response task. After defining the plan of action, the task owner can request for approval from the approvers defined in the approval configurator. By default, a single level of approval is enabled for all types of risk response tasks, where the risk owner can approve the tasks. These approvals can be configured based on requirements. After the task owner request for approval, the risk response task moves to the Awaiting approval state.
    Important:
    All action items associated with the risk response task must be closed to move the risk response task from Work in progress to Awaiting approval state.
    Approve or reject the risk response task
    In the Awaiting approval state, the approvers defined in the approval configurator can review the plan of action and either approve or reject the risk response task. The risk response task moves to the Closed state, if the all the approvers approve the task. If any of the approvers reject the task, then the risk response task moves back to the Work in progress state.