Create independent entities

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Entities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.

    Before you begin

    Role required:
    • sn_compliance.admin or sn_compliance.manager,
    • n_risk.admin or sn_risk.manager
    • sn_audit.admin or sn_audit.manager

    Procedure

    1. Navigate to one of the following locations:
      • Policy and Compliance > Scoping > All Entities.
      • Risk > Scoping > All Entities.
      • Audit > Scoping > All Entities.
    2. Do one of the following actions
      OptionDescription
      To create a new entity Click New.
      To edit an entity Open the entity from the list.
    3. On the Entity form, fill the fields as appropriate.
      Table 1. Entity form
      Name Description
      Refers to existing record Select this checkbox if the entity is already part of a ServiceNow® table record. Clear this check box to create a stand-alone entity.
      Applies to record Select the table name and the corresponding document. This field is visible only when the Refer to existing recordcheck box is selected.
      Active Check box to activate the entity.
      Name The name of the entity.
      Compliance Score Percentage Compliance percentage derived from Downstream controls.
      Owned by Select the control owner for this entity. Notifications are automatically sent to entity owners and risk managers in the event of a breach.
      Note:
      The control owner must be a valid, active user. If an entity is assigned to an inactive user, the entity will be neglected, unless it is observed in reports.
      Class Entity class to which the application belongs.
      Generate target Select this check box if you want to create a target.

      Every time an entity is created in the system, a target record is also created. This field is only visible if at least one of the use case accelerator applications is installed.
    4. In the Compliance related list, in the Attestation frequency field select the appropriate option.
      This field refers to the frequency with which the attestations are sent out to the attestation respondents. The value here defaults the control frequency. If the control owner wants to have a different frequency at the control level, it can be overwritten.
    5. Click Risk Rollup and Tolerance related list and fill in the form as appropriate.
      This related list is visible only when Advanced Risk has been downloaded.
      Table 2. Risk Rollup and Tolerance related list
      Field Description
      Expected ALE Annual Loss of Expectancy (ALE) refers to the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). Expected ALE is the expected value of the ALE for the risk statement. Enter currency and amount for the expected ALE.
      Note:
      This value must be less than or equal to the Maximum acceptable ALE.
      Maximum acceptable ALE Threshold value for the ALE for the risk statement.
      Note:
      This value must be greater than or equal to theExpected ALE. This value has an impact on the Tolerance status field.
      Sum of calculated ALE This calculation is based on the sum of calculated ALE of all the underlying risks of the risk statement and its children risk statements.
      Average calculated ALE This calculation is based on the average of calculated ALE of all the underlying risks of the risk statement and its children risk statements.
      Maximum calculated ALE This calculation is based on the maximum of calculated ALE of all the underlying risks of the risk statement and its children risk statements.
      Minimum calculated ALE This calculation is based on the minimum of calculated ALE of all the underlying risks of the risk statement and its children risk statements.
      Tolerance Status Automatically calculated based on tolerance values.
      • If the Calculated ALE is less than or equal to the Expected ALE = Acceptable in green
      • If the Calculated ALE is greater than the Expected ALE, but less than or equal to the Max acceptable ALE = Needs Attention in orange
      • If the Calculated ALE is greater than the Maximum acceptable ALE = Unacceptable in red
      Note:
      If the Tolerance Status changes to Needs Attention or Unacceptable, emails are automatically sent to the entity owner and risk manager to investigate.
      Calculated Score The corresponding score for the calculated ALE:
      • Low
      • Med
      • High
    6. In the Basel Business Line related list, in the Basel business lines field, map your entity to the Basel lines of business.
    7. Click Update downstream entities business line if you want all the downstream entities to inherit the Basel business line that you have selected.
    8. Click Submit or Update.