Report a GRC issue

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Report GRC issues by using the Report a GRC issue AI agent in Employee Center. The AI agent guides you, structures your input, and suggests relevant controls, entities, and policies before submission.

    Before you begin

    Important:
    This agent is turned on by default. For more information, see Now Assist skills, agents, and agentic workflows on by default.
    Role required:
    • One of these roles: employee user, business_user, or business_user_lite
    • The sn_grc_genai.issue_aiagent_user role

    AI agents use role masking to determine which users can access them and what data they have access to. Ones installed with Now Assist applications have specific roles that come included with the application. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an AI agent.

    About this task

    The report a GRC issue AI Agent helps you log GRC issues in the Employee Center. It validates the input, structures the issue details, and suggests relevant controls, entities, and policies. The agent ensures accuracy by confirming whether the issue qualifies as a GRC issue. It then summarizes the details into key components such as name, problem statement, root cause, issue type, date of occurrence, affected policies, impacted entities, and control objectives. You can review, edit, or submit the issue, and once submitted, a clickable reference link is provided for easy tracking under My Requests.

    Procedure

    1. Navigate to All > Self-Service > Employee Center.
    2. Select Now Assist Virtual Agent.
    3. Select Report a GRC issue.
    4. Provide the issue details as requested by the agent.
      The agent analyzes your input and confirms whether it qualifies as a valid GRC issue.
      • If the issue doesn't qualify, the AI agent prompts you to provide additional details or rephrase your description.
      • If the issue qualifies, the agent generates a structured summary that includes:
        Table 1. Structured summary fields
        Key elements Description
        Name Short, clear title for the issue.
        Problem statement Detailed description of what happened, including context and specifics.
        Root cause Underlying reason for the issue.
        Issue type Categorization of the issue.
        Date of occurrence Date when the issue occurred.
        Affected policies/controls List of any policies or controls impacted by the issue.
        Impact Explanation of the potential consequences or risks.
        What was affected (Entity) Impacted entity or system.
        Control objective Intended goal or outcome that the control aims to achieve to mitigate risk and ensure compliance.
        Note:
        The key elements listed may vary depending on the nature of the issue. Some issues might require additional details, while others may not include all components shown here.
    5. Review the summary generated by the agent, and choose how you want to proceed.
      OptionAction
      Submit

      Create the issue.
      Edit details
      Modify the issue details before submission. You can:
      • Enter the name of the key element from the displayed list, then update its associated details.
      • Ask the AI agent to suggest relevant values that match your description
      Cancel Discard the issue and exit the process without saving any changes.

    Result

    After you submit, the agent confirms that the issue has been reported and provides a reference link. Select the link to view all the issues or track the status anytime under My Requests.