Advanced Risk Assessment Setup
Summary
TLDRThis video from the 'How to Now' series explains how to set up Advanced Risk Assessments in ServiceNow's Risk Management application, focusing on the Utah release. It covers the importance of risk assessments in decision-making, the steps to configure risk assessment methodologies, and how to streamline processes through automation. Using a case study, the video demonstrates how to set up assessment contexts, types, preferences, and risk roll-ups. The advanced risk assessment tool improves accountability, reporting, and efficiency in risk management across organizations.
Takeaways
- 🔍 Risk assessments are critical for decision-making, focusing on identifying, analyzing, and prioritizing risks in organizations.
- 📝 Linda, a risk manager, faces challenges with manual risk assessments, dispersed data, and inconsistent risk ratings across business units.
- ⚙️ ServiceNow’s advanced risk assessment streamlines risk management by providing a single source of truth, automation, and real-time risk monitoring.
- 🏗️ To set up advanced risk assessments, a Risk Assessment Methodology (RAM) is required, which involves configuring templates and assessment processes.
- 🔧 There are four key steps to set up RAM: defining context, assessment type, preferences, and risk roll-up hierarchies.
- 📊 RAM allows for risk-based and object-based assessments, depending on the organization’s needs, like departments assessing their own operational risks.
- ⚖️ Different assessment types (inherent risk, control effectiveness, residual risk) involve factors like impact, likelihood, and scoring logic to quantify risks.
- 🛠️ RAM also supports qualitative and quantitative assessments, using scales like manual factors (human responses) and group factors (weighted averages).
- 📈 Advanced risk assessments enable automated workflows, including notifications, risk responses, and approval levels based on criteria.
- 🔗 The system automatically aggregates risk scores across hierarchies, providing stakeholders with a holistic view of organizational risk posture.
Q & A
What is the purpose of a risk assessment in risk management?
-A risk assessment helps identify, analyze, and prioritize risks an organization faces. It facilitates decision-making by evaluating the severity of these risks and aids in managing them effectively.
What challenges does Linda, the risk manager, face with her organization's risk assessment process?
-Linda's challenges include manual risk assessments that are time-consuming, risk data spread across different document management systems, lack of accountability, inconsistent risk hours across business units, and an inability to provide comprehensive reporting to senior management.
How does the Advanced Risk Assessment in ServiceNow help address these challenges?
-The Advanced Risk Assessment in ServiceNow centralizes risk data, standardizes and automates the process, drives accountability, aggregates risks across the organization, provides real-time monitoring, and delivers holistic reporting.
What is the first step in setting up a Risk Assessment Methodology (RAM) in ServiceNow?
-The first step is to define the assessment context, which involves selecting whether the assessment will focus on risks or objects, such as departments or entities within the organization.
What are the three available assessment types in a RAM template, and how do they differ?
-The three assessment types are: inherent risk, control effectiveness, and residual risk. Inherent risk assesses the likelihood and impact of a risk; control effectiveness evaluates how well controls mitigate the risk; and residual risk measures the remaining risk after considering controls.
What is a manual factor, and how is it used in risk assessments?
-A manual factor is a component of risk assessment where human input is required to respond to specific questions. For example, assessors manually select a likelihood rating on a scale from remote to almost certain.
How is a group factor used in risk assessments?
-A group factor logically groups manual factors and uses their combined responses to determine a score. For instance, in assessing impact, different aspects like financial or reputational impacts are grouped and weighted to calculate an overall score.
How can control effectiveness be measured in risk assessments?
-Control effectiveness can be measured by assessing either the overall control environment or each control in the context of specific risks. It is rated on a five-point scale from totally ineffective to fully effective, requiring manual input from the assessor.
What is the difference between qualitative and quantitative risk assessments?
-Qualitative risk assessments rely on subjective ratings, such as the likelihood of a risk occurring, based on expert judgment. Quantitative assessments are numbers-based, involving measurable data such as financial losses associated with a risk.
What benefits does the Advanced Risk Assessment in ServiceNow offer organizations?
-The Advanced Risk Assessment in ServiceNow standardizes the risk assessment process, automates workflows (like email notifications and approvals), supports multiple methodologies, enables both qualitative and quantitative assessments, and aggregates risk data across the organization for better visibility and reporting.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
How to Make a Risk Assessment Matrix in Excel
5 Steps To Risk Assessment
Lesson 2:Six steps of disaster risk assessment
Auditing 101 | Part 2: Risk Assessment, Assertions, and Materiality | Maxwell CPA Review
Manajemen Risiko pada Sistem Informasi (Review Singkat)
Portfolio & Single Stock VAR and CVAR in R
5.0 / 5 (0 votes)
