Manage issues

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage issues

    Managing issues effectively is critical for measuring and improving your company's risk management program. ServiceNow enables employees and business users to self-identify and submit issues via the Service Portal, automatically initiating a triage process. Governance, Risk, and Compliance (GRC) users can also manually create issues to document audit observations, remediation efforts, and compliance or risk concerns. Additionally, certain types of issues can be generated automatically based on control attestations or control test results.

    Show full answer Show less

    Key Features

    • Issue Submission: Allows both self-service submission by employees/business users and manual creation by GRC users, supporting diverse user roles.
    • Issue Triage Process: Automatically creates triage issues upon submission for initial evaluation and assignment to a triage team.
    • Issue Lifecycle Management: Covers intake, investigation, remediation, and review stages to ensure thorough handling of issues.
    • Tracking and Monitoring: Issues can be tracked individually or collectively within the Workspace, facilitating oversight and management.
    • Grouping of Issues: Enables grouping related issues in the Workspace to simplify handling and improve workflow efficiency.

    Key Outcomes

    • Improved Risk Mitigation: By investigating and remediating issues, controls remain compliant and organizational risk is reduced.
    • Noise Reduction: Eliminates duplicate and irrelevant issues to focus on those that pose significant risk.
    • Prioritized Remediation: Helps identify and focus on remediation actions that address the highest risks.
    • Operational Insight: Identifies weaknesses in policies, processes, and controls to improve overall governance.
    • Accountability and Review: Policy owners review and approve issues prior to closure, enabling benchmarking and gap reduction.

    You can measure the effectiveness of your company's risk management program by how quickly and completely it identifies and reacts to risk and compliance issues.

    Issues can be submitted using two methods, depending on the type of user involved:
    Note:
    Various types of issues can also be automatically generated under the following conditions (these types of issues are not triaged):
    • Control issue: Created when a control attestation is completed, indicating that the control is not implemented, or when an indicator fails.
    • Control test issue: Created when a control test is closed complete with the control effectiveness set to Ineffective.

    Goals of issue management

    The goals of issue management include:

    • Eliminating noise​.

    • Consolidating duplicate issues​.

    • Focusing on issues that expose the organization to the greatest risk.

    • Identifying and prioritizing remediation actions​.

    • Identifying new issues across the business operations​.

    • Analyzing operational weakness in policies, processes, and controls​.

    Issue management workflow and life cycle

    By remediating issues, controls can be kept compliant, and risk can be mitigated​. The Issue Management workflow and life cycle are illustrated and described here.
    Figure 1. Issue Management workflow
    Issue Management Workflow
    Table 1. Issue Management life cycle
    Stage Description
    Issue intake As described earlier, issues can be submitted using two methods, depending on the type of user involved:
    • Employees and business users within your company can self-identify an issue and submit it via the ServiceNow® Service Portal. Following submission, a triage issue is automatically created and the issue triage process begins.
    • GRC users can manually create an issue from within their instance. These types of issues are not triaged.
    Investigate the issue During the investigation phase, it is determined whether the issue requires additional study. If a triage is being performed, the triage issue is assigned to a triage team for analysis. The triage team may request more information from the issue creator. The team can also optionally send the issue to the compliance manager, risk manager, or triage manager with a triage result.
    Remediate the issue After the team has confirmed the issue, the necessary steps to remediate it are performed. If a triage was performed, the triage issue is converted into an actual issue or risk event. The team may also decide to track the issue as a recommendation or close it as a non-issue.
    Review and monitor the issue Prior to closing the issue, the policy owner reviews and approves it. The review also allows the organization to:
    • track past due tasks
    • benchmark issue timelines
    • identify where losses could have been mitigated
    • reduce gaps in the future