Assess risks of policy exception using advanced risk assessments

Release version: Australia

Updated March 12, 2026

1 minute to read

Take the advanced risk assessment to evaluate the risk involved with the policy exception.

Before you begin

Role required: sn_compliance.manager

GRC: Advanced Risk is the required plugin for the integration with Advanced risk assessment to assess risk using the advanced risk assessment feature.

About this task

After the policy exception is submitted, as a compliance manager you can do the risk analysis on the policy exception to evaluate its risk status and determine its approval based on its risk impact on the policy.

Procedure

Navigate to All > Policy and Compliance > Compliance Workspace.
In the Compliance Workspace, click the icon.
Click All policy exceptions in the Policy exceptions list.
Click the link to the policy exception record, for which you want to assess the risk, in the Name column.
Select the Take risk assessment option in the Method field of the Risk assessment section.
For more information on the risk assessment options, see Risk assessment section.
Click Save.
Click the Assess risk button.
You can assess the risk of a policy exception only when its state is Analyze.
Select a risk assessor and an approver in the Specify risk assessor and approver pop-up.
Any user with compliance user role or risk user role can be a risk assessor or an approver.
Click the Send assessment button.
Assessment is sent to the user selected in the pop-up. For more information, see Assess risks and objects on an assessment instance.
After the assessment is complete, the Risk rating field on the policy exception form is auto-populated with the values configured in Policy exception risk rating mapping table.
Click the Details tab.
The score calculated based on the risk assessment responses that you provided is mapped with the value in the Risk rating field.