Contents Governance, Risk, and Compliance (GRC) Previous Topic Next Topic Entity scoping in GRC Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Entity scoping in GRC Entity scoping is permitted in each of the core GRC applications. Scoping provides a way to allocate risks and controls at different levels. Dependencies are created using the dependency map in the GRC Workbench. What is entity scoping? Note: Starting with New York, the term profile was replaced with the term entity. See GRC application nomenclature updates and industry terminology for more information about all updated GRC application terms. Organizations have various control owners maintaining individual files and spreadsheets for tracking the compliance of different systems, projects, organizations, etc. In this environment, risk managers cannot prevent or even be aware of the duplicate risks and controls created on shared entities. The entire purpose of entity scoping is to provide a top-down approach for maintaining your risk universe, which is the hierarchical library of both risks and controls. Mature organizations with a healthy risk posture find that most risks are standard and recurring. Entity scoping helps you catalog and visualize upstream and downstream risks and controls based on the roll up of the related entities. Figure 1. From an organic approach to a structured system Create or edit Entity Types and map them using the Entity Filter to existing ServiceNow® tables. Map these entity types to external regulations and internal policies using control objectives and risk statements. Generate risk and control instances on related entities. Maintain your risk appetite and scoring results by the aggregated calculation for entities; all combos for risk scores on risk roll up. Figure 2. Scoping process Generate risks and controls from entity typesCreate and edit entity types and map them to existing ServiceNow® tables for which you must track compliance (applications, departments, regions, processes, systems, etc.). Entities are assigned to control objectives and risk statements, which generate controls and risks for every entity type. Create independent entitiesEntities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.Relate entities to each otherCreate relationships between entities to understand how controls and risks affect each other and how they affect the enterprise.Related conceptsGovernance, Risk, and Compliance and the ServiceNow StoreMobile experience for Governance, Risk, and ComplianceDomain separation in GRCBasel dashboardRelated referenceGRC application nomenclature updates and industry terminologyGRC content packsGRC integrationsGRC use case accelerators On this page Send Feedback Previous Topic Next Topic
Entity scoping in GRC Entity scoping is permitted in each of the core GRC applications. Scoping provides a way to allocate risks and controls at different levels. Dependencies are created using the dependency map in the GRC Workbench. What is entity scoping? Note: Starting with New York, the term profile was replaced with the term entity. See GRC application nomenclature updates and industry terminology for more information about all updated GRC application terms. Organizations have various control owners maintaining individual files and spreadsheets for tracking the compliance of different systems, projects, organizations, etc. In this environment, risk managers cannot prevent or even be aware of the duplicate risks and controls created on shared entities. The entire purpose of entity scoping is to provide a top-down approach for maintaining your risk universe, which is the hierarchical library of both risks and controls. Mature organizations with a healthy risk posture find that most risks are standard and recurring. Entity scoping helps you catalog and visualize upstream and downstream risks and controls based on the roll up of the related entities. Figure 1. From an organic approach to a structured system Create or edit Entity Types and map them using the Entity Filter to existing ServiceNow® tables. Map these entity types to external regulations and internal policies using control objectives and risk statements. Generate risk and control instances on related entities. Maintain your risk appetite and scoring results by the aggregated calculation for entities; all combos for risk scores on risk roll up. Figure 2. Scoping process Generate risks and controls from entity typesCreate and edit entity types and map them to existing ServiceNow® tables for which you must track compliance (applications, departments, regions, processes, systems, etc.). Entities are assigned to control objectives and risk statements, which generate controls and risks for every entity type. Create independent entitiesEntities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.Relate entities to each otherCreate relationships between entities to understand how controls and risks affect each other and how they affect the enterprise.Related conceptsGovernance, Risk, and Compliance and the ServiceNow StoreMobile experience for Governance, Risk, and ComplianceDomain separation in GRCBasel dashboardRelated referenceGRC application nomenclature updates and industry terminologyGRC content packsGRC integrationsGRC use case accelerators
Entity scoping in GRC Entity scoping is permitted in each of the core GRC applications. Scoping provides a way to allocate risks and controls at different levels. Dependencies are created using the dependency map in the GRC Workbench. What is entity scoping? Note: Starting with New York, the term profile was replaced with the term entity. See GRC application nomenclature updates and industry terminology for more information about all updated GRC application terms. Organizations have various control owners maintaining individual files and spreadsheets for tracking the compliance of different systems, projects, organizations, etc. In this environment, risk managers cannot prevent or even be aware of the duplicate risks and controls created on shared entities. The entire purpose of entity scoping is to provide a top-down approach for maintaining your risk universe, which is the hierarchical library of both risks and controls. Mature organizations with a healthy risk posture find that most risks are standard and recurring. Entity scoping helps you catalog and visualize upstream and downstream risks and controls based on the roll up of the related entities. Figure 1. From an organic approach to a structured system Create or edit Entity Types and map them using the Entity Filter to existing ServiceNow® tables. Map these entity types to external regulations and internal policies using control objectives and risk statements. Generate risk and control instances on related entities. Maintain your risk appetite and scoring results by the aggregated calculation for entities; all combos for risk scores on risk roll up. Figure 2. Scoping process Generate risks and controls from entity typesCreate and edit entity types and map them to existing ServiceNow® tables for which you must track compliance (applications, departments, regions, processes, systems, etc.). Entities are assigned to control objectives and risk statements, which generate controls and risks for every entity type. Create independent entitiesEntities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.Relate entities to each otherCreate relationships between entities to understand how controls and risks affect each other and how they affect the enterprise.Related conceptsGovernance, Risk, and Compliance and the ServiceNow StoreMobile experience for Governance, Risk, and ComplianceDomain separation in GRCBasel dashboardRelated referenceGRC application nomenclature updates and industry terminologyGRC content packsGRC integrationsGRC use case accelerators
