Integration of advanced risk assessment with other applications

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integration of advanced risk assessment with other applications

    This feature enables ServiceNow administrators to embed advanced risk assessments directly into other application workflows, automating the initiation of risk assessments based on predefined rules and events. This digitization eliminates manual efforts and enhances the accuracy and timeliness of risk posture reporting by shifting from cyclic to event-driven assessments.

    Show full answer Show less

    Key Features

    • Event-driven risk assessments: Automatically trigger risk assessments upon specific events, providing a real-time view of risk posture and enabling prompt corrective actions.
    • Integration with any application workspace: Allows embedding the risk assessment workflow within various applications, with ServiceNow offering default integration in the Risk Workspace for risk events.
    • Initiate risk assessment button: Post-configuration, users can initiate assessments directly from relevant application records, such as risk events, without manually creating risk assessment scopes.
    • Flexible risk assessment methodology selection: When initiating an assessment, users can select from risk assessment methodologies associated with the entity class, overriding the default primary RAM if needed.
    • Role-based assessor and approver assignment: Only users with specific roles (snriskadvanced.araassessor for assessors and snriskadvanced.araapprover for approvers) can be assigned, with approvers either specified manually or set automatically as the assessor's manager.
    • Overdue assessment configuration: Administrators can define the number of days after which an assessment is considered overdue.
    • API support: Risk assessments can be initiated programmatically via API, with risks added to scopes anytime and assessment frequency governed by scope settings.

    Important Considerations

    • Simultaneous initiation of assessments for multiple risks is not supported due to potential differences in entities and methodologies.
    • Risk assessments cannot be initiated if an assessment is already in progress for the risk.
    • Assessments cannot proceed if no risk assessment methodology is defined for the related entity.

    Practical Benefits for ServiceNow Customers

    By integrating advanced risk assessments into workflows, customers can achieve faster, more accurate risk evaluations triggered by actual events, improving risk visibility and management efficiency. The configurable and role-based approach ensures assessments are properly governed and aligned with organizational processes, reducing manual overhead and enhancing compliance.

    As an administrator, you can embed risk assessments within other workflows and define rules for when risk assessments must be initiated. The key benefit of embedding risk assessments is the digitization of the workflow so that assessments are initiated automatically without manual effort.

    Prior to the San Diego release, you could perform risk assessments in a cyclic manner. This means that earlier risk assessments were performed only few times in a year and thus your risk posture reporting might not be accurate. To address this issue, you can now perform event-driven risk assessments. Event-driven risk assessments mean that when an event occurs, you can perform a risk assessment. Performing event-driven risk assessments help you to get a quick view of the actual risk posture and take the necessary corrective actions. You can integrate advanced risk assessment with any application and perform risk-based assessments in your workspaces. By default, ServiceNow® provides the integration of advanced risk assessment with risk events in the Risk Workspace.

    To integrate risk assessment in an application in your workspace, you must perform the configuration steps given in the Risk assessment integration in workspace [KB0999135] article in the Now Support Knowledge Base. After you perform the configuration steps, you can see the Initiate risk assessment button.

    Although you can integrate the Initiate risk assessment feature on any application in your workspace, this article uses risk events as an example. When you analyze a risk event and identify the relevant risks, you can easily initiate risk assessments for those risks by integrating the advanced risk assessment workflow in your risk events. This integration enables you to perform risk assessments without going through the entire process of creating risk assessment scopes. Prior to the San Diego release, for a risk assessor to perform a risk assessment, the risk user was required to create a risk assessment scope defining the entity, the assessor, and the approver.

    When you initiate an assessment for a risk that is created for a risk event, although the risk assessment methodology (RAM) is set to the primary RAM of the entity class, you can select a different relevant risk assessment methodology. Only those risk assessment methodologies that are associated with the entity class of the selected risk are available for selection. You can then specify the assessor and approver for the risk assessment. Only users with the sn_risk_advanced.ara_assessor role can be the assessors and users with the sn_risk_advanced.ara_approver role can be the approvers. For more information on these roles, see Roles for performing advanced risk assessment. Earlier, the approvers were defined when the risk administrators created the risk assessment scopes. However, when you initiate a risk assessment from an application, you can specify the approvers at the time creating the assessment. You cannot change the approvers once you have specified them. If the approver is set as Same as assessor's manager, then the approver is automatically set depending on the assessor. You can also define the number of days after which the assessment will be considered overdue.

    Even when you initiate a risk assessment from an application using the API, you can add those risks to the risk assessment scope at any time. After the risk is added to the risk assessment scope, the frequency of the assessment is based on the frequency defined in the risk assessment scope.

    There could be some scenarios when you maybe unable to initiate a risk assessment from an application. Those scenarios are listed as follows.
    • If you select multiple risks and try to initiate the assessments at once. The reason for this is that different risks can have different entities and can have different risk assessment methodologies.
    • If an in-progress risk assessment exists.
    • If a risk assessment methodology is not defined for the entity for which the risk exists.