Best practices to perform Any Object AssessmentAs part of Paris release , Advanced risk assessment has introduced new feature Any Object Assessment. Usecase: Any Object Assessment is used to perform risk assessment on any ServiceNow record. To perform risk assessment, prior knowledge of risk is not necessary. Using assessment results, the risk manager can quickly analyze the risk associated with their project or application. Perform any object assessment : Any object assessment can be performed in two ways Ad-hocEvent Driven Ad-hoc based risk assessment: In ad-hoc based risk assessment, users can perform the assessment through a UI action. Configuration Steps: Create a UI action on a table where assessment is to perform.Do following configuration to UI action “Name” : Assess Risk (Recommended name)“Form button” checkbox should be checked.“Client” checkbox should be checked.“Active” checkbox should be checked“Show insert” checkbox should be unchecked.“Show update” checkbox should be checked.“List v2 Compatible” checkbox should be checked.“Condition” à Provide any condition on which UI action should be visible.Onclick: assessRisk()Script : copy below code snap in script. function assessRisk () { ScriptLoader.getScripts(['sn_risk_advanced.AssignFormUtils.jsdbx'], function() { sn_risk_advanced.AssignFormUtils.assignAssessorApprover(); }); } Steps to Initiate Risk Assessment: Role required: snc_internal Open the record on which Risk assessment has to be preform.Click on UI action “Assess Risk”. A pop-up appears to add assessors and approver. Click Submit button. A risk assessment is created. A message appears that refers to risk assessment. Event Driven: In event driven risk assessment, a user can perform the risk assessment based on some event. To perform this way of risk assessment, two APIs are provided: createRiskAssessment Signature createRiskAssessment: function(source_record, ramId, assessor_id, approver_id) Inputs Input variable name Type Description Example source_record Glide Record Any servicenNow glide record object. current ramId Sys Id RAM associated to the table in the applicable record type record Citation risk assessment(ab6d35c00f5771100e6195758b767e10) assessor_id Sys Id Any System user can be pass. User should have role ‘sn_risk.business_user’. Caitlin Reiniger (f282abf03710200044e0bfc8bcbe5d1b) approver_id Sys Id Any System user can be pass. User should have role ‘sn_risk.business_user’. Morgan Hunter (d37bfc20cb300200829cf865734c9c5f) Outputs Output variable name Type Description result.status Integer Status can result in two possible value ‘0’ or ‘200’. If status is ‘0’ then assessment creation is failed. If status is 200 then assessment creation is successful. result.asmtId Sys Id Assessment Instance sys_Id. result.errorMsg String If status is ‘0’, the assessment creation is failed. This variable contains the error message, result.msg String If status is ‘200’, the assessment creation is successful. This variable contains the successful creation message. getRiskAssessmentResults Signature getRiskAssessmentResults function(sourceRecord, ramId) Inputs Input variable name Type Description Example source_record Glide Record Any servicenow glide record object. current ramId Sys Id RAM of the advanced risk assessment required to fetch the results Citation risk assessment(ab6d35c00f5771100e6195758b767e10) Outputs Output variable name Type Description result.status Integer Status can result in two possible value ‘0’ or ‘200’. If status is ‘0’ then get assessment result is failed. If status is 200 then get assessment resultt is successful. result. inherent_risk_score String This will provide final inherent risk rating value for assessment. result. inherent_ale Currency This will provide final inherent ALE value for assessment. result. control_effectiveness_score String This will provide final control effectiveness value for assessment. result. residual_risk_score String This will provide final residual risk rating value for assessment. result. residual_ale Currency This will provide final residual ALE value for assessment. result. errorMsg String Implementation methods to execute event driven risk assessments: Using Flow Designer. (Recommended way)Using Business rule. (Recommended way)Using any ServiceNow platform capability to execute API. Perform risk assessment using Flow Designer: NOTE: Two flow actions and one sub flow are provided with implementation of event driven risk assessment API. This can be used when only manual factor are associated with Risk Assessment Methodology. This will return risk assessment result once assessment moved to monitor state. Flow Actions: Create Risk AssessmentGet Risk Assessment Results Sub Flow: Perform Risk Assessment. Steps to perform risk assessment using flow actions: Create any flow or sub flow using flow designer.Create Trigger Action on which risk assessment must be initiated. Consume the action “Create Risk Assessment” present in GRC Advanced risk spoke.Pass relevant inputs and check for output of actionIf status of API is 200.Look for assessment record using assessment ID return from previous action.Wait for assessment to move in monitor state.Consume the flow action “Get Risk Assessment Results” present in GRC risk advanced spoke.Update the record with outputs of previous action. Steps to perform risk assessment using Business Rule: Create a business rule “Create Risk Assessment” as per your business requirement.Provide a condition on which event must be triggered.In the script section, copy the snap as given below: (function executeRule(current, previous /*null when async*/ ) { // Where current.assigned_to is Assessor field and current.opened_by is Approver field. //Sysid of the ram from which you want to create advanced risk assessment var ramId = 'ab6d35c00f5771100e6195758b767e10'; var result = new sn_risk_advanced.RiskAssessmentUtils().createRiskAssessment(current, ramId, current.assigned_to, current.opened_by); if (result.status == 200) { gs.addInfoMessage(result.msg); } else if (!result.status) { gs.addErrorMessage(result.errorMsg); } })(current, previous); Create business rule “Get Risk Assessment result” as per business requirement.Provide a condition on which result should be copied to source object. In script section copy the snap given below. (function executeRule(current, previous /*null when async*/ ) { // Provide the ram from which assessment got created for the source object var ramId = 'ab6d35c00f5771100e6195758b767e10'; var result = new sn_risk_advanced.RiskAssessmentUtils().getRiskAssessmentResults(current, ramId); if (result.status == 200) { gs.addInfoMessage(result.inherent_risk_score); gs.addInfoMessage(result.inherent_ale); gs.addInfoMessage(result.control_effectiveness_score); gs.addInfoMessage(result.residual_risk_score); gs.addInfoMessage(result.residual_ale); } else if (!result.status) { gs.addErrorMessage(result.errorMsg); } })(current, previous); Steps to Configure Related List: Role required: “admin” Navigate to “Relationships” module.Create new record. Name: “Risk Assessment” (Recommended)Applies to table: Table on which related list should be visible.Queries from table: Risk Assessment [sn_risk_advanced_risk_assessment_instance]Script : Add code give below : (function refineQuery(current, parent) { current.addQuery('source_record', parent.getValue('sys_id')); })(current, parent); Submit the record.