Workflow of risk response task

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of Risk Response Task

    The risk response task workflow in ServiceNow provides a structured method to manage assessed risks by defining and executing plans to accept, mitigate, avoid, or transfer those risks. This workflow guides users through creating, responding to, and approving risk response tasks, ensuring proper risk management and accountability.

    Show full answer Show less

    Key Features

    • States of Risk Response Task:
      • Draft: Initial state upon creation.
      • Work in Progress: When the task owner is actively defining the plan of action and preparing it for approval.
      • Awaiting Approval: When the task is submitted for approver review.
      • Closed: Final state after approval.
    • Task Creation: Users with the snriskadvanced.araassessor role create risk response tasks and assign them to users with the snrisk.user role. Tasks start in the Draft state.
    • Action Items: Within each risk response task, multiple action items can be created to address specific aspects of the risk. These can be added while the task is in Draft or Work in Progress states. Action items have their own workflows and must be closed before submitting the overall task for approval. Note that action items cannot be created for Risk acceptance tasks.
    • Approval Process: The default approval setup includes a single level where the risk owner reviews and approves the task. Approval workflows can be customized based on organizational requirements. Tasks move from Work in Progress to Awaiting Approval only after all associated action items are closed.
    • Responding to Tasks: Task owners define the action plan and request approval. Approvers then review and either approve or reject the plan. Approval advances the task to Closed; rejection reverts it to Work in Progress for further refinement.

    Key Outcomes

    • Ensures risk response tasks are thoroughly planned, reviewed, and approved within a controlled workflow.
    • Facilitates clear assignment and tracking of risk mitigation activities through granular action items.
    • Supports configurable approval processes to align with organizational risk management policies.
    • Provides visibility into the status of risk response efforts, promoting accountability and timely risk management.

    The risk response task workflow is a structured process to manage assessed risks by defining plans of action to either accept, mitigate, avoid, or transfer those risks.

    Exploring the user journey for Risk response task

    The states of a risk response task are as follows:
    1. Draft: The default state when a risk response task is created.
    2. Work in progress: The state when the risk response task owner starts working on it and sends it to the approver for review.
    3. Awaiting approval: The state when the approver reviews the risk response task and either approves or rejects it.
    4. Closed: The state when the approver approves the risk response task, moving it to the Closed state.
    The risk response task workflow consists of the following stages:
    Create a risk response task
    After an assessor identifies the risk response plans, the assessor then creates risk response tasks. The user with the sn_risk_advanced.ara_assessor role can create a risk response task and assigns them to the risk user with the role sn_risk.user. After creation, the risk response task moves to the Draft state. For more information, see Create a risk response task in the Risk Workspace.
    Create action items
    The risk assessor can create multiple strategies with various action items for each risk response task. Action items are specific, granular tasks defined within a risk response task to address and manage risks effectively. Action items can be created and defined when the risk response task is in either the Draft state or the Work in progress state. For more information, see Create an action item in the risk response task.

    Action items have their own independent workflow. For more information, see Workflow of action item in risk response task.

    Note:
    You can create risk response action items for all types of risk response tasks except for Risk acceptance tasks.
    Respond to the risk response tasks
    After the risk response task is assigned, the risk response task owner moves the risk response task to the Work in progress state. In this stage, the risk response task owner defines a plan of action for the risk response task. After defining the plan of action, the task owner can request for approval from the approvers defined in the approval configurator. By default, a single level of approval is enabled for all types of risk response tasks, where the risk owner can approve the tasks. These approvals can be configured based on requirements. After the task owner request for approval, the risk response task moves to the Awaiting approval state.
    Important:
    All action items associated with the risk response task must be closed to move the risk response task from Work in progress to Awaiting approval state.
    Approve or reject the risk response task
    In the Awaiting approval state, the approvers defined in the approval configurator can review the plan of action and either approve or reject the risk response task. The risk response task moves to the Closed state, if the all the approvers approve the task. If any of the approvers reject the task, then the risk response task moves back to the Work in progress state.