Workflow of a risk using Advanced Risk

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of a Risk Using Advanced Risk

    The Advanced Risk Workflow enhances risk management by providing a clearer view of risk states and allowing direct initiation of risk assessments from the risk form. Once the Migrate to Advanced Risk Assessments property is enabled by the risk administrator, the legacy risk lifecycle transitions to a more detailed structure, allowing for updated management processes. Note that this property cannot be disabled once activated.

    Show full answer Show less

    Key Features

    • Risk States: Starting with version 14.0, risks can be in one of five states: Draft, Assess, Respond, Monitor, and Retire.
    • Actions by State: Each state has specific actions that can be taken, facilitating effective risk management.
      • Draft: Identify and map risks; actions include Save, Assess, Monitor, Retire, navigate to assessment scope, and view 360-degree relationships.
      • Assess: Initiate risk assessment; actions include Save, View assessment, Cancel assessment, Return to draft, Retire, navigate to assessment scope, and view 360-degree relationships.
      • Respond: Manage risk response tasks; actions include Save, Assess, Retire, navigate to assessment scope, 360-degree view, and Return to draft.
      • Monitor: Oversee assessed risks; actions include Save, Assess, Retire, navigate to assessment scope, 360-degree view, and Return to draft.
      • Retire: Archive risks for audit purposes; actions include 360-degree view and Activate to return to Draft state.

    Key Outcomes

    By utilizing the Advanced Risk Workflow, ServiceNow customers can expect improved oversight of risk management processes, the ability to track and respond to risks more effectively, and enhanced documentation for audit trails. This structured approach allows organizations to maintain compliance and manage risks proactively.

    When you migrate to advanced risk assessment, you can view the various states of the risks take the necessary actions. This ability simplifies your view of the risk form.

    When your risk administrator enables the Migrate to Advanced Risk Assessments property located under Advanced Risk Assessment > Administration > Properties, the life cycle of the classic or legacy risks undergo a change. You can also initiate a risk assessment directly from the risk form.
    Note:
    Once you enable this property, you cannot disable it.
    Prior to version 14.0, when the Migrate to Advanced Risk Assessments property was enabled, the risks were only classified as either active or inactive. Starting with version 14.0, as a risk owner, when you enable Advanced Risk, you can view the following states of your risks.
    1. Draft
    2. Assess
    3. Respond
    4. Monitor
    5. Retired
    Figure 1. States of a risk with advanced risk assessment
    States of a risk with advanced risk assessments enabled.
    All the states and the actions available for each state are explained in the following table.
    State Description Actions available
    Draft This is the state of a risk when a risk is created by the second line of defense or identified by the first line of defense.

    The objective in this state is to map and identify the risk pertaining to your organization. If you modify the entity or the primary risk assessment methodology (RAM) for a risk, the state of the risk gets updated based on the primary RAM's latest assessment.
    • Save
    • Assess: Pushes the workflow and initiates the risk assessment.
    • Monitor: If you do not want to assess the risk but want to monitor the risk.
    • Retire: The risk is retired along with all underlying risk assessment and risk response.
    • Navigate to assessment scope: Shortcut to risk assessment scope. The primary risk assessment methodology is passed.
    • 360 degree: View the complete 360-degree relationships for the risk.
    Assess This is the state of a risk when advanced risk assessment is initiated and being performed. If there is a response strategy, then the risk moves to the Respond state otherwise it moves to the Monitor state once the assessment is completed.
    • Save
    • View assessment: Navigates to the actual risk assessment form.
    • Cancel assessment: If you want to cancel the current assessment. The respective risk assessor is notified about the canceled assessment.
    • Return to draft: Cancels the current assessments and returns the risk to the previous state.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    Respond This is the state of the risk when the risk response task is in progress.

    Once the risk response task is closed, the risk is automatically moved into the Monitor state
    • Save
    • Assess: Pushes the workflow back in the workflow. The in-progress risk response task would be canceled.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Monitor This is the state of the risk when the risk has been assessed and the response task is closed.

    If KRIs are defined (through Metrics), they are executed to monitor the risk.
    • Save
    • Assess: Moves the risk back to Assess state and initiates the risk assessment.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Retire This is the state of the risk when the risk is no longer valid but the organization wants to keep a system of record for audit purposes.
    • 360 degree
    • Activate: Reactivates the risk and moves it back to Draft state.
    • Navigate to assessment scope.