Yokohama |
- Generative AI risk assessment summarization
- Generate a risk assessment summary from your inherent, residual, target risks, and control effectiveness data using the Now Assist for IRM application. The summary highlights key insights to help your approvers quickly understand the context before approving the risk assessments. You can also analyze details such as open issues,
risk response tasks, action items, and calculated risk scores to support your approval decision. Check your entitlements to confirm whether you have access to risk assessment summarization.
- Reassess a risk assessment project
- Review completed risk assessment projects to reflect new insights or changing conditions. All previously assessed risks in this project are automatically carried over and reassigned to the designated assessor. Confirm
continuity, minimize manual effort, and enhance efficiency in your risk management process.
- Copy risk responses from the previous assessment
- Copy responses from a previous risk assessment during the reassessment of a risk assessment project to streamline the assessment process. All prior responses are automatically copied, saving time and maintaining
consistency.
- Remove risks from assessment
- As a risk assessor, you can remove risks from the risk assessment project while performing the assessment, which also removes all responses associated with that risk. Removed scoped risks remain part of the project but are
marked as not applicable for reporting purposes. However, removed ad hoc risks are completely deleted.
- Manage risk response task workflow
- Manage and enable the risk response task workflow from the RAM form to enable users to create, delete, remove, edit, and link risk response tasks within an assessment.
- Reassign assessor for a risk assessment project
- Reassign assessors for multiple in-progress risk assessment projects simultaneously to minimize disruptions during stakeholder transitions.
- Configure risk color styles for the Next Experience
- Define and preview colors for the risk and advanced risk components in the Next Experience through a configurable system rather than having to use hex codes. The transition has been made from a hex code color management system to a configurable system that supports the highlighted value
component colors. This feature addresses theming and accessibility issues. You can define the color and variant, and preview them using the Next Experience color styles tab on the Risk color style form.
Note: The default color for the customized risk color style is set to Critical, with the variant set to Primary. You can manually change the color and
variant based on the requirement.
|
Zurich |
- Identify risks for an
entity
- If you’re a Workspace user with the sn_grc_sharegenai.risk_suggestion_aiagent_user role, you can use the Risk Suggestion AI Agent to identify risks related to an entity. The AI agent analyzes the entity and suggests relevant risks from various sources, consolidating them into a reviewable list to verify for
accuracy. Risk managers can then confirm and promote these risks to the risk register for further assessment. This feature automates risk discovery, helping identify potential risks and prepare for compliance
requirements.
- Reporting views from Risk Assessment Methodology
- The reporting view provides an overview of all assessments under a specific Risk Assessment Methodology (RAM). It consolidates assessment data such as factor responses, scores, issues, controls, and associated risks into a
single structure. When a RAM is published, the system automatically creates this view, which you can use to review assessments and build custom reports. It simplifies report and dashboard creation for risk
assessments.
Note: Automatic creation of Reporting views is not supported on Xanadu. For instructions on creating them manually, refer to KB2547071
- Risk event summarization
- Generate risk event summary using the Now Assist for IRM application. Risk event summarisation is a Generative AI driven capability that generates clear and consistent summaries automatically. It reduces the need for manual effort, helps risk managers
save time, and enables approvers to quickly understand the key details for faster decisions. Check your entitlements to confirm whether you have access to risk event summarization.
- Grid based risk and control assessment
- Gain efficient control over risk assessments with the new grid-based Risk and Control Self Assessment (RCSA). Quickly compare, edit, and prioritize risks and controls using the flexible, spreadsheet-style interface. Use
side-by-side views and bulk editing to complete assessments faster.
- Matrix report in Risk Workspace
- Access and analyze the risk posture of your organization using entity-related data, such as risks, controls, KRIs, and events in a centralized, configurable grid-based view. This feature reduces time spent switching views
and helps risk managers assess data more easily, leading to more proactive and streamlined risk management.
- Support third party large language models
- Risk assessment summarization and Risk event summarization support the LLMs from the third party providers, such as Anthropic Claude, Google Gemini, and OpenAI, in addition to Now LLM. This enhancement gives you greater flexibility to choose the model that best fits your organization’s needs for generating risk assessment and risk event summaries.
|
Australia |
- Risk event response template enhancements
- After upgrading to version 22.0.x, users with the Risk Manager [sn_risk.manager] or Risk Admin [sn_risk.admin] role can configure risk event response templates using dynamic, entity‑driven assignments. These changes enable
assignments to be derived from entity data alongside existing static user or group selection.
You can select user fields defined on the entity (such as Owner or Sub-owner) or entity stakeholder personas when configuring:
- Risk event owner assignment
- Issue creation and assignment
- Risk event approvers
- Risk Suggestion AI Agent enhancements
- After upgrading the Now Assist for Integrated Risk Management (IRM) application to version 22.x, the Risk Suggestion AI Agent supports a more context‑aware and conversational workflow. After selecting risk types, you can provide additional context to refine search results, with the agent dynamically asking
follow‑up questions when needed. Before adding risks to the suggested risk section, you can review and modify suggested risks by updating descriptions, renaming risks, or removing items from the list.
- Control Objective workflow
- After upgrading to version 22.0.x, you can use a defined workflow to update control objectives. Changes can be drafted and reviewed without changing the current active version, which helps avoid unintended changes to related
controls, and risk records. Only approved updates become active. The workflow also sets clear responsibility for making updates and helps keep control objective information consistent and up to date.
|