Linking automatically generated issues to a control in Many-to-many relationship

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Linking Automatically Generated Issues to a Control in Many-to-Many Relationship

    This functionality allows ServiceNow users to link automatically generated issues from different controls as related issues to a specific control. It includes an Originator flag to differentiate between issues that are automatically generated and those that are manually created.

    Show full answer Show less

    Key Features

    • Identification of Issue Origin: Users can identify whether an issue is automatically generated or manually created by viewing the control form.
    • Automatic Issue Generation: Issues are automatically created due to control test failures, control attestation failures, or control indicator failures, which result in non-compliance.
    • Issue Source Tracking: The Issue source field provides tags to track the reasons for issue generation, such as "Control Test Failure" for test failures and "Ad-Hoc" for manually created issues.
    • Handling Multiple Issues: Users can link multiple automatically generated issues to a control, but must be aware of potential conflicts in issue sources tracked by the Originator flag.

    Key Outcomes

    By effectively utilizing this feature, customers can manage compliance-related issues more efficiently. The Originator flag aids in tracking the source of issues, allowing for better visibility into control failures and ensuring accurate reporting on non-compliance reasons within the control's Overview page. This leads to improved oversight and quicker resolution of compliance issues.

    You can link an automatically generated issue that belongs to a different control as a related issue to a control. The Originator flag helps you to differentiate those control issues that were automatically generated from the controls that were manually created.

    Manually created and automatically generated issues

    Note:
    You can identify the origin of an issue whether it was automatically generated or manually created after you link the issue from one control to another only in a control form.

    You can create an issue manually for a control when you click the New button in the Issues related list of a Control form. For manually created issues, see Manually create GRC issues.

    However, issues are also automatically generated when there are:
    Control test failure
    If there’s a control test which is linked to a control and when one of the test is marked ineffective and closed, then the control becomes non-compliant. As a result, an issue is automatically generated. Control tests can be design test or operational test which can be marked ineffective and the tests can be common across all controls.
    Control attestation failure
    When the user who is an attestation respondent of a control rejects the control, then the status of the control becomes non-compliant and an issue is automatically generated.
    Control indicator failure
    Similarly, when a control indicator fails, the control becomes non-compliant and an issue is automatically generated.

    The source of the issue generation for one or more of the three failures can be tracked with the tags in the Issue source field of the Issue details. If there is a control test failure, the Issue source field is updated with a tag, Control Test Failure. If the issue was created manually, then the Issue source tag is Ad-Hoc.

    When a control's status moves to non-complaint, all the reasons for non-compliancy are pulled from the Issue source field and displayed as Reasons for non-compliance in the Status widget of the control's Overview page.
    Figure 1. Reasons for non-compliance
    List of reasons for a control's non-compliance.

    Handling more than one automatically generated issue while linking to a control

    You can add an automatically generated issue that belongs to another control, to a control in an m2m relationship using the Add button. However, adding an automatically generated issue from another control to a control with an existing automatically generated issue conflicts the source of the issue generation. To track the source of issue generation, a back-end flag, Originator, is used. It is a true or false flag and is false, by default. Originator is flagged true or false, if:
    • An automated issue of another control is associated to the current control, then the Originator is false.
    • It is a manual issue of the current control, then the Originator is false.
    • It is an automated issue of current control then the Originator is true.
    1. When there is an issue that exists with Originator as true, and if a control failure happens, the Issue source field of the issue is updated with the source of the issue. For example, there’s an issue with originator as true already present and the issue source is Control test failure. If another control failure happens, such as control attestation failure, then the Issue source is updated with two tags, namely Control test failure and Control attestation failure.
    2. When there is no issue present with Originator as true, and if one of the three control failures happens a new automated issue with originator as true is created. For example, if there's a control attestation failure for a particular control that has no issue linked to the control with the originator as true, then a new automated issue with Issue source as control attestation failure is created and the originator is true.

    Data migration

    The logic behind flagging an issue as automatically generated or manually created with the Originator flag is handled automatically when you install the latest plugin. For all automated issues linked to existing controls, the originator flag is true in the m2m records between the control and the issue.