Xanadu |
- Create multidimensional entities
- Create multidimensional entities by combining two or more entities from different entity classes using the Composite Entity Management application. You can create multidimensional entity classes with a composite entity structure, such as Company | Department | Business Process. After defining the composite entity
class, you can create composite entity that operates as a standalone entity. This feature enables you to manage risk and compliance workflows at the composite entity level, providing visibility into the combined risk and
compliance posture.
Note: Composite entity classes can be created in both the classic UI and the Risk Workspace. The creation of composite entities is supported only in Risk Workspace.
- Assess multiple risks and controls simultaneously
- Create a risk assessment project to perform bulk assessments on multiple risks and controls, enabling assessors to evaluate them in a single project. This approach reduces time and effort, confirms consistency across
multiple assessments, and provides a more comprehensive view of risks and controls within the same project. You can scope multiple risks related to the assessable entity within the project and perform
assessments.
Note: Assessment of multiple risks and controls is supported only in Risk Workspace.
- Addition of new roles
- The following roles related to risk assessment project were added:
- Risk assessment project reader [sn_risk_advanced.risk_asmt_project_reader]: Provides read only access to the risk assessment projects.
- Risk assessment project user [sn_risk_advanced.risk_asmt_project_user]: Provides the ability to create risk assessment projects and update or delete only the projects created by the user.
- Risk assessment project manager [sn_risk_advanced.risk_asmt_project_manager]: Provides the ability to create, update, and delete any risk assessment projects.
- Enhanced risk response workflow
- Streamline your risk response workflow with the following enhancements:
- Use a uniform workflow for all types of risk response tasks. A standardized workflow for risk response tasks enhances the management of all types of risk response tasks, promotes consistency, and reduces the need for
customization.
- Configure multiple levels of approvals for the risk response tasks using the approval configurator. By default, a single level of approval is enabled for all types of risk response tasks, where the risk owner can approve
the tasks. These approvals can be configured based on requirements.
- Reject a risk response task and move it to the work in progress state without closing it. This feature helps the risk response task owner to modify the response strategy if the approver is unsatisfied with the
response.
- Create action items with an independent workflow and link them to the risk response tasks when they are in the Draft or Work in progress state.
Note: You can create risk response action items for all types of risk
responses except for Risk acceptance tasks.
- Copy risk response plans from the previous risk assessment to the current risk assessment while reassessing.
- Link an open risk response task from the previous assessment to the current risk assessment while reassessing. You can also edit or remove an existing risk response task.
- Issue linking with risk assessments
- Streamline your risk assessments with the following enhancements:
- Enable the issue linking option on the Risk Assessment Methodology (RAM) form to create an issue or link an existing open issue with the risk assessment.
- View issue details from the configurable issue card available on the risk assessment.
- Identify newly created issues from existing linked issues with a visual differentiator on the issue card.
- Edit or remove issues.
- Enhanced risk event task workflow
- Streamline your risk event workflow with the following enhancements:
- Use a uniform and enhanced workflow for the risk event tasks. A standardized workflow enhances the management of risk event tasks.
- Configure multiple levels of approvals for the risk event tasks using the approval configurator.
- Reject a risk event task and move it to the work in progress state without closing it. This feature helps the risk event task owner to modify the risk event if the approver is unsatisfied.
- Improved user experience for risk identification questionnaire using Smart Assessment Engine
- Respond to the risk identification questionnaires from the Assessment Workspace with an interactive and intuitive user experience. Risk admin can select between classic and smart assessment questionnaire in the risk identification
configuration without making it a forced behavior. You can migrate an existing risk identification template to the Smart Assessment Engine application. You can also create risk identification templates in the Assessment Workspace.
Note: Only published assessment templates with a Risk Identification category are available for selection on the Risk Identification Configuration
form.
- Configuring currency conversion dates
- Define currency conversion dates for the risk event entries in the system properties. This feature enhances the accuracy of net loss calculations by enabling you to select specific dates for currency conversion rather than
relying solely on the date of impact. You can select a currency conversion date at the system property level from the following options:
- Risk event entry date
- First loss entry date
- Last loss entry date
- First recovery entry date
- Last recovery entry date
- Custom date
Note: You can also override the defined currency conversion dates in the risk response template configuration. These changes apply to both new and ongoing risk event workflows.
- Reopen closed risk events
- Reopen closed risk events to update existing risk events with new discoveries, losses, or relevant information without creating new risk events. This feature saves time and effort, offering flexibility and boosting
efficiency in managing risk events. You can reopen a risk event individually or in bulk.
- Miscellaneous enhancements and improvements
- Streamline your processes with the following enhancements:
- Notify the risk assessor with a notification email when a risk assessment is approved or rejected.
- Define a specific group as the respondent type in the Feedback Integration Configuration form when the target record doesn't have a user or group. For more information, see Configure a feedback integration.
- Configure a single currency mode for advanced risk assessments. This feature displays all financial values in the selected single currency, confirming consistency and clarity in all fields. For more information, see Single-currency mode.
- View the completion date of the most recent risk identification in the new field Last completed date, added to the Risk Identification form. For more information, see Set up risk identification integration.
|
Yokohama |
- Generative AI risk assessment summarization
- Generate a risk assessment summary from your inherent, residual, target risks, and control effectiveness data using the Now Assist for IRM application. The summary highlights key insights to help your approvers quickly understand the context before approving the risk assessments. You can also analyze details such as open issues,
risk response tasks, action items, and calculated risk scores to support your approval decision. Check your entitlements to confirm whether you have access to risk assessment summarization.
- Reassess a risk assessment project
- Review completed risk assessment projects to reflect new insights or changing conditions. All previously assessed risks in this project are automatically carried over and reassigned to the designated assessor. Confirm
continuity, minimize manual effort, and enhance efficiency in your risk management process.
- Copy risk responses from the previous assessment
- Copy responses from a previous risk assessment during the reassessment of a risk assessment project to streamline the assessment process. All prior responses are automatically copied, saving time and maintaining
consistency.
- Remove risks from assessment
- As a risk assessor, you can remove risks from the risk assessment project while performing the assessment, which also removes all responses associated with that risk. Removed scoped risks remain part of the project but are
marked as not applicable for reporting purposes. However, removed ad hoc risks are completely deleted.
- Manage risk response task workflow
- Manage and enable the risk response task workflow from the RAM form to enable users to create, delete, remove, edit, and link risk response tasks within an assessment.
- Reassign assessor for a risk assessment project
- Reassign assessors for multiple in-progress risk assessment projects simultaneously to minimize disruptions during stakeholder transitions.
- Configure risk color styles for the Next Experience
- Define and preview colors for the risk and advanced risk components in the Next Experience through a configurable system rather than having to use hex codes. The transition has been made from a hex code color management system to a configurable system that supports the highlighted value
component colors. This feature addresses theming and accessibility issues. You can define the color and variant, and preview them using the Next Experience color styles tab on the Risk color style form.
Note: The default color for the customized risk color style is set to Critical, with the variant set to Primary. You can manually change the color and
variant based on the requirement.
|
Zurich |
- Identify risks for an
entity
- If you’re a Workspace user with the sn_grc_sharegenai.risk_suggestion_aiagent_user role, you can use the Risk Suggestion AI Agent to identify risks related to an entity. The AI agent analyzes the entity and suggests relevant risks from various sources, consolidating them into a reviewable list to verify for
accuracy. Risk managers can then confirm and promote these risks to the risk register for further assessment. This feature automates risk discovery, helping identify potential risks and prepare for compliance
requirements.
- Reporting views from Risk Assessment Methodology
- The reporting view provides an overview of all assessments under a specific Risk Assessment Methodology (RAM). It consolidates assessment data such as factor responses, scores, issues, controls, and associated risks into a
single structure. When a RAM is published, the system automatically creates this view, which you can use to review assessments and build custom reports. It simplifies report and dashboard creation for risk
assessments.
Note: Automatic creation of Reporting views is not supported on Xanadu. For instructions on creating them manually, refer to KB2547071
- Risk event summarization
- Generate risk event summary using the Now Assist for IRM application. Risk event summarisation is a Generative AI driven capability that generates clear and consistent summaries automatically. It reduces the need for manual effort, helps risk managers
save time, and enables approvers to quickly understand the key details for faster decisions. Check your entitlements to confirm whether you have access to risk event summarization.
- Grid based risk and control assessment
- Gain efficient control over risk assessments with the new grid-based Risk and Control Self Assessment (RCSA). Quickly compare, edit, and prioritize risks and controls using the flexible, spreadsheet-style interface. Use
side-by-side views and bulk editing to complete assessments faster.
- Matrix report in Risk Workspace
- Access and analyze the risk posture of your organization using entity-related data, such as risks, controls, KRIs, and events in a centralized, configurable grid-based view. This feature reduces time spent switching views
and helps risk managers assess data more easily, leading to more proactive and streamlined risk management.
- Support third party large language models
- Risk assessment summarization and Risk event summarization support the LLMs from the third party providers, such as Anthropic Claude, Google Gemini, and OpenAI, in addition to Now LLM. This enhancement gives you greater flexibility to choose the model that best fits your organization’s needs for generating risk assessment and risk event summaries.
|
Australia |
- Risk event response template enhancements
- After upgrading to version 22.0.x, users with the Risk Manager [sn_risk.manager] or Risk Admin [sn_risk.admin] role can configure risk event response templates using dynamic, entity‑driven assignments. These changes enable
assignments to be derived from entity data alongside existing static user or group selection.
You can select user fields defined on the entity (such as Owner or Sub-owner) or entity stakeholder personas when configuring:
- Risk event owner assignment
- Issue creation and assignment
- Risk event approvers
- Risk Suggestion AI Agent enhancements
- After upgrading the Now Assist for Integrated Risk Management (IRM) application to version 22.x, the Risk Suggestion AI Agent supports a more context‑aware and conversational workflow. After selecting risk types, you can provide additional context to refine search results, with the agent dynamically asking
follow‑up questions when needed. Before adding risks to the suggested risk section, you can review and modify suggested risks by updating descriptions, renaming risks, or removing items from the list.
- Control Objective workflow
- After upgrading to version 22.0.x, you can use a defined workflow to update control objectives. Changes can be drafted and reviewed without changing the current active version, which helps avoid unintended changes to related
controls, and risk records. Only approved updates become active. The workflow also sets clear responsibility for making updates and helps keep control objective information consistent and up to date.
|