Home Paris Governance, Risk, and Compliance Governance, Risk, and Compliance Risk Management Understanding Risk Management Manage risk events

Manage risk events

Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization.

To effectively manage risks, it's essential to monitor risk events, relate them to existing risks, perform a root-cause analysis, and track the remedial tasks. Organizations use risk events to understand their losses and manage their risks more efficiently. Risk events do not only lead to losses. At times, risk events also result in gains for an organization. For example, in the banking industry, if there’s an error in a trading algorithm, it might result in a gain for an organization.

You can create a risk event using either the Service Portal or your ServiceNow® instance. Risk events provide:

concrete data that enables you to better quantify and validate existing risks
visibility into new risks because risk events often recur

You can view the risk events dashboards by navigating to Risk Events > Overview.

Risk events life cycle

Illustration of the risk events workflow — Figure 1. Risk events workflow

Creating a risk event: This is the state when a new event is reported and the event is pending validation by a user with the sn_risk.manager role.
Analyzing the risk event: The event state when a user with the sn_risk.manager role provides analysis. At this stage, a user with the sn_risk.manager role adds all the important information such as the event’s loss entries, approvers, the root cause of the event, and the preventive and remedial action for the event. In this state, additional information can be requested from the event creator.
Awaiting approval for the risk event: After all the data is entered and validated, a user with the sn_risk.manager role requests that the event is approved. Each event might go through several rounds of approval.
Approving, rejecting, or canceling a risk event: After the event is approved, a user with the sn_risk.manager role ensures that the issue is closed and the root-cause analysis (RCA) is complete before the event is closed. At this stage, the approver can also choose to reject or cancel the event with adequate reasons.
Closing a risk event: After a user with the sn_risk.manager role is certain that the event has been captured and the RCA has been completed, the event coordinator can close the risk event. If a risk event has open issues and tasks, the risk event cannot be closed until the associated issues and tasks are closed.

Risk event properties

The risk event properties enable you to use the risk events feature according to your requirements

The following table describes the properties available with risk events. Navigate to Risk Events > Administration > Properties

Table 1. Risk event properties table
Property	Description
Show Basel attributes and reports. sn_risk_advanced.show_basel_attr_reports	Set this property to true if you want to enable the Basel categorization of risk events. This property is useful for customers in the banking domain. Type: True or false Default value false
No. of days for Rapid Recovery Classification sn_risk_advanced.no_of_days_for_rapid_recovery_classification	Customize the number of days that users can set as their rapid recovery threshold. Type: Integer or false Default value 5
Show ORX External events sn_risk_advanced.show_orx_events	Users can choose to see the ORX External Events. ORX provides a platform for the secure exchange of high-quality operational risk loss data from around the world. This property is useful for customers in the banking domain. Customers import the ORX information as shared by the ORX organization. This information can be related to risk statement or control objectives. This information can be modified by users. Type: True or false Default value false
Make risk event to risk relationship mandatory sn_risk_advanced.make_riskevent_to_risk_relation_mandatory	Set this property to true if you want to ensure that each risk event has corresponding risks. Type: True or false Default value false

Report risk events from the Service Portal

When you identify any event that might have a financial or non financial impact on your organization, report it from the ServiceNow, Inc. Service Portal. You can also report any event that has already occurred with a financial or non financial impact.

Before you begin

Role required: ServiceNow user

About this task

You can log your risk event under any of the following event types:

Risk event with financial impact
Risk event with non-financial impact

Procedure

In the Service Portal, click Catalog > Browse by Categories.
Click Governance Risk and Compliance and then click Report Risk Event.

On the form, fill in the following fields:

Table 2. Report risk event
Field	Description
Title	Enter the title of the risk event reported.
Description	Enter the description of the risk event reported.
Show my entities only	When selected, only the entities owned by you are displayed. This value is taken from the Owner field on the Entity form. By default, this check box is selected.
Entity where the event occurred	Select the entity that will absorb or report the loss. Select only one entity from the list.
Other entities affected	Select other related entities that are affected by the event. Note: You can select more than one entity.
Event type	Select one of the following: Financial Impact- This indicates that the event has an associated financial loss. Enter the amount in your local currency. Non-financial Impact- This indicates that while the event does not have any financial loss, it does have a non-financial impact on the organization. For example, a non-financial impact can be negative market news or a decline in employee morale.
Currency	Select the currency for the loss. This field appears only when the event type is Financial.
Date of discovery	Select the date when the risk event was discovered.
How was the event discovered	Select how the event was discovered. For example, if the risk event was reported by a customer, select Customer Feedback/Complaint.
Root cause	Enter your analysis for the cause of the event. For example, if a fire occurs in a server room, the root cause may be an increase in temperature or an electrical short circuit.
Action taken	Enter what was done to reduce the impact of this risk event. For example, if the fire in the server room was caused by an electrical short circuit, then the action taken is a replacement of the defective equipment.

Click Submit.
To view all the risk events you have reported, navigate to GRC > My Risk Events.

Result

The risk event is created in the system and is ready to be analyzed by the risk manager. When an action is taken on the event, you will receive notifications on the status. You can respond to queries or track the status of the event during its life cycle.

Report a risk event from an incident

If risk event integration is configured,users can report risk events from any upstream application such as IT Incidents. This ability to quickly report risk events saves the time of users and prevents losses for organizations.

Before you begin

Role required: sn_risk.user

Procedure

Navigate to Incident > All.
Open the incident for which you want to report a risk event.

On the form, fill in the fields.

Table 3. Report Risk Event form
Field	Description
Name	Name of the incident.
Date of discovery	The date the incident was created.
Entity	The entity to which the incident belongs.
Event type	Type of event. The choices are: Financial impact Non financial impact
Currency	Currency in which the amount of loss is being reported. This field appears if Financial impact is selected from Event type.
Expected Loss	Expected amount of monetary loss. This field appears if Financial impact is selected from Event type
Non Financial Impact	Impact of the incident. The choices are: Low Medium High
Description	Brief description of the incident.

Click Submit.
The risk event is created.

Create a risk event task

A risk event might require associated tasks. Unless these tasks are created and eventually closed, the risk event cannot be closed.

Before you begin

Role required: admin

Procedure

Navigate to Risk Events > All Events.
Select the record for which a task must be created.
Click the Tasks related list and then click New.

On the form, fill the fields.

Table 4. Risk event task form
Field	Description
Assigned to	Person that the task is assigned to.
Priority	Level of importance given to a task, which indicates how readily a task or assignment can be delayed.
Short description	Brief description of the task.
Description	Detailed description of the task.
Work notes	Any relevant information for your reference.
Additional comments	Any additional information that might be necessary.

Click Submit.

What to do next

Create or review issues: Review the associated issues of a risk event or create a new issue during approval. For more information, see Manually create GRC issues.

Analyze risk events

Analyze user-submitted risk events to determine if the life cycle of the risk event needs further processing.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > All Events and open the risk event that you want to analyze. Alternatively, you can also navigate to Risk Events > New Events.

During analysis, you can either reject the event if the risk event doesn't appear to be an actual risk event, or request more information if the information is insufficient.

On the form, review the fields and edit them as necessary.

Table 5. Risk event form
Field	Description
Name	Name of the risk event. Edit the name of the risk, if necessary, to provide a more intuitive name.
Discovered by	The person who discovered the risk event. Edit the Discovered by field, if necessary.
Event type	Type of event. You can edit the event type, if necessary. For example, if during analysis you observe that the event type isn't a financial impact, you can edit the entry.
Sub type	Event sub type. You can edit the sub type, if necessary. For example, if during analysis you observe that the event type isn't an actual event but a potential event, you can edit the entry.
Category	Event category. You can edit the category to apply one of the following options: Personal: For example, any physical harm caused to an employee. Legal: For example, an employee is found conducting business that is a conflict of interest. Information Security: For example, a theft, burglary, or system crash. Human Resources: For example, sensitive lawsuits by an employee against another employee.
Primary entity	Entity that bears the loss. This entity is visible to management for reporting.
Owning group	Group responsible for monitoring the event to closure.
Owner	The person who owns the risk event. A risk manager can be an event owner. If the owning group is specified, the owners are filtered from the owning group.
Approvers	The person who approves the risk event. Any user with the sn_risk.user role can approve the risk event.
Cost center	Corresponding account number of the entity.
Description	Detailed description of the event in this field.

Click the Dates related list and fill in the fields on the form, as appropriate.

Table 6. Dates related list
Field	Description
Date of occurrence	Exact day, month, and year when the event occurred. For example, a mortgage was lent against a property that didn't comply with the building regulations on August 12, 2019.
Date of discovery	Date that the event was first discovered or noticed. For example, the mortgage was discovered on August 24, 2019.
Date of first recognition	Date that the event was first recognized and entered in the book of accounts. For example, the loss entries were entered in the firm’s book of accounts on August 26, 2019.

Click the Loss/Gain Estimates related list and fill in the fields on the form, as appropriate.

Table 7. Loss/Gain related list
Field	Description
Expected loss	Amount of loss expected. Expected loss is the probability weighted average of all possible losses. This amount is based on the user’s judgment of the expected amount that the organization might lose.
Potential loss	Amount expected to be a potential loss due to the risk event. This amount is the maximum loss an entity can incur due to the loss from the risk event.

Click the Event Analysis related list and fill in the fields on the form, as appropriate.

Table 8. Event Analysis related list
Field	Description
Cause	Primary reason why the risk event occurred.
Cause description	Brief description about why the risk event occurred.
Consequence	Consequence of the risk event. For example: Regulatory fines can be imposed as a result of the risk event.
Actions taken	The remedial actions that were taken to address the issue. This is the initial record of the event.

Click the Credit/Market Risk related list and fill in the fields on the form, as appropriate.

Table 9. Credit/Market Risk related list
Field	Description
Boundary event	Option for a boundary event. A boundary event is an operational risk event which leads to a consequence, such as a financial loss in another risk category.
External risk type	Credit: Credit risk is the possibility of a loss resulting from a borrower's failure to repay a loan or meet contractual obligations. For example, when lenders offer credit cards, or loans, there's a risk that the borrower might not repay the loan. Market: Market risk is the possibility of an investor incurring losses due to factors that affect the performance of the financial markets in which the investor is involved. For example, a recession might impact the entire market.
Risk reference	ID for reconciliation in the book of accounts. Specify the IDs for reconciliation purposes. The credit and market risk systems are different.

Click the Additional Classifications related list and fill in the fields on the form, as appropriate.

Table 10. Additional Classifications related list
Field	Description
Used in modeling	Option to share these risk event records with external systems where they want to perform advanced analysis using simulation techniques such as Monte Carlo simulation.
Full rapid recovery	Total loss recovered. Select if the total loss is recovered within a short duration and doesn't impact the organization. Generally, a short duration refers to five working days, but this value can be configured according to your requirements.
Gain event	The Gain event check box is a read-only field and is selected automatically if the risk event meets one of the following conditions. Risk event is a potential event and the Expected loss field or the Potential loss field has a negative value because of the gain. Risk event is an actual event and the Net loss field has a negative value.
Near miss	This check box can be both read only as well as editable based on the event type. If the event sub type is Actual, and the Full rapid recovery check box is selected, the Near miss check box is a read only field and is automatically selected.
Reason for near miss	Enter the reason which prevented the risk event from incurring the loss. If the event type is Potential, select the Near miss check box and in the Reason for near miss field, enter the reason why the event was a near miss

Click the Summary related list and edit the priority from the Non financial impact list, if required. The other field values on the form are automatically set:
- Direct amount: The aggregated sum of all direct losses.
- Additional cost: The aggregated sum of all additional costs.
- Gross loss: Sum of all direct losses, indirect amounts, and additional costs.
- Net loss: The net amount of the loss.
- Indirect amount: The aggregated sum of all indirect losses.
- Rapid recovery amount: The aggregated sum of the amount that was recovered rapidly.
- Recovered amount: The amount to be recovered for the risk event.
The values in the Summary related list fields are calculated in the Event Impacts related list. For example, say that a firm has a fire outbreak. This event can result in multiple direct and indirect impacts such as loss of information and business.

If you enter the value of a direct impact as $2000, then the Direct amount field reflects the same value. If you enter two indirect amounts, each with a value of $300 and $500 respectively, then the Indirect amount field reflects a value of $800.

If an external agency is hired to address the root cause of the fire outbreak, the cost incurred reflects an additional cost.

If the firm was able to recover a part of the cost of the event in five working days, then the Rapid recovery amount field reflects the same amount.

The Gross loss field reflects the total loss incurred by the event.

The currency conversion rates impact the values displayed in the Summary related list. For example, if you enter a value of 300 Japanese Yen as the recovery amount, you see the amount in the concurrent USD value of 2756 in the Summary related list. This conversion occurs because the currency conversion rates are applied from the Exchange Rate table. For more information on how the values in the exchange rate table are calculated, see Use your own currency-conversion rates.
To request more information about the risk event, click the Activity related list.
Enter comments in the Additional comments field, then click Request More Information. Alternatively, you can directly click Request More Information on the top and enter you comments and click OK.

A substate of the event changes to Clarification Requested and the risk event creator receives a notification. The substate changes to Clarification Provided once the event creator responds to the query.
To add any work notes for your reference, enter work notes in the Additional comments field in the Activity related list, select the Work notes check box, and click Post.

Work notes are not visible to the risk event creator.
Once the event creator responds to the questions, you can either reject a risk event or add and delete other relevant details.
- Event Impacts
- Impacted Entities
- Risks
- Controls
- Tasks
- Issues
- Associated Risk Events
- Approvers
Click Request Approval.

Create a risk event entry

A risk event entry determines the monetary or non-monetary impact of the risk event.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > All Events and select the event to be analyzed.
Click the Risk Event Entries related list.
Click New.

On the form, fill in the fields.

Table 11. Event Entry form
Field	Description
Number	Number for the event entry. This field value is automatically set.
Risk event	Title of the risk event. This field value is automatically set.
Date of impact	Date that the impact was recorded. Note: The date of discovery and the date of first recognition can be different. This date cannot be a future date.
Amount	Amount that the impact costs. The amount entered is reflected in the Summary related list.
Rapid recovery	Loss amount for this entry if it's recovered in a short time, which is generally five working days.
Impact type	Type of financial impact for the event. Select from the following types: Direct/Indirect Impact: Direct or indirect financial impact of the event on the entity. Recovery: Amount recovered from the total financial impact. Additional Cost: The additional cost incurred due to the impact. Non-Financial Impact: The event has no financial impact.
Category	Direct or Indirect. For example, if the impact is direct, is it external?
Sub category	Sub category of the event impact. Select one of the following categories: External Cost: The cost that's incurred for external agencies. For example, if a loss is incurred due to erroneous accounting and an external auditor was hired to assess the event, the cost incurred in employing the auditor is an external cost. General Ledger: The book of accounts in which this event is entered. Booked Provision: Refers to the amount that you set aside in your accounts to cover a future event. For example, if a firm sets aside an amount to cover a risk event that might occur in the future. Revenue Reversal/Timing Losses: When you reverse revenue, a reverse entry is created that backs out the original entry. Don't enter any new accounting information into the system.
GL account reference	Account number in which this entry is captured in the ERP system.
Short description	Brief description of the impact.

Click Submit.

What to do next

Create or edit a new risk: Creating or editing a new risk for an event is useful for future prediction of risks. The information obtained from the risks is useful for scoring and reporting. For more information, see Create a risk manually.
Link new control to risks: A control is used to prevent a risk from occurring. Linking the controls to risks lets users know which controls failed and why the risk event occurred. This information can be used for future predictions and reporting.
Note: Only those risks and controls that are tagged to the impacted entity can be related to this risk event.
For more information, see Create a control.

Create a risk event task

A risk event might require associated tasks. Unless these tasks are created and eventually closed, the risk event cannot be closed.

Before you begin

Role required: admin

Procedure

Navigate to Risk Events > All Events.
Select the record for which a task must be created.
Click the Tasks related list and then click New.

On the form, fill the fields.

Table 12. Risk event task form
Field	Description
Assigned to	Person that the task is assigned to.
Priority	Level of importance given to a task, which indicates how readily a task or assignment can be delayed.
Short description	Brief description of the task.
Description	Detailed description of the task.
Work notes	Any relevant information for your reference.
Additional comments	Any additional information that might be necessary.

Click Submit.

What to do next

Create or review issues: Review the associated issues of a risk event or create a new issue during approval. For more information, see Manually create GRC issues.

Approve a risk event

A user with the sn_risk.manager role must approve a valid risk event. If any risk approver rejects the event, the state of the risk event changes to rejected.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to My Approvals.
Click the record in the list with your name as the approver.
Click Approve.

Close a risk event

Close a risk event to complete the risk events life cycle. A user with the sn_risk.manager role must close the risk event after verifying that all associated open issues and remedial tasks are closed.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > Assigned to Me.
Open the record that you want to close and verify if all the associated tasks and issues are closed.
Click Close.

Add a risk event cause to the cause library

Add a risk event cause to the cause library. Creating a cause library helps in risk analysis, risk prediction, and risk prevention.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

A cause library is a centralized library of the possible causes that can lead to a risk event. When you have a library of causes, it is easier to identify future risks.

Procedure

Navigate to Risk Events > Administration > Causes.
Click New.

On the form, fill in the fields.

Table 13. Cause form
Field	Description
Name	Name of the cause. For example, Inadequate IT security.
Parent	Parent of the cause. Every cause is categorized into a group, and this field refers to that group. For example, for Inadequate IT security, the parent cause can be Process.
Description	Brief description of the cause.

Click Submit.

Result

The risk event cause is added to the library.

Add a risk event consequence to the consequence library

Add a risk event consequence to the consequence library. A consequence library helps you to identify the measures that can mitigate or prevent losses from risks events.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

A consequence library is a centralized library of the possible consequences that occur after a risk event. When you have a library of consequences, it is easier to identify future losses from risks.

Procedure

Navigate to Risk Events > Administration > Consequences.
Click New.

On the form, fill in the fields.

Table 14. Consequence form
Field	Description
Name	Consequence name. For example, Asset loss.
Parent	Parent of the consequence. Every consequence is categorized into a group, and this field refers to that group. For example, for Asset loss, the parent consequence can be Damage to Physical Assets.
Description	Brief description of the consequence.

Click Submit.

Result

The risk event consequence is added to the library.

Set up GRC Virtual Agent to report risk events

Set up the Governance, Risk, and Compliance Virtual Agent to report risk events from the Service Portal. A virtual agent chatbot helps to quickly report a risk event. Chatbots can fulfill a user request or assist the user in completing a task.

Before you begin

Activate the following plugins:

Glide Virtual agent (com.glide.cs.chatbot) with a valid license.
GRC Advanced Risk.

Role required: sn_risk.admin.

Procedure

Navigate to Service Portal > Service Portal Configuration.
Click Page Editor.
In the search field, type Index.
Click Service Portal index.
At the top of the page, click Edit Service Portal (index) page in Designer.
In the Filter Widget search field, type Virtual Agent Service Portal Widget.
Drag the widget to anywhere on the screen.

Result

You can see the chat icon ( Virtual agent chat icon.

) at the bottom-right of the screen.

Configure risk event integration

Configure risk event integration with other upstream ServiceNow applications. This integration enables all users in an organization to report and track the risk events.

Before you begin

Role required: sn_risk.admin

About this task

When you configure the risk event integration with another upstream application, then users of that application can directly report risk events from the application. For example, if you configure risk event integration in the ServiceNow® IT Service Management (ITSM application, all users of ITSM can report risk events from the ITSM application. By default, this configuration is provided for the IT Incidents application and the Security incidents application.

The two modes that enable the creation of a risk event are Simple and Advanced. The Simple mode enables you to define filter conditions on the application table so that users of the Incidents application can report a risk event. For example, you can define that a financial event with a high impact must be reported as a risk event. In contrast, the Advanced mode enables users with GRC developer role to write scripts.

Incident managers with the incident_manager role are able to see the Report Risk Event option in an incident, whereas Security Managers with the sn_si.manager role are able to see the Report Risk Event option in a security incident.

Procedure

Navigate to Risk Events > Administration > Integration Configuration.
Click New.

On the form, fill in the fields.

Table 15. Risk Event Integration Configuration form
Field	Description
Number	Configuration number. This field is automatically set.
Active	Option to enable the creation of a risk event from the application table.
Integration name	Short and unique title for the integration. For example, to report a risk event from an incident table, you can type `Incident-risk-event-integration`.
Application table	Application table that is used for reporting risk events. The table determines the upstream application that will be used for reporting risk events.
Source for name	How the name of risk events are set. The choices are as follows: Form field: Select this option if you want the value from a specific selected field to be used as the risk event name. Default value: Enter a custom value. The risk event is created with the name you enter here.
Source for description	How the description of risk events are set.
Source for entity	How the entity of risk events are set.
Source for date of discovery	How the date of discovery for risk events are set.
Name	Field in the application table that is used to set the name of risk events. This field appears only when Form field is selected from the Source of name field.
Default Name	Default name for risk events. This field appears only when Default value is selected from the Source of name field.
Description	Field in the application table from that is used to set the description of risk events. This field appears only when Form field is selected from the Source of description field.
Default description	Default description for risk events. This field appears only when the Default value is selected from the Source of description field.
Entity	Field from the application table that refers to a GRC entity or to a record in a GRC entity. This field appears only when Form field is selected from the Source of entity field.
Default Entity	Default entity for risk events. Default entities are created from the table in the Application table field. This field appears only when Default value is selected from the Source of entity field.
Date of discovery	Field in the application table that is used to set the date of discovery of risk events. This field is visible only when Form field is selected from the Source of date of discovery field.
Default date of discovery	Default date of discovery of risk events.
Default event type	Default event type of risk events. For example, if the event is financial or non-financial.
Event subtype	Subtype of the risk event. For example, if the event is actual or potential.
Source for Non-Financial impact	How the non-financial impact of risk events is set.
Non-Financial impact	Field in the application table that is used to set the non-financial impact of risk events. This field appears only when Form field is selected from the Source of non-financial field field.
Default non-financial impact	Default severity of risk events. The choices are Low, Medium, or High.
Source for expected loss	How the expected loss of risks events is set.
Expected loss	Field in the application table that is used to set the expected loss of risk events. This field appears only when Financial impact is selected from the Default event type is field and only when Form field is selected from the Source of expected loss field.
Default expected loss	Default monetary value of the loss. This field appears only when the Financial impact is selected from the Default event type field and only when Default value is selected from the Source of expected loss field.
Display UI Action Based On
Mode	Mode that is used to create the UI action. The choices are as follows: Simple: Mode to set simple filter conditions. For example, if the impact of an incident is High, the Report a Risk Event UI action must be created. Advanced: Mode to write a script to query tables, including the table from the Application table field.
Role condition	Roles that can report risk events from the upstream application.
Script	Field to write a custom script to query any table. Note: The option to write a script is only available to users who also have the sn_grc.developer role. This field appears when the Mode field has Advanced.

Click Submit.

Result

The application that is configured to report risk events displays the Create Risk Event button.

What to do next

Any other application table which uses the task table can configure this integration. For detailed steps, see Risk Event Ingestion setup KB0780985 in the HI knowledge base.

Risk event response template

The risk event response template automates the process of adding approvers, issues, and owners to a risk event. This automation is based on the conditions defined in the template.

The risk event response template provides these primary benefits:

Reduces the need for manually handling risk events. n.
Automatically defines the risk event life cycle and how users respond to that risk event.
Saves time with a predefined template.

The template facilitates the automatic assignment of risk events by enabling you to choose event types, entities, categories, and so on. For example, assume that a health and safety risk event occurred. If the template is defined, then you can use the template to automatically assign the event to the person responsible for health and safety.

You can define the threshold amount for risk event approvers. The threshold is defined based on the risk appetite of the organization. Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. For example, assume that your organization decides that if a risk event results in a loss of $1000 or less, then the event does not need an approver. Only risk events with a larger loss need approval. You can define this threshold of $1000 in the template.

You can define the template for any entity. The rules in the template are inherited from parent entities to child entities. By defining a template, you save the time and effort. You don't need to define the rules for each entity separately.

For detailed steps for configuring risk events, see Risk Event Ingestion Setup KB0780985 in the HI knowledge base.

Create a risk event response template

Create a risk event response template to automate the process of adding approvers, issues, and owners to a risk event.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

Procedure

Navigate to Risk Events > Administration > Response Templates.
Click New.

On the form, fill in the fields.

Table 16. Risk Event Response Templates form
Field	Description
Number	Template number. This field is automatically set.
Entity	Entity that the template is created for.
Category	Category of the risk event. The choices are as follows: Personal: For example, any physical harm caused to an employee. Legal: For example, an employee is found conducting business that is a conflict of interest. Information Security: For example, a theft, burglary, or system crash. Human Resources: For example, sensitive lawsuits by an employee against another employee. All: Any risk event that is reported.
Approval rule based on	Rule that is used for assigning the event. The choices are as follows: Gross Loss Net Loss Expected Loss The values in this field depend on the values in the Event type and Sub type fields. Consider the following examples: If the Event type field has Financial, and the Sub type field has Actual, then this field can be set to any value. If the Sub type field has Potential, then this field can be set to only Expected loss. If the Event type field has Non-Financial Impact, the approval rule is Non-financial.
Event type	Type of event and the impact the event has. The choices are as follows: Financial Impact: The event has an associated financial loss. Non-Financial Impact: Even though the event does not have any financial loss, it does have a non-financial impact on your organization. Examples of non-financial impact can be negative market news or a decline in employee morale.
Sub type	Sub division or category of an event The choices are as follows: Actual: When a loss takes place in actuality. Potential: When a loss exists in possibility, not in actuality.
Auto close event once approved	Option to select if the event must be closed after approval. Note: If the risk event has open issues or tasks, then the risk event is not closed until all the issues, tasks, and approvals are finished.

In the Risk Event Owner Assignment section, select the assignment type and the owner or owning group.
To automatically create an issue, select the Automatically create issue option in the Issue Creation and Assignment section.

Click the Root Cause Analysis Task section and fill in the form as appropriate.

Table 17. Risk Event Response Templates form
Field	Description
Automatically create RCA task	Task creation for root cause analysis (RCA). Automatically create an RCA task based on the amount entered in the Threshold for task creation field.
Assigned to	Person that the RCA task is assigned to.
Threshold for task creation	Option to specify the threshold amount after which an RCA task is created. For example, you can specify that if an event has a loss of over $1000, then an RCA task must be created.
Priority	Priority of the event. Choices are as follows: Critical High Moderate Low Minor

Click Submit.

Result

A new risk event response template is created.

Define a threshold limit for the risk event response template

Define a threshold limit for assigning risk event approvers. A threshold limit is defined to determine if a risk event needs an approver.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

Based on the risk loss amount, you can decide whether approvers are required for the risk events losses. For example, for any risk event that results in a loss of $1000 or less, an approver is not needed. But for any amount beyond $1000, the risk event must be evaluated and an approver is automatically assigned. There can be multiple levels of approvals depending on your defined thresholds.

Procedure

Navigate to Risk Events > Administration > Response Templates.
Select and open the risk event response template that you want to create a threshold for.
In the Financial Impact Approval Thresholds related list, click New.
The Financial Impact Approval Threshold form opens.
From the Threshold amount field, select the currency type and then enter the approval amount.
Select the Approver required check box.
From the Assignment type field, select either User or Group.
In the Approver field, select the approver who will approve risk events that exceed the threshold amount.
Click Submit.

Result

The response template is updated with the threshold limit and approver details.

Previous topic

Next topic

Release version

Manage risk events

Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization.

You can create a risk event using either the Service Portal or your ServiceNow® instance. Risk events provide:

concrete data that enables you to better quantify and validate existing risks
visibility into new risks because risk events often recur

You can view the risk events dashboards by navigating to Risk Events > Overview.

Risk events life cycle

Creating a risk event: This is the state when a new event is reported and the event is pending validation by a user with the sn_risk.manager role.
Analyzing the risk event: The event state when a user with the sn_risk.manager role provides analysis. At this stage, a user with the sn_risk.manager role adds all the important information such as the event’s loss entries, approvers, the root cause of the event, and the preventive and remedial action for the event. In this state, additional information can be requested from the event creator.
Awaiting approval for the risk event: After all the data is entered and validated, a user with the sn_risk.manager role requests that the event is approved. Each event might go through several rounds of approval.
Approving, rejecting, or canceling a risk event: After the event is approved, a user with the sn_risk.manager role ensures that the issue is closed and the root-cause analysis (RCA) is complete before the event is closed. At this stage, the approver can also choose to reject or cancel the event with adequate reasons.
Closing a risk event: After a user with the sn_risk.manager role is certain that the event has been captured and the RCA has been completed, the event coordinator can close the risk event. If a risk event has open issues and tasks, the risk event cannot be closed until the associated issues and tasks are closed.

Risk event properties

The risk event properties enable you to use the risk events feature according to your requirements

The following table describes the properties available with risk events. Navigate to Risk Events > Administration > Properties

Table 1. Risk event properties table
Property	Description
Show Basel attributes and reports. sn_risk_advanced.show_basel_attr_reports	Set this property to true if you want to enable the Basel categorization of risk events. This property is useful for customers in the banking domain. Type: True or false Default value false
No. of days for Rapid Recovery Classification sn_risk_advanced.no_of_days_for_rapid_recovery_classification	Customize the number of days that users can set as their rapid recovery threshold. Type: Integer or false Default value 5
Show ORX External events sn_risk_advanced.show_orx_events	Users can choose to see the ORX External Events. ORX provides a platform for the secure exchange of high-quality operational risk loss data from around the world. This property is useful for customers in the banking domain. Customers import the ORX information as shared by the ORX organization. This information can be related to risk statement or control objectives. This information can be modified by users. Type: True or false Default value false
Make risk event to risk relationship mandatory sn_risk_advanced.make_riskevent_to_risk_relation_mandatory	Set this property to true if you want to ensure that each risk event has corresponding risks. Type: True or false Default value false

Report risk events from the Service Portal

Before you begin

Role required: ServiceNow user

About this task

You can log your risk event under any of the following event types:

Risk event with financial impact
Risk event with non-financial impact

Procedure

In the Service Portal, click Catalog > Browse by Categories.
Click Governance Risk and Compliance and then click Report Risk Event.

On the form, fill in the following fields:

Table 2. Report risk event
Field	Description
Title	Enter the title of the risk event reported.
Description	Enter the description of the risk event reported.
Show my entities only	When selected, only the entities owned by you are displayed. This value is taken from the Owner field on the Entity form. By default, this check box is selected.
Entity where the event occurred	Select the entity that will absorb or report the loss. Select only one entity from the list.
Other entities affected	Select other related entities that are affected by the event. Note: You can select more than one entity.
Event type	Select one of the following: Financial Impact- This indicates that the event has an associated financial loss. Enter the amount in your local currency. Non-financial Impact- This indicates that while the event does not have any financial loss, it does have a non-financial impact on the organization. For example, a non-financial impact can be negative market news or a decline in employee morale.
Currency	Select the currency for the loss. This field appears only when the event type is Financial.
Date of discovery	Select the date when the risk event was discovered.
How was the event discovered	Select how the event was discovered. For example, if the risk event was reported by a customer, select Customer Feedback/Complaint.
Root cause	Enter your analysis for the cause of the event. For example, if a fire occurs in a server room, the root cause may be an increase in temperature or an electrical short circuit.
Action taken	Enter what was done to reduce the impact of this risk event. For example, if the fire in the server room was caused by an electrical short circuit, then the action taken is a replacement of the defective equipment.

Click Submit.
To view all the risk events you have reported, navigate to GRC > My Risk Events.

Result

Report a risk event from an incident

Before you begin

Role required: sn_risk.user

Procedure

Navigate to Incident > All.
Open the incident for which you want to report a risk event.

On the form, fill in the fields.

Table 3. Report Risk Event form
Field	Description
Name	Name of the incident.
Date of discovery	The date the incident was created.
Entity	The entity to which the incident belongs.
Event type	Type of event. The choices are: Financial impact Non financial impact
Currency	Currency in which the amount of loss is being reported. This field appears if Financial impact is selected from Event type.
Expected Loss	Expected amount of monetary loss. This field appears if Financial impact is selected from Event type
Non Financial Impact	Impact of the incident. The choices are: Low Medium High
Description	Brief description of the incident.

Click Submit.
The risk event is created.

Create a risk event task

A risk event might require associated tasks. Unless these tasks are created and eventually closed, the risk event cannot be closed.

Before you begin

Role required: admin

Procedure

Navigate to Risk Events > All Events.
Select the record for which a task must be created.
Click the Tasks related list and then click New.

On the form, fill the fields.

Table 4. Risk event task form
Field	Description
Assigned to	Person that the task is assigned to.
Priority	Level of importance given to a task, which indicates how readily a task or assignment can be delayed.
Short description	Brief description of the task.
Description	Detailed description of the task.
Work notes	Any relevant information for your reference.
Additional comments	Any additional information that might be necessary.

Click Submit.

What to do next

Create or review issues: Review the associated issues of a risk event or create a new issue during approval. For more information, see Manually create GRC issues.

Analyze risk events

Analyze user-submitted risk events to determine if the life cycle of the risk event needs further processing.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > All Events and open the risk event that you want to analyze. Alternatively, you can also navigate to Risk Events > New Events.

During analysis, you can either reject the event if the risk event doesn't appear to be an actual risk event, or request more information if the information is insufficient.

On the form, review the fields and edit them as necessary.

Table 5. Risk event form
Field	Description
Name	Name of the risk event. Edit the name of the risk, if necessary, to provide a more intuitive name.
Discovered by	The person who discovered the risk event. Edit the Discovered by field, if necessary.
Event type	Type of event. You can edit the event type, if necessary. For example, if during analysis you observe that the event type isn't a financial impact, you can edit the entry.
Sub type	Event sub type. You can edit the sub type, if necessary. For example, if during analysis you observe that the event type isn't an actual event but a potential event, you can edit the entry.
Category	Event category. You can edit the category to apply one of the following options: Personal: For example, any physical harm caused to an employee. Legal: For example, an employee is found conducting business that is a conflict of interest. Information Security: For example, a theft, burglary, or system crash. Human Resources: For example, sensitive lawsuits by an employee against another employee.
Primary entity	Entity that bears the loss. This entity is visible to management for reporting.
Owning group	Group responsible for monitoring the event to closure.
Owner	The person who owns the risk event. A risk manager can be an event owner. If the owning group is specified, the owners are filtered from the owning group.
Approvers	The person who approves the risk event. Any user with the sn_risk.user role can approve the risk event.
Cost center	Corresponding account number of the entity.
Description	Detailed description of the event in this field.

Click the Dates related list and fill in the fields on the form, as appropriate.

Table 6. Dates related list
Field	Description
Date of occurrence	Exact day, month, and year when the event occurred. For example, a mortgage was lent against a property that didn't comply with the building regulations on August 12, 2019.
Date of discovery	Date that the event was first discovered or noticed. For example, the mortgage was discovered on August 24, 2019.
Date of first recognition	Date that the event was first recognized and entered in the book of accounts. For example, the loss entries were entered in the firm’s book of accounts on August 26, 2019.

Click the Loss/Gain Estimates related list and fill in the fields on the form, as appropriate.

Table 7. Loss/Gain related list
Field	Description
Expected loss	Amount of loss expected. Expected loss is the probability weighted average of all possible losses. This amount is based on the user’s judgment of the expected amount that the organization might lose.
Potential loss	Amount expected to be a potential loss due to the risk event. This amount is the maximum loss an entity can incur due to the loss from the risk event.

Click the Event Analysis related list and fill in the fields on the form, as appropriate.

Table 8. Event Analysis related list
Field	Description
Cause	Primary reason why the risk event occurred.
Cause description	Brief description about why the risk event occurred.
Consequence	Consequence of the risk event. For example: Regulatory fines can be imposed as a result of the risk event.
Actions taken	The remedial actions that were taken to address the issue. This is the initial record of the event.

Click the Credit/Market Risk related list and fill in the fields on the form, as appropriate.

Table 9. Credit/Market Risk related list
Field	Description
Boundary event	Option for a boundary event. A boundary event is an operational risk event which leads to a consequence, such as a financial loss in another risk category.
External risk type	Credit: Credit risk is the possibility of a loss resulting from a borrower's failure to repay a loan or meet contractual obligations. For example, when lenders offer credit cards, or loans, there's a risk that the borrower might not repay the loan. Market: Market risk is the possibility of an investor incurring losses due to factors that affect the performance of the financial markets in which the investor is involved. For example, a recession might impact the entire market.
Risk reference	ID for reconciliation in the book of accounts. Specify the IDs for reconciliation purposes. The credit and market risk systems are different.

Click the Additional Classifications related list and fill in the fields on the form, as appropriate.

Table 10. Additional Classifications related list
Field	Description
Used in modeling	Option to share these risk event records with external systems where they want to perform advanced analysis using simulation techniques such as Monte Carlo simulation.
Full rapid recovery	Total loss recovered. Select if the total loss is recovered within a short duration and doesn't impact the organization. Generally, a short duration refers to five working days, but this value can be configured according to your requirements.
Gain event	The Gain event check box is a read-only field and is selected automatically if the risk event meets one of the following conditions. Risk event is a potential event and the Expected loss field or the Potential loss field has a negative value because of the gain. Risk event is an actual event and the Net loss field has a negative value.
Near miss	This check box can be both read only as well as editable based on the event type. If the event sub type is Actual, and the Full rapid recovery check box is selected, the Near miss check box is a read only field and is automatically selected.
Reason for near miss	Enter the reason which prevented the risk event from incurring the loss. If the event type is Potential, select the Near miss check box and in the Reason for near miss field, enter the reason why the event was a near miss

Click the Summary related list and edit the priority from the Non financial impact list, if required. The other field values on the form are automatically set:
- Direct amount: The aggregated sum of all direct losses.
- Additional cost: The aggregated sum of all additional costs.
- Gross loss: Sum of all direct losses, indirect amounts, and additional costs.
- Net loss: The net amount of the loss.
- Indirect amount: The aggregated sum of all indirect losses.
- Rapid recovery amount: The aggregated sum of the amount that was recovered rapidly.
- Recovered amount: The amount to be recovered for the risk event.
The values in the Summary related list fields are calculated in the Event Impacts related list. For example, say that a firm has a fire outbreak. This event can result in multiple direct and indirect impacts such as loss of information and business.

If you enter the value of a direct impact as $2000, then the Direct amount field reflects the same value. If you enter two indirect amounts, each with a value of $300 and $500 respectively, then the Indirect amount field reflects a value of $800.

If an external agency is hired to address the root cause of the fire outbreak, the cost incurred reflects an additional cost.

If the firm was able to recover a part of the cost of the event in five working days, then the Rapid recovery amount field reflects the same amount.

The Gross loss field reflects the total loss incurred by the event.

The currency conversion rates impact the values displayed in the Summary related list. For example, if you enter a value of 300 Japanese Yen as the recovery amount, you see the amount in the concurrent USD value of 2756 in the Summary related list. This conversion occurs because the currency conversion rates are applied from the Exchange Rate table. For more information on how the values in the exchange rate table are calculated, see Use your own currency-conversion rates.
To request more information about the risk event, click the Activity related list.
Enter comments in the Additional comments field, then click Request More Information. Alternatively, you can directly click Request More Information on the top and enter you comments and click OK.

A substate of the event changes to Clarification Requested and the risk event creator receives a notification. The substate changes to Clarification Provided once the event creator responds to the query.
To add any work notes for your reference, enter work notes in the Additional comments field in the Activity related list, select the Work notes check box, and click Post.

Work notes are not visible to the risk event creator.
Once the event creator responds to the questions, you can either reject a risk event or add and delete other relevant details.
- Event Impacts
- Impacted Entities
- Risks
- Controls
- Tasks
- Issues
- Associated Risk Events
- Approvers
Click Request Approval.

Create a risk event entry

A risk event entry determines the monetary or non-monetary impact of the risk event.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > All Events and select the event to be analyzed.
Click the Risk Event Entries related list.
Click New.

On the form, fill in the fields.

Table 11. Event Entry form
Field	Description
Number	Number for the event entry. This field value is automatically set.
Risk event	Title of the risk event. This field value is automatically set.
Date of impact	Date that the impact was recorded. Note: The date of discovery and the date of first recognition can be different. This date cannot be a future date.
Amount	Amount that the impact costs. The amount entered is reflected in the Summary related list.
Rapid recovery	Loss amount for this entry if it's recovered in a short time, which is generally five working days.
Impact type	Type of financial impact for the event. Select from the following types: Direct/Indirect Impact: Direct or indirect financial impact of the event on the entity. Recovery: Amount recovered from the total financial impact. Additional Cost: The additional cost incurred due to the impact. Non-Financial Impact: The event has no financial impact.
Category	Direct or Indirect. For example, if the impact is direct, is it external?
Sub category	Sub category of the event impact. Select one of the following categories: External Cost: The cost that's incurred for external agencies. For example, if a loss is incurred due to erroneous accounting and an external auditor was hired to assess the event, the cost incurred in employing the auditor is an external cost. General Ledger: The book of accounts in which this event is entered. Booked Provision: Refers to the amount that you set aside in your accounts to cover a future event. For example, if a firm sets aside an amount to cover a risk event that might occur in the future. Revenue Reversal/Timing Losses: When you reverse revenue, a reverse entry is created that backs out the original entry. Don't enter any new accounting information into the system.
GL account reference	Account number in which this entry is captured in the ERP system.
Short description	Brief description of the impact.

Click Submit.

What to do next

Create or edit a new risk: Creating or editing a new risk for an event is useful for future prediction of risks. The information obtained from the risks is useful for scoring and reporting. For more information, see Create a risk manually.
Link new control to risks: A control is used to prevent a risk from occurring. Linking the controls to risks lets users know which controls failed and why the risk event occurred. This information can be used for future predictions and reporting.
Note: Only those risks and controls that are tagged to the impacted entity can be related to this risk event.
For more information, see Create a control.

Create a risk event task

A risk event might require associated tasks. Unless these tasks are created and eventually closed, the risk event cannot be closed.

Before you begin

Role required: admin

Procedure

Navigate to Risk Events > All Events.
Select the record for which a task must be created.
Click the Tasks related list and then click New.

On the form, fill the fields.

Table 12. Risk event task form
Field	Description
Assigned to	Person that the task is assigned to.
Priority	Level of importance given to a task, which indicates how readily a task or assignment can be delayed.
Short description	Brief description of the task.
Description	Detailed description of the task.
Work notes	Any relevant information for your reference.
Additional comments	Any additional information that might be necessary.

Click Submit.

What to do next

Create or review issues: Review the associated issues of a risk event or create a new issue during approval. For more information, see Manually create GRC issues.

Approve a risk event

A user with the sn_risk.manager role must approve a valid risk event. If any risk approver rejects the event, the state of the risk event changes to rejected.

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to My Approvals.
Click the record in the list with your name as the approver.
Click Approve.

Close a risk event

Before you begin

Role required: sn_risk.manager

Procedure

Navigate to Risk Events > Assigned to Me.
Open the record that you want to close and verify if all the associated tasks and issues are closed.
Click Close.

Add a risk event cause to the cause library

Add a risk event cause to the cause library. Creating a cause library helps in risk analysis, risk prediction, and risk prevention.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

A cause library is a centralized library of the possible causes that can lead to a risk event. When you have a library of causes, it is easier to identify future risks.

Procedure

Navigate to Risk Events > Administration > Causes.
Click New.

On the form, fill in the fields.

Table 13. Cause form
Field	Description
Name	Name of the cause. For example, Inadequate IT security.
Parent	Parent of the cause. Every cause is categorized into a group, and this field refers to that group. For example, for Inadequate IT security, the parent cause can be Process.
Description	Brief description of the cause.

Click Submit.

Result

The risk event cause is added to the library.

Add a risk event consequence to the consequence library

Add a risk event consequence to the consequence library. A consequence library helps you to identify the measures that can mitigate or prevent losses from risks events.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

A consequence library is a centralized library of the possible consequences that occur after a risk event. When you have a library of consequences, it is easier to identify future losses from risks.

Procedure

Navigate to Risk Events > Administration > Consequences.
Click New.

On the form, fill in the fields.

Table 14. Consequence form
Field	Description
Name	Consequence name. For example, Asset loss.
Parent	Parent of the consequence. Every consequence is categorized into a group, and this field refers to that group. For example, for Asset loss, the parent consequence can be Damage to Physical Assets.
Description	Brief description of the consequence.

Click Submit.

Result

The risk event consequence is added to the library.

Set up GRC Virtual Agent to report risk events

Before you begin

Activate the following plugins:

Glide Virtual agent (com.glide.cs.chatbot) with a valid license.
GRC Advanced Risk.

Role required: sn_risk.admin.

Procedure

Navigate to Service Portal > Service Portal Configuration.
Click Page Editor.
In the search field, type Index.
Click Service Portal index.
At the top of the page, click Edit Service Portal (index) page in Designer.
In the Filter Widget search field, type Virtual Agent Service Portal Widget.
Drag the widget to anywhere on the screen.

Result

You can see the chat icon ( Virtual agent chat icon.

) at the bottom-right of the screen.

Configure risk event integration

Configure risk event integration with other upstream ServiceNow applications. This integration enables all users in an organization to report and track the risk events.

Before you begin

Role required: sn_risk.admin

About this task

Procedure

Navigate to Risk Events > Administration > Integration Configuration.
Click New.

On the form, fill in the fields.

Table 15. Risk Event Integration Configuration form
Field	Description
Number	Configuration number. This field is automatically set.
Active	Option to enable the creation of a risk event from the application table.
Integration name	Short and unique title for the integration. For example, to report a risk event from an incident table, you can type `Incident-risk-event-integration`.
Application table	Application table that is used for reporting risk events. The table determines the upstream application that will be used for reporting risk events.
Source for name	How the name of risk events are set. The choices are as follows: Form field: Select this option if you want the value from a specific selected field to be used as the risk event name. Default value: Enter a custom value. The risk event is created with the name you enter here.
Source for description	How the description of risk events are set.
Source for entity	How the entity of risk events are set.
Source for date of discovery	How the date of discovery for risk events are set.
Name	Field in the application table that is used to set the name of risk events. This field appears only when Form field is selected from the Source of name field.
Default Name	Default name for risk events. This field appears only when Default value is selected from the Source of name field.
Description	Field in the application table from that is used to set the description of risk events. This field appears only when Form field is selected from the Source of description field.
Default description	Default description for risk events. This field appears only when the Default value is selected from the Source of description field.
Entity	Field from the application table that refers to a GRC entity or to a record in a GRC entity. This field appears only when Form field is selected from the Source of entity field.
Default Entity	Default entity for risk events. Default entities are created from the table in the Application table field. This field appears only when Default value is selected from the Source of entity field.
Date of discovery	Field in the application table that is used to set the date of discovery of risk events. This field is visible only when Form field is selected from the Source of date of discovery field.
Default date of discovery	Default date of discovery of risk events.
Default event type	Default event type of risk events. For example, if the event is financial or non-financial.
Event subtype	Subtype of the risk event. For example, if the event is actual or potential.
Source for Non-Financial impact	How the non-financial impact of risk events is set.
Non-Financial impact	Field in the application table that is used to set the non-financial impact of risk events. This field appears only when Form field is selected from the Source of non-financial field field.
Default non-financial impact	Default severity of risk events. The choices are Low, Medium, or High.
Source for expected loss	How the expected loss of risks events is set.
Expected loss	Field in the application table that is used to set the expected loss of risk events. This field appears only when Financial impact is selected from the Default event type is field and only when Form field is selected from the Source of expected loss field.
Default expected loss	Default monetary value of the loss. This field appears only when the Financial impact is selected from the Default event type field and only when Default value is selected from the Source of expected loss field.
Display UI Action Based On
Mode	Mode that is used to create the UI action. The choices are as follows: Simple: Mode to set simple filter conditions. For example, if the impact of an incident is High, the Report a Risk Event UI action must be created. Advanced: Mode to write a script to query tables, including the table from the Application table field.
Role condition	Roles that can report risk events from the upstream application.
Script	Field to write a custom script to query any table. Note: The option to write a script is only available to users who also have the sn_grc.developer role. This field appears when the Mode field has Advanced.

Click Submit.

Result

The application that is configured to report risk events displays the Create Risk Event button.

What to do next

Any other application table which uses the task table can configure this integration. For detailed steps, see Risk Event Ingestion setup KB0780985 in the HI knowledge base.

Risk event response template

The risk event response template automates the process of adding approvers, issues, and owners to a risk event. This automation is based on the conditions defined in the template.

The risk event response template provides these primary benefits:

Reduces the need for manually handling risk events. n.
Automatically defines the risk event life cycle and how users respond to that risk event.
Saves time with a predefined template.

For detailed steps for configuring risk events, see Risk Event Ingestion Setup KB0780985 in the HI knowledge base.

Create a risk event response template

Create a risk event response template to automate the process of adding approvers, issues, and owners to a risk event.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

Procedure

Navigate to Risk Events > Administration > Response Templates.
Click New.

On the form, fill in the fields.

Table 16. Risk Event Response Templates form
Field	Description
Number	Template number. This field is automatically set.
Entity	Entity that the template is created for.
Category	Category of the risk event. The choices are as follows: Personal: For example, any physical harm caused to an employee. Legal: For example, an employee is found conducting business that is a conflict of interest. Information Security: For example, a theft, burglary, or system crash. Human Resources: For example, sensitive lawsuits by an employee against another employee. All: Any risk event that is reported.
Approval rule based on	Rule that is used for assigning the event. The choices are as follows: Gross Loss Net Loss Expected Loss The values in this field depend on the values in the Event type and Sub type fields. Consider the following examples: If the Event type field has Financial, and the Sub type field has Actual, then this field can be set to any value. If the Sub type field has Potential, then this field can be set to only Expected loss. If the Event type field has Non-Financial Impact, the approval rule is Non-financial.
Event type	Type of event and the impact the event has. The choices are as follows: Financial Impact: The event has an associated financial loss. Non-Financial Impact: Even though the event does not have any financial loss, it does have a non-financial impact on your organization. Examples of non-financial impact can be negative market news or a decline in employee morale.
Sub type	Sub division or category of an event The choices are as follows: Actual: When a loss takes place in actuality. Potential: When a loss exists in possibility, not in actuality.
Auto close event once approved	Option to select if the event must be closed after approval. Note: If the risk event has open issues or tasks, then the risk event is not closed until all the issues, tasks, and approvals are finished.

In the Risk Event Owner Assignment section, select the assignment type and the owner or owning group.
To automatically create an issue, select the Automatically create issue option in the Issue Creation and Assignment section.

Click the Root Cause Analysis Task section and fill in the form as appropriate.

Table 17. Risk Event Response Templates form
Field	Description
Automatically create RCA task	Task creation for root cause analysis (RCA). Automatically create an RCA task based on the amount entered in the Threshold for task creation field.
Assigned to	Person that the RCA task is assigned to.
Threshold for task creation	Option to specify the threshold amount after which an RCA task is created. For example, you can specify that if an event has a loss of over $1000, then an RCA task must be created.
Priority	Priority of the event. Choices are as follows: Critical High Moderate Low Minor

Click Submit.

Result

A new risk event response template is created.

Define a threshold limit for the risk event response template

Define a threshold limit for assigning risk event approvers. A threshold limit is defined to determine if a risk event needs an approver.

Before you begin

Role required: sn_risk.manager and sn_risk.admin

About this task

Procedure

Navigate to Risk Events > Administration > Response Templates.
Select and open the risk event response template that you want to create a threshold for.
In the Financial Impact Approval Thresholds related list, click New.
The Financial Impact Approval Threshold form opens.
From the Threshold amount field, select the currency type and then enter the approval amount.
Select the Approver required check box.
From the Assignment type field, select either User or Group.
In the Approver field, select the approver who will approve risk events that exceed the threshold amount.
Click Submit.

Result

The response template is updated with the threshold limit and approver details.

How search works:

Topics are ranked in search results by how closely they match your search terms

Manage risk events

Manage risk events

Risk events life cycle

Risk event properties

Report risk events from the Service Portal

Report a risk event from an incident

Create a risk event task

Analyze risk events

Create a risk event entry

Create a risk event task

Approve a risk event

Close a risk event

Add a risk event cause to the cause library

Add a risk event consequence to the consequence library

Set up GRC Virtual Agent to report risk events

Configure risk event integration

Risk event response template

Create a risk event response template

Define a threshold limit for the risk event response template

On this page

Manage risk events

Manage risk events

Risk events life cycle

Risk event properties

Report risk events from the Service Portal

Report a risk event from an incident

Create a risk event task

Analyze risk events

Create a risk event entry

Create a risk event task

Approve a risk event

Close a risk event

Add a risk event cause to the cause library

Add a risk event consequence to the consequence library

Set up GRC Virtual Agent to report risk events

Configure risk event integration

Risk event response template

Create a risk event response template

Define a threshold limit for the risk event response template

Log in to personalize your search results and subscribe to topics