GRC Risk Workspace

  • Release version: Zurich
  • Updated April 28, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC Risk Workspace

    The GRC Risk Workspace, introduced in version 13.0.5, delivers a streamlined, single-pane user experience for risk management tasks within ServiceNow. It consolidates functions such as risk assessments and risk event processing into an intuitive interface. This workspace is highly configurable and role-driven, enabling customized views and functionalities tailored to different user roles within your organization. It also simplifies application management by reducing the number of apps users need to install for effective risk management.

    Show full answer Show less

    To activate the Risk Workspace, the GRC: Risk Management workspace (com.snriskworkspace) plugin must be installed and activated.

    Key Features

    • Role-Driven Views: The workspace offers distinct home pages and views customized for specific roles such as Operational Risk Manager, Business Operational Risk Manager, and IT Risk Manager, aligning with their responsibilities and daily tasks.
    • Consolidated Home Page: Provides a comprehensive organizational risk overview including key risk indicator (KRI) breaches, risk heatmaps, classification breakdowns, and entities at highest risk.
    • Task Management: Displays key tasks assigned to the user and their group, facilitating easier tracking of actionable items.
    • Customization: Allows configuration of elements like color codes for heatmaps and reports to suit organizational needs.
    • Quick Access Links: Enables performing critical actions such as scheduling risk assessments and creating KRIs directly from the workspace.
    • Data Interaction: Provides selectable data views with drill-down details for better insight and reporting.
    • Compatibility: Displays classic risk assessment scores if the Advanced Risk application is not enabled, ensuring continuity.

    Role Descriptions and Responsibilities

    • Operational Risk Manager: Focuses on managing operational risks caused by people, processes, systems, or external events, ranging from minor errors to severe incidents like fraud.
    • Business Operational Risk Manager: Acts as the first line of defense for individual business units, managing their specific risk posture.
    • IT Risk Manager: Oversees the organization-wide IT risk management program, addressing threats to business data and critical IT systems.

    User Experience Enhancements

    The workspace introduces improvements to facilitate easier task execution, particularly benefiting new GRC users or those less familiar with the platform. Advanced Risk Assessments are now more accessible and simplified, allowing users to quickly access assigned assessments via the GRC Risk Portal or within the Risk Workspace itself.

    Starting with version 13.0.5, the GRC Risk Workspace provides a new and simplified user experience with a single-pane view. In the workspace, you can perform the same functions as the classic environment, but with more intuitive functionality. These functions include risk assessments, risk events processing, and so on.

    The Risk Workspace is highly configurable and role-driven. Being role-driven means that the Risk Workspace is customized or unique for each user or role in your organization. In the workspace, different users with specific roles can perform different functions and have views that differ from each other. The workspace also reduces the number of apps that the users must install to utilize the Risk Management application. For example, if you want to manage your IT risks, you must install only one application. The workspace makes the management and installations of apps easier. To use the Risk Workspace, you must install and activate the GRC: Risk Management workspace (com.sn_risk_workspace) plugin.

    The starting point in the Risk Workspace is the Home page Home page button..

    The Home pages show you the complete view of the risk status across your organization. Some of the key items that you can see are the key risk indicator (KRI) breaches, the risk heatmaps, the risk classification and breakdown, entities at the highest risk and so on.

    The Home page offers the following benefits:
    • Provides a different view for each role.
    • Is designed for the specific responsibilities of each role.
    • Shows the day-to-day tasks for each role depending on the user. For example, the Home page for an Operational Risk Manager differs from that of the Home page of the IT Risk Manager.
    • Displays the key tasks assigned to you and your group. This makes it easier to get a complete view of your actionable tasks. For more information on the new user experience for Advanced Risk Assessments, see Advanced Risk Assessments in the Risk Workspace.
    • Shows the risk profile for the top entities. This consolidated view enables easier reporting.
    • Enables customization to suit your needs. For example, you can configure your own color codes for heatmaps and reports. For more information, see Operational risk heatmap for Advanced Risk Assessment in the Risk Workspace
    • Provides quick links for performing key tasks such as scheduling risk assessments, creating new key risk indicators, and so on.
    • Provides data in a way that you can select and view the details.
    • Shows the classic risk assessment scores if the Advanced Risk application is not enabled.

    Roles and user enhancements in the Risk Workspace

    The roles for the Risk Workspace are the Operational Risk Manager and IT Risk Manager. See the following sections for the description of each role, its responsibilities, and its tasks.
    Note:
    Because the roles in your organization might be different from what is presented here, use these roles as references or models.

    Multiple enhancements have also been made to the user experience in the Risk Workspace. Each enhancement is described in detail in the subsequent sections.