Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Home Kingston Governance, Risk, and Compliance Governance, Risk, and Compliance (GRC) Risk Management Understanding Risk Management Manage policy exceptions Assess the risk for the policy exception
  • Versions
  • Products

Contents

Assess the risk for the policy exception

Log in to subscribe to topics and get notified when content changes.

SAVE AS PDF

Assess the risk for the policy exception

After the review of a policy exception request and before deciding to approve or reject a request, the compliance manager may choose to request a risk assessment by the risk manager.

Before you begin

Role required: compliance manager

Procedure

  1. Navigate to Policy and Compliance > My Policy Exceptions.
  2. Select the policy exception.
  3. Review the form details, as necessary.
  4. Click the Business Impact Analysis tab and update the following fields:
    Table 1. Policy exception request Business Impact Analysis tab
    Field Value
    Risk description Enter a description of the risk.
    Residual likelihood Update this value.
    Residual impact Update this value.
    Residual score Displays the score.
  5. Perform one of the following actions:
    OptionAction
    To view or add impacted controls to the policy exception
    1. Click the Impacted Controls tab.
    2. Click Add or Add All.
    3. Choose the controls to associate to the policy exception.
    To view mitigating controls on the policy exception
    • Click the Mitigating Controls tab.
    To view or add risks to the policy exception
    • Click the Risks tab.
    Note: This option is available when Governance, Risk, and Compliance is also activated.
    To view or add approvers to the policy exception
    • Click the Approvers tab
  6. Click Update.
Send Feedback
Feedback