Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Governance, Risk, and Compliance
Table of Contents
Choose your release version
    Home Orlando Governance, Risk, and Compliance Governance, Risk, and Compliance Risk Management Understanding Risk Management Advanced Risk Assessment Configure residual assessment

    Configure residual assessment

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Configure residual assessment

    Configure and publish residual assessment to assess the residual risks in an organization.

    Before you begin

    Role required: sn_risk.admin.

    Procedure

    1. Navigate to the Risk Assessment Methodology (RAM) form that you created that has residual risk as an assessment type.
    2. Under Assessment Types, click Residual Assessment.
    3. On the form, fill in the fields.
      Table 1. Residual Assessment form
      Field Description
      Risk assessment methodology Auto-populated field based on the RAM you have created.
      Calculate based on Options for calculating the assessment score. Choices are:
      • Inherent risk and control effectiveness: Select this option to make the assessment qualitative because the comparison between inherent and control effectiveness is always qualitative.
      • Factor responses: Respond to a factor manually. Select this option if the residual factors calculation must be based on the factor responses.
      Assessment contribution Type of factor contribution. Choices are:
      • Quantitative
      • Qualitative
      • Both
      Note: If Inherent risk and control effectiveness is selected in the Calculate based on field, then the default value in the field is Qualitative and cannot be modified.
      Factors same as inherent Option to automatically copy the assessment contribution, qualitative scoring logic, factors, and qualitative rating criteria from the inherent assessment.
      Note: This option appears only if the Calculate based on field has Factor responses.
      Enable heatmap Option to enable viewing the heatmap report on the Advanced Risk dashboard.
      Note: This option can only be selected if there are at least two factors added to the assessment type.
      Qualitative score
      Qualitative scoring logic Scoring logic to be used. The options for this field change based on the option selected in the Calculate based on field. When the Calculate based on field has Inherent risk and control effectiveness, the choices are:
      • Lookup matrix between inherent assessment and control effectiveness. This option generates a matrix between inherent assessment and control effectiveness assessment and performs a Cartesian product to generate scores. You can view the matrix in the Matrix related list. For example, if the inherent risk is high and the control effectiveness is low, the risk administrator can classify the residual risk value to be high.
      • Inherent score-control effectiveness score. This option provides the difference between the inherent score and the control effectiveness score.
      • Inherent score/control effectiveness score. This option provides the value that is derived by dividing the inherent score by the control effectiveness score.
      When the Calculate based on field has Factor responses, the choices are:
      • Sum: Sum of the factor responses.
      • Minimum: Minimum value of the factor responses.
      • Maximum: Maximum value of the factor responses.
      • Average: Average value of the factor responses.
      • Product: Value derived by multiplying the factor responses.
      • Weighted average: Average value of the weighting of factors. This value is then classified as low, medium, and high
      • Script: User-defined formula to calculate the score. This option is only available to users with the sn_grc.developer role.
      Quantitative score
      This section appears only when Quantitative is selected from Factor contribution.
      Quantitative scoring logic Scoring logic to be used. Choices are:
      • Sum: Sum of the factor responses.
      • Minimum: Minimum value of the factor responses.
      • Maximum: Maximum value of the factor responses.
      • Average: Average value of the factor responses.
      • Product: Value derived by multiplying the factor responses.
      • Script: User-defined formula to calculate the score. This option is only available to users with the sn_grc.developer role.
      Assessments Results Mapping
      This section appears if the control assessment is being done on an Object.
      Residual risk rating Any column from the selected table in the Table field. The residual risk rating result, after the assessment, is copied to the column selected in this field. This field appears if the assessment contribution is Qualitative or Both.
      Residual ALE Any column from the selected table in the Table field. The residual risk rating result, after the assessment, is copied to the column selected in this field. This field appears if the assessment contribution is Quantitative or Both.
      Heatmap Configuration
      This section appears when the Enable heatmap option is selected.
      Factors for X-axis Factor that appears on the X-axis of the heatmap.
      Factors for Y-axis Factor that appears on the Y-axis of the heatmap.
    4. To add factors to the residual assessment, click the Factors related list.
      The Factors related list appears when the Calculate based on field has Factor responses.
    5. Click Edit, add the necessary factors, and click Save.
    6. Click the Matrix related list and enter the score, risk rating, risk color style, and overridden score in the respective columns.
      The Matrix related list only appears when the Calculate based on field has Inherent risk and control effectiveness and the Qualitative scoring logic field has Lookup matrix between inherent assessment and control effectiveness.
    7. Click the Qualitative Rating Criteria related list and click New, and on the form, fill in the fields.
      Table 2. Qualitative Rating Criteria form
      Field Description
      Lower rating interval Range for qualitative risk ratings. For example, for a range of 0–10, the user can enter 0 as the lower range and for a range of 11– 20, the value can be 11 as the lower range.
      Risk rating Severity of the risk. Users can enter ratings such as high, medium, or low. For example, user enters risk rating as Low for lower rating interval of 0 and Medium for lower rating interval of 11. If the risk score is 15, which lies in the range of 11–20, the rating criterion is Medium.
      Overridden score Score that the risk assessor can use to override the computed score.
      Risk color style Color code style for the background color for risk rating value and the text color on the risk assessment instance. For example, for a high risk, users can select the Red color style with the background color as red and the text as black.
      Do not enter negative values in the Qualitative rating criteria form.
    8. Click the Heatmap Colors related list.
      This related list appears when:
      • The Enable heatmap option is selected.
      • The Calculate based on field has Factor responses
      • The residual assessment is based on matrix between inherent assessment and control effectiveness
    9. In the Risk color style column, select the background color and text color combination.
    10. Click Submit.
    11. Click Publish.
      The assessment type is published.
    Related tasks
    • Create a manual factor
    • Create a group factor
    • Create an automated factor
    • Create a scripted automated factor
    • Configure a risk assessment methodology
    • Copy a risk assessment methodology
    • Retire a risk assessment methodology
    • Configure an inherent assessment
    • Configure a control effectiveness assessment
    • Create risk color styles
    • Configure risk heatmaps
    • Create a risk assessment scope and initiate assessments
    Related concepts
    • Workflow of Advanced Risk Assessment
    • Factors in Advanced Risk Assessment
    • Types of risk rating methodologies
    • Understanding the risk assessment instance
    • Manage risk assessment scheduler
    • Integration of advanced risk assessments with risks and controls
    • Advanced risk assessment dashboard
    • Risk score rollup in advanced risk assessment

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Configure residual assessment

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Configure residual assessment

      Configure and publish residual assessment to assess the residual risks in an organization.

      Before you begin

      Role required: sn_risk.admin.

      Procedure

      1. Navigate to the Risk Assessment Methodology (RAM) form that you created that has residual risk as an assessment type.
      2. Under Assessment Types, click Residual Assessment.
      3. On the form, fill in the fields.
        Table 1. Residual Assessment form
        Field Description
        Risk assessment methodology Auto-populated field based on the RAM you have created.
        Calculate based on Options for calculating the assessment score. Choices are:
        • Inherent risk and control effectiveness: Select this option to make the assessment qualitative because the comparison between inherent and control effectiveness is always qualitative.
        • Factor responses: Respond to a factor manually. Select this option if the residual factors calculation must be based on the factor responses.
        Assessment contribution Type of factor contribution. Choices are:
        • Quantitative
        • Qualitative
        • Both
        Note: If Inherent risk and control effectiveness is selected in the Calculate based on field, then the default value in the field is Qualitative and cannot be modified.
        Factors same as inherent Option to automatically copy the assessment contribution, qualitative scoring logic, factors, and qualitative rating criteria from the inherent assessment.
        Note: This option appears only if the Calculate based on field has Factor responses.
        Enable heatmap Option to enable viewing the heatmap report on the Advanced Risk dashboard.
        Note: This option can only be selected if there are at least two factors added to the assessment type.
        Qualitative score
        Qualitative scoring logic Scoring logic to be used. The options for this field change based on the option selected in the Calculate based on field. When the Calculate based on field has Inherent risk and control effectiveness, the choices are:
        • Lookup matrix between inherent assessment and control effectiveness. This option generates a matrix between inherent assessment and control effectiveness assessment and performs a Cartesian product to generate scores. You can view the matrix in the Matrix related list. For example, if the inherent risk is high and the control effectiveness is low, the risk administrator can classify the residual risk value to be high.
        • Inherent score-control effectiveness score. This option provides the difference between the inherent score and the control effectiveness score.
        • Inherent score/control effectiveness score. This option provides the value that is derived by dividing the inherent score by the control effectiveness score.
        When the Calculate based on field has Factor responses, the choices are:
        • Sum: Sum of the factor responses.
        • Minimum: Minimum value of the factor responses.
        • Maximum: Maximum value of the factor responses.
        • Average: Average value of the factor responses.
        • Product: Value derived by multiplying the factor responses.
        • Weighted average: Average value of the weighting of factors. This value is then classified as low, medium, and high
        • Script: User-defined formula to calculate the score. This option is only available to users with the sn_grc.developer role.
        Quantitative score
        This section appears only when Quantitative is selected from Factor contribution.
        Quantitative scoring logic Scoring logic to be used. Choices are:
        • Sum: Sum of the factor responses.
        • Minimum: Minimum value of the factor responses.
        • Maximum: Maximum value of the factor responses.
        • Average: Average value of the factor responses.
        • Product: Value derived by multiplying the factor responses.
        • Script: User-defined formula to calculate the score. This option is only available to users with the sn_grc.developer role.
        Assessments Results Mapping
        This section appears if the control assessment is being done on an Object.
        Residual risk rating Any column from the selected table in the Table field. The residual risk rating result, after the assessment, is copied to the column selected in this field. This field appears if the assessment contribution is Qualitative or Both.
        Residual ALE Any column from the selected table in the Table field. The residual risk rating result, after the assessment, is copied to the column selected in this field. This field appears if the assessment contribution is Quantitative or Both.
        Heatmap Configuration
        This section appears when the Enable heatmap option is selected.
        Factors for X-axis Factor that appears on the X-axis of the heatmap.
        Factors for Y-axis Factor that appears on the Y-axis of the heatmap.
      4. To add factors to the residual assessment, click the Factors related list.
        The Factors related list appears when the Calculate based on field has Factor responses.
      5. Click Edit, add the necessary factors, and click Save.
      6. Click the Matrix related list and enter the score, risk rating, risk color style, and overridden score in the respective columns.
        The Matrix related list only appears when the Calculate based on field has Inherent risk and control effectiveness and the Qualitative scoring logic field has Lookup matrix between inherent assessment and control effectiveness.
      7. Click the Qualitative Rating Criteria related list and click New, and on the form, fill in the fields.
        Table 2. Qualitative Rating Criteria form
        Field Description
        Lower rating interval Range for qualitative risk ratings. For example, for a range of 0–10, the user can enter 0 as the lower range and for a range of 11– 20, the value can be 11 as the lower range.
        Risk rating Severity of the risk. Users can enter ratings such as high, medium, or low. For example, user enters risk rating as Low for lower rating interval of 0 and Medium for lower rating interval of 11. If the risk score is 15, which lies in the range of 11–20, the rating criterion is Medium.
        Overridden score Score that the risk assessor can use to override the computed score.
        Risk color style Color code style for the background color for risk rating value and the text color on the risk assessment instance. For example, for a high risk, users can select the Red color style with the background color as red and the text as black.
        Do not enter negative values in the Qualitative rating criteria form.
      8. Click the Heatmap Colors related list.
        This related list appears when:
        • The Enable heatmap option is selected.
        • The Calculate based on field has Factor responses
        • The residual assessment is based on matrix between inherent assessment and control effectiveness
      9. In the Risk color style column, select the background color and text color combination.
      10. Click Submit.
      11. Click Publish.
        The assessment type is published.
      Related tasks
      • Create a manual factor
      • Create a group factor
      • Create an automated factor
      • Create a scripted automated factor
      • Configure a risk assessment methodology
      • Copy a risk assessment methodology
      • Retire a risk assessment methodology
      • Configure an inherent assessment
      • Configure a control effectiveness assessment
      • Create risk color styles
      • Configure risk heatmaps
      • Create a risk assessment scope and initiate assessments
      Related concepts
      • Workflow of Advanced Risk Assessment
      • Factors in Advanced Risk Assessment
      • Types of risk rating methodologies
      • Understanding the risk assessment instance
      • Manage risk assessment scheduler
      • Integration of advanced risk assessments with risks and controls
      • Advanced risk assessment dashboard
      • Risk score rollup in advanced risk assessment

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login