all right let's go ahead and get started Welcome everyone Greetings and welcome to today's webinar what's new in risk management Um we are excited to have you join us today to learn all about what's coming and what's now live with the Yokohama release in risk management Next slide All right I am Emily Podski I'm the product marketing manager here at Service Now And today then I am joined by Harihara Hari do you want to introduce yourself all right Uh hi everyone My name is Hari I'm the product manager for risk management and super excited to talk about all the exciting stuff as part of FE25 Yeah really excited to show you all the great features and enhancements that we have for us today So next slide please Before we do get started though a couple of housekeeping items to cover First you are on mute but that doesn't mean that you can't ask questions Feel free to use the Q&A feature to ask any questions throughout today's session um and we will answer them um as throughout the session and we will have a dedicated Q&A session at the end of today's presentation We do have a lot to cover So if we do not get to your question don't worry Um we'll try to follow up with you offline or you can schedule some time with your account manager uh to set up some time with us to talk about specific use cases and how we can help you Also today's session is being recorded and it will be available on demand on our Service Now community forum as well as our YouTube channel in case you want to reference back to today's conversations or share it with your colleagues And additionally we will have a short survey at the end of the of the session and we'd really appreciate it if you take a couple of minutes to complete it We do look at this feedback and use it to improve sessions like this and we really value your input So next slide Today's webinar is just one in a series of update webinars So if you missed some of our previous sessions don't worry The recordings are available on the community forum and on our YouTube channel So if you missed the sessions for Genai now assist operational resilience business continuity what's new in smart assessments our privacy management session or ESG Uh we highly recommend checking these recordings out There are a lot of great new features and enhancements in the Yokohama release Um and we make want to make sure that you know about them and that you can use them to your advantage Next slide And for those of you um interested in our compliance and audit management and our thirdparty risk management risk domains and capabilities we do have sessions coming up uh this week and next for those Make sure that you register for these I will drop a link in the chat here shortly um because we're going to be covering a lot of cool things like our new risk and controls matrix in audit management um as well as some pre-populated questionnaires for thirdparty risk So please uh you can scan that QR code it will take you to our events blog and you can go directly uh to those events to register and I will also put the link to register in the chat here shortly Next slide All right And that first update is everything that you will see here today is currently available in the Service Now store So we are really excited to share all of these great features and enhancements with you So without further ado I will turn the presentation over to Hari to get us started Hari All right Fantastic A quick voice check Emily is uh is everything okay you sound great Fantastic All right So uh thank you so much uh for the lovely introduction Uh I am super excited to be part of this webinar to talk about what's new in Feb 2025 And uh one of the main reasons I like to call out why I'm excited as well See typically we all start that way right as product managers we are very excited to and we are actually proud to talk about features that we worked upon To be in all honesty I did not work on the announcement that it was actually a fellow colleague of mine who worked on that Despite that I am still equally excited to talk about these features as part of FEP25 because the nature of the features that we releasing and we've packaged inside Feb 25 not only solves the problem uh uh of today but it also paves the way for some really exciting cool stuff that we have uh in package for the future So yes so that's the main reason why I'm excited about So I'm really excited about you guys so that you can actually see this So feel free to keep the questions coming uh we will take um appropriate interval pauses to see if we can get that answer otherwise we'll get that answer towards the end All right so without further ado what are the fe cool features that excites me so much So there are two main features we're going to talk about one is called as composite entity management and the second one is risk assessment project Let's first talk about uh the problem What problem are we trying to solve in compost entities right so the term composite uh refers to made up of multiple parts right so we coined the term compost entity to mean an entity that's made up of multiple entities So typically in a large organization with a matrix structure uh you know you have uh you know the the way it's structured is itself in terms of multiple dimensions such as your functions locations business process divisions legal entity So it's structured that way right it's a complex web So uh and generally risk and uh compliance assessments happen at the center of that web right where it kind of meets with multiple of those dimensions So in such a setup if we continue to use the single dimension u um sort of an assessment as we have today uh eventually you're going to have you're going to you're going to end up facing problems in terms of scalability You probably end up duplicate issues you probably end up entity explosion So there are quite a lot of uh uh uh how do I say m easy maintenance issue or maint maintenability issues that you will end up facing So for that the answer that we have come up with is our compost entity uh management where uh this is our attempt to make sure that we are able to enable you enable the organizations to evaluate risk and compliance in such a setup of multi-dimensional uh so for example if you if I have to give a call it a quick example let's consider KYC as a process now if we directly assess perform an assessment on KYC as a process it's a single dimensional undimensional assessment but let's say if I perform the assessment front of KYC as a process belonging to the UK region or the America region then that becomes a dual dimension assessment that's where your multi-dimensional assessment starts getting so it supports or the intention is to support a granular assessment u involving multiple dimensions so that's the first topic uh I hope that's clear the second topic we're going to talk about is the risk assessment project so yeah these are just introductory problem statement slides we will be jumping into details uh next the second problem that we've attempt to solve is the risk assessment project So in the system till today till um till yesterday rather uh the risks are evaluated individually right so the risk assessments are done individually for every indiv every single risks and that's how it that's how it has been happening so far traditionally as well however most of our clients in reality what happens is they act they actually um uh you know do in terms of do it do the same discussment in terms of a workshop style So in the workshop format what happens is multiple stakeholders get together where you have representations from business unit you have risk and control owners you have process managers you have several stakeholders that are relevant for that particular entity in order to perform the risk assessment so in such a workshop style scenario when all of them get together so they end up brainstorming about the particular entity uh let's say again KYC as a process they end up brainstorming about it identify all the risks together uh it may happen in one sitting or multiple sittings but then it happens in that style and then they identify risks together and then they um end up assessing the risks as well together So the RCSA happens in such a setting So risk assessment project is our answer uh to digitizing the workshop style RCSA and offer a structured workflow to enhance the experience So that is the problem that we are solving when we talk about discussment project So now let us deep dive So what I'm going to do is I'm going to deep dive in this area just so that I'm clear about how I'm going to take this uh presentation in terms of what you can expect So I will deep dive into compost identity management I have a couple of slides and then I'll do a demo and I'll take a pause for a some questions on compost identity management and I will repeat the same format for the other enhancement as well All right So let's deep dive into compost identity management Now this is a nice visual image uh you know this helps me explain this much better So as you can see here you have acme as an organization and it has three the structure is made up of three dimensions right you have a business process hierarchy you have location hierarchy and a business function hierarchy so again KYC as a process if you see the process hierarchy here right here if uh the assessments were to happen at that node level that single level it's the regular single dimensional assessment which is done even today but let's say for example if like I like I quoted earlier your KYC has a process and and I want to perform risk assessment on KYC as a process in context of America then that becomes a two-dimensional assessment for you to take it even further you could do KYC as a process America as a location and let's say corporate banking or retail banking as my function then that becomes a three-dimensional assessment for you so yes uh you you will have the flexibility depending on the business need to do do either a two-dimensional or a threedimensional or a fourdimensional assessment depending on the need of the business and depending on the risk so all of this are being um this is what we're talking about when we talk about a multi-dimensional um a composite entity management Let us now quickly talk about how we have actually solved this All right So we did speak about uh the business challenge and how that is important and why we are attempting to solve this So in terms of solution the um before I dive into exactly how we've solved this theoretically I mean eventually we're going to take a look at the demo as well uh I I mean I um so the one mantra that we had in our head in order to solve this uh was that less disruptions for our existing users We didn't want to invent something and then make it uh harder for you to consume So we wanted to make sure that we recognizes we recognize that the existing way of the way entities models are also uh valid in some cases So we wanted to make sure that we give you the power we give you the control to decide when you want to uh utilize compost entities in what necessity in what business context you want to do use compost entities So this will not disrupt So again the key mantra here was that not to do any disruptions to your existing form So that is that is actually fantastic uh and I'm really proud of the way you know our team here back team has achieved this one So the way we solve this is by utilizing the existing construct of entity class and entities So you already have an existing entity class Again these are already ex existing features and functions So we introduce something called as a structure and recognize the existing entity as a simple or a single structure and we introduce the composite structure as well I will like I said theoretically we will show I will show this to you in the demo as well And then uh we end up creating entities referencing that particular composite entity class So it is as simple as that which I will show showcase to you shortly So before I jump to the demo a really quick um um sneak peek of how the yeah how the uh compost imagine looks like So this yeah this is a sneak peek of a screenshot We will get into the real deal as well But as you can see here this is the entity uh this is already a composite entity which uh you know which you can see right now And there you go We see it is composite and this composite entity is made up of three different uh um uh dimensions your USA as your location as your company and a business process as well So this this is a threedimensional entity So uh any risk assessments will now happen can now happen with respect to a single or this composity that you can see here Now certain other things that I like to call call out here are uh so by nature since this is a composite entity we have also made sure that this this composite entity is rolls up to individual of these entities So which means in this example the USA aser and the process compos that you can see here rolls up or acts as a child for each of these individual entities like USA as risk understanding So that way uh uh the the a the aggregation when it comes to the aggregation uh the any any assessments or any any data that is done at the composite entity level is also being considered at the individual dimensions as well right you may also have questions around you know what hey uh if it's a single entity I have a single owner but if it's a composite entity dealing with multiple uh dimensions how do we deal with the stakeholders there is there a way where I can have representatives from uh you know location division and uh and all the respective um uh divisions Yes absolutely So I will be introducing a concept called a stakeholders as well when we see the demo So yes So u so this is a quick like I said this is a quick sneak peek of uh the composite entry Let us take a quick look at the benefits and then we'll jump directly into the demo because I don't want to spend too much time on the presentation All right I see a raised hand Um I thought I will stop after the slide but let's hear the question Uh all right Um Nicola if you could t if you could type your question into the Q&A section we can get it answered All right There is one other question uh that came in through the chat For composite entities would you expect risks and controls to be assigned to the composite or at the individual entities to define specific process ownership awesome question Awesome question So I was about to I will be demonstrating this as well So the composite entity is just like any other entity So when you create a risk or control it'll be pointing to this particular entity So which means we are recognizing some risks which exists and which needs to be assess assessed at this level So yes it exists in this particular dimen in this particular dimension of u a combination of multiple dimensions I hope that answers the question Is there any other question well we've got time for two more Uh let's see how controls will be generated for composite entity Is it one control for composite entity uh so uh it's okay So you could have like I said so again whether it is risk or controls you could have multiple such risk or controls pointing to pointing to this compass identity uh it's not so as of now uh it's a manual way but uh in the future we also have plans of automating this where uh such controls and risk get automatically generated for compost entities as well but yes depending on the nature depending on the amount of controls that you want or risks that you want it it the compost entity is just like any other entity and you will see this in the demo so you uh you know depending on the business need we are free to create a number of controls or any number of risks that points to the same set of compost entities excellent And last question is composite entity available in all IRM product SKUs It is available in the IRM Uh when you say product SKUs I'm assuming you're talking about uh standard the additions standard professional enterprise So if that's the question absolutely yes We recognize that this is a fairly basic feature that and and uh which is fundamentally important to any customer irrespective of the addition that they own So yes it is going to be made It will be made and it is actually available starting from standard itself Great great questions guys Keep them coming Um we will get to them We have a dedicated Q&A session towards the end We're going to move on to our next topic because we do have a limited amount of time but we will try to address all of our questions here at the end Awesome Awesome Awesome I almost wish Emily that it was an in-person uh it's a session rather than a webinar Uh it'll be it'll be a lot more exciting But anyway so let's cover the benefits and then I'll jump into the demo real quick and then I'll jump to the next topic So yeah so if you think if if you look at this slide I've named it potential future benefits and composite entity is the first step So I couldn't resist adding the b potential future benefits also in addition to the existing benefits Uh you know this is this is the reason why I was excited to talk to you uh in before I even started So so what are the benefits right so compost entity will definitely pave the way for a very entity easy maintenance entity Uh it's it's going to be it's going to be how do I say u I'm pretty sure a bunch of you are customers are uh you know are probably feeling that you know it'll be much lot more much easier if you know my if my entity maintenance becomes a lot more easier because the entity some of you may even face entity explosion So all of this is expected to be solved by composed entity So thereby eliminating duplication and once duplicates are eliminated your entity structure becomes harmonized and once the entity structure is harmonized harmonized your maintenance of the entity becomes much easier The last two benefits which I really wanted to call out are also uh this is again the potential future benefits So uh enhanced reporting and aggregation Now I'd like to go back So remember the first slide that I had when I was uh showcasing composed identity was that of a Rubik's cube right so I'm use I'm using I'm going to use that the same analogy So imagine there is an organization with uh you know function location and several other dimension uh you know division and legal entity all of that Now as a functional head so today the way the aggregation in our current F25 release the way it will be it'll work is that it'll still be aggregated We do support aggregation where I just called out saying that the composite entity is going to become a child of the individual entities and you get the aggregation done that way But in the future again uh I'd like to call this out as well uh is that uh giving going back to the example of Rubik's cube uh if you are a functional head you will be able to extract the report which is aggregated from a functional perspective and if you're let's say a regional head or location head you will be able to extract the same set of data from a regional perspective and if you're a you know lo let's say for example process head you would be able to extract again using the same set data using the pro process lens So uh it's just different lenses with which you're seeing it but such a dynamic aggregation will be made possible in the future And the last one is easy entity recognition sorry easy entity reorganization right again uh organizations go in there are organizations which go which end up changing their structures uh you know as frequent as even every month as well So in such a case and since your ag structure is going to be reflected in entities how is it that you're going to manage the impact on data it'll be it'll be a lot more cooler and a lot more exciting if the system recommends in an elegant fashion these are your entities this is the impact right so this compass entity is the first step towards such a benefit as well I know uh these are not today's benefits but this paves the way this is the first step towards it and we are in the right direction and once we achieve the other piece of the puzzle you will getting these few future benefits as well I'm sorry I couldn't resist but calling out these two future pieces as to why composite entity is very very important Uh um I Emily do you think I someone raised the hands again maybe I can take one more question and then I can jump into the demo Let's see we have a bunch of questions One more and then I'm going to jump for the demo Um all right let's do any changes in entity tables hierarchy Is there any impact on upstream or downstream entity structure so yes that is what I was referring to easy entity reorganization Uh so when you're when you're talking about uh downstream okay again I can take it in a simple fashion If you're just talking about changing the parent reorganizing the parent it's since our composite entity is just like any other entity it'll behave like any other entity as it behaves today But like I said the easy reorganization that I was talking about uh for that I we have to do another piece of the puzzle uh uh which is not yet done which is there in the future in the cards which was which is a much more elegant way that it'll handle that but as of now it is just like any other entity when you change the uh parent Great questions guys keep them coming All right I'm going to uh uh quickly jump to the demo uh but then I'd like to touch upon one thing as well So generally when you you may not want to change this parent because it uh for the compost entity it becomes a natural child of the respective uh respective individual entities So we don't foresee that you'll have to manually change that anyway So in which case you will have to how do I say if you're talking about Rios kind of a structure changes like I said the answer is waiting for you in an upcoming release All right So let me quickly jump to the demo But I I get the feel that uh um you a lot of people are excited about the first step that we taken in terms of compost entity All right Let's do a quick demo before we jump to another topic here So uh like I said entity classes we are reusing the same thing Uh like I said the mantra is less disruptions And I'm here right now in the entity classes um in a risk workspace And as you can already see here uh there are a bunch of compos entities that already been created So these are two dimensional compos entities But rather than opening an existing thing why not create a new one so let me go ahead and create hit new The moment I hit new you see here uh there's a structure There's a field here which says single and composite So that's all it is I hit on composite and I get to define how many dimensions of uh does this composite uh class represent Is it two is it three so for now I mean like out of the box we've given till five and we don't foresee in a practical sense beyond five because the the more dimensions yes you're going to you're going to be increasing a different level of complexity So we don't foresee practically more than five but then yes uh for now for this purposes of demo uh I've selected two The moment I've selected two here system is going to ask me okay what is this class made of so maybe it's made of business process as my first entity and then it it's made of maybe say location as my second entity and there you go that's that's all it is I have to hit on save the moment I hit on save voila your entity class is now ready so that the entity can be created now I already have created uh such an entity class so let me go to the entity and then show it to you how we end up creating it So one call out like I'd like to do here is the process of creation of an entity in the composite entity uh structure the way is available only in your in our workspace format So I hit new Uh again very similar process It's the same old entity here I change it to composite entity rather than single And it immediately asks me okay which class because I might have created multiple compost entity classes right So business location was just one class So you see several other classes here So depending on the mean depending on the need you get to create further as well So I select the um business process location and then all I have to do is all right So this so what is the business process so KYC is the business process and I select the location could be UK could be America could be AP it could be whatever it is and then I hit save So that's it It's that simple So it's like I said it's the same way that you end up creating entity Uh you end up creating compost entity as well So um just to call out I think I already called out this called this out before As of now we're supporting the manual way to creation to create such component entities But yes we uh we do have it on the cards to uh automate such creation of compost entities as well in the future All right So one other thing I'd like to call out this is again related to one of the question that was there How do risk and control exists or point out so if I go if I go to library here risks So and I hit on new here So this is a new rest that I'm uh that I'm about to create So as you can see here nothing's changed here It's still the same old entity So when I I can type in the entity for it could be anything right be let's say credit risk or it could be identity risk Actually that makes more sense because my if you see here if I go here and I say name filter it out by name contains and let's say KYC So maybe the risk would be more relevant as an identity risk or something like that So yeah there you go That's the compost entity for me which I've already created So I get I get to create that and make that reference uh to KYC Canada So that is so that's it So it's it's as straightforward as simple as that U so the process remains the same for you to create a risk So with that what we'll do is we'll now jump on jump over to the next topic which is risk assessment project So let me see if I can conclude this and once we can conclude I can take several other questions as well All right So risk coming to riskman project this is another exciting feature as well We did talk about it briefly So uh uh again just to touch upon the problem statement once again workshop scenario right so that's what so in real in in real world your RCSA happens in a workshop style a workshop format where multiple stakeholders get together and brainstorm together and focusing on a particular entity uh and then they list down identify the risks involved and then they perform the assessment um for a bulk of risks along with all the stakeholders together so today because your risk is assessed one at a time uh you know it does not really mimic or uh the system and the actual thing in the real world doesn't u doesn't go hand in hand right so it becomes a two-step process where it first happens and then it keys gets keyed in the system so risk assessment project is our answer to the workshop style where we now giving you a construct which uh where the you know the project your risk assessment can be created as a project your can be created as a project and I will explain to you shortly how that is done as well where multiple risks can be scoped and then as and when the workshop progresses you could capture all the risks and uh you can perform the bulk RCC in real time So that's what the risk assessment project is all about So now who is this for this is for a risk assessment let's say a project owner or a facility who's responsible for moderating and managing risk assessment and you have assessor and you have a project approver as well Now let me rather than taking this slide let me quickly move to the next slide which actually explains the workflow of the discussment project So as you can see here there are three uh uh the three three key personas that are there The project owner the assessor and the approver So as a project owner I start and I create the assessment project by setting up context by adding the which entity So it could be again just to call out this could be a simple entity or it could be a composite entity as well right so it's like I said less disruptions everything else remains the same So I could say I set any entity here set the RAM risk which is risk assessment methodology and then I set define the stakeholders who are all the stakeholders that need to be part of this particular project and then I move on to what are the risks that needs to be assessed So I now as a project owner or facilitator set this up and then uh this is now ready for the assessment which means that any of the stakeholders that has been identified as part can now volunteer and then pick up this assessment as an assessor They go ahead and perform the assessment Uh so what is this validation here and and in a project scenario like I said there are multiple that are being assessed and once the multiple that are being assessed before the end before I could submit uh before the assessor could submit the project uh as a whole system helps you and assists you in performing quick validation to make sure that everything is covered all risks that are supposed to be assessed are assessed every factor is covered here or all the controls are being assessed it does a quick check so that you know we have not missed any mandatory elements there and then once that is done and it is successful the assessor goes and submits for approval and if it's not it again goes back so that the assessor can go ahead and then perform the and make sure that they correct the errors if there are if there are any and the approver receives the notification they check the we also expose something called as an assessment summary so that it gives a bird's overview as an approver I don't have to go ahead and then look at the actual risk assessment one at a time I can go to the quick report called a summary report take a look at that and then uh see what are the status of each of these risks It'll give you a quick glimpse and summary of that and that's why it's called as the assessment summary and then once I'm satisfied with that I can go ahead and approve it And just to call it out it can also be a multi uh you know a multi-level approval as well So it's it's all about configuration You end up configuring it It could be a simple simple single approval or a multi- approval as well And if I'm not satisfied as an approver it goes back to the assessor and then they perform the assessment and then you know the cycle repeats So that's a pictorial nice way to represent it which is what we're going to see in the demo as well This is a quick sneak peek of that and perhaps after this I see a lot of uh you know a lot of interest a lot of things perhaps after this I will u you know uh I'll I'll give a quick pause Emily for taking questions before the demo but let me first cover the sneak peek here first again before the demo here So what you see here is the stacked view as we call it for the risk assessment project So uh in this so this is the assessor view as an assessor uh I log in I see all the risks that are supposed to be assessed as part of this workshop on the left hand side in the navigation neatly arranged so I can go ahead and then perform all of this so this particular assessment as you can see here is not yet fully completed but it's almost ready for submission so you also see a place where I can add risks maybe as part of even though there is the scope was well defined maybe during the assessment workshop during the uh you know as an assessor I feel you know depending on how the you know stakeholders are discussing uh maybe there is a new risk that needs to be added which was not earlier covered a scope that's why we you know there is a way where I can go ahead and add risk as well I as opposed to that I can also go ahead and remove risk perhaps as uh perhaps the risk is no longer relevant in the context of that entity so I can go and remove risk as well so all such flexibility is built into this um like I said to mimic the real world workshop setting there are certain other benefits and features which I also like to which I like to call out uh are that um you know once the risk is submitted you know you get you get a flexibility to go ahead and perform a reassessment as well So in the future we will be supporting a scheduled form of reassessment As of now it is a manual form of reassessment but this it does give an option You also get to reassign this to a different assessor Let's say the assessor is no longer available or he's not uh is for at the moment or perhaps for the next couple of days for some reason uh as a pro as a project owner assessment project owner you get to reassign this well several other benefits which supports such u uh you know dynamic nature of assessment uh thereby so the biggest benefit here would be to reduce the time right so it's no longer two-step process for you so you will be able to mimic the real world uh of the workshop style assessment that's the biggest benefit for you anyway and which is what is called out in my next slide which is the benefit slide where these are the two benefits that I'd like to really call out where your basically the way we see it is faster we want to make sure that the process is faster How uh that's why I'm calling it as accelerated risk assessments where uh the the time to complete such an assessment because we are mimicking the real world workshop is going to we are expected it we are expecting it to drastically come down because it's no longer done in a separate set and then later on somebody comes and updates the system So it's a real-time way where somebody can go the assessor can go ahead and then update it as and when the risk RCS workshop progresses and then yes engaging user experience as well Um just to call out um uh user experience is always um something that we are interested to keep improving Uh but just to call this out so in a traditional risk assessment uh format if you see uh the for example the validation could be done step-by-step validation So preventing the uh preventing a uh so that's one of the reasons why it was not very well suited for an RCSA right and an RCSA given the fact that multiple stakeholders are involved that could be different ideas flowing in and capturing at different levels at different times So you so that's the reason we introduce the concept of validation which I will demonstrate to you as well which is a presubmission validation rather than a check done at every single time the SSL key is in data So these are uh um how do I say these are the talk mode two benefits which I'd like to call but before I jump to the demo u Emily is there any questions on board which I can answer We do have some questions um well I think we have time for two maybe three Um the first one is how is risk assessment project different from risk assessment scope both allow bulk launch of assessments Great question Great fantastic question See the yes it allows bulk launch of assessments In case of risk assessment scope what happens is that it launches individual assessments So I'm just going to backtrack here so that I go to the sneak peek So in this case the risk assessment project is one single assessment where you have you can assess multiple risks at the same time So in case of scope it is it is different assessments and in this case it's like I said like I said since we trying to mimic the workshop it is one single RCSA which covers multiple risks for you So that's I hope that answers the question right any question next one how do we determine ownership for composite oh that's composite entities my bad um is let's see can these risk assessments be done done parallelly without waiting for another risk to be assessments yeah that's the that's the intention parallel risk assessments right we want to make sure that once the uh once the risks scope as a particular uh from from an entity standpoint you get to like I was just explaining about that in the benefit slide as well So let's say for example in the in the in the in the brainstorming format uh I I'm talking about the first risk somebody first risk and then I get to jump or or somebody else in the room says hey you know what the way we can probably uh do a risk response which means I want to jump into the risk response side immediately here So it enables you to u uh uh gives you the flexibility to jump in from one risk to another risk So that that gives you the feel of as and when the uh meeting the the workshop meeting progresses you get to capture that in the system directly itself So yes the that's the bulk and parallel uh way where we can perform a risk assessment in the project construct Probably we can take one more question Emily and then I'll one does this tie to smart assessments engine That's a fantastic question but no not yet uh this does when you say Thai um uh um it's not let me put it this way this is the different assessment serving the serving specific nature of inherent control and residuals uh format of u an RCSA style of assessment your smart assessment is a much more generic way of assessment which can be put to use in different constructs as well so as of now at least we do not see them both uh as interchangeable assessments uh but like I said you never know what could happen in the future all All right great questions guys Keep them coming All right I'm going to quickly jump to the demo and I'm going to see if I can you know park a little bit more time for questions Uh you know back to composite be composite or others So let me see if I can quickly showcase you All right So um all right So so let me do one thing So in in the interest of time what I'll do is I already have a existing that's created All right So in this case what I've done is I'm creating a discussment project So I filled in I've already filled in the you know the the entity composite entity that I just created Like I said it could be the assible entity could be a composite entity it could be a simple entity as well So in this case I've already chosen the composite entity and I'm also choosing the riskman methodology here uh I can give the name as to what the project is all about describe it and then I get to choose the stakeholders here I might have missed to showcase one thing uh in the entity which I'm going to call it out right now um since I had my mind on the time as well So in the stakeholders here I will cover about that the compost entity which will also I'm guessing will answer one of the questions that is there in the as part of the questions here So in the stakeholders here when I'm actually assigning to some person we have multiple options here I can assign to user group and you also see something called as entity stakeholder This brings to that particular question I think somebody was was uh talking about which Emily uh point out a little bit is in case of compost entity what happens uh if there are multiple stakeholders So there is a concept called a entity stakeholders that we've in that we've included So we recognize that in such a compost entity the compost entity stakeholders as well So in this case I'm just going to quickly let's say choose the assessor uh my favorite table tutor and I can probably choose another assessor like I said I can choose one by one or like I said point pointed to a group So in this case I'm just choosing two I can I'm free to add any watch list users as well if I need and then I go to the scoping So the moment I click on next and go to the scoping what the system is going to do the system is going to bring in the existing risks that are already tied to the the composity KYC Canada right if there are any so in this case yes there are so many that are already there so and I I can feel free to add or I can feel feel free to remove it so those are all those are all possible from here so I can I can do all of that stuff so rather than doing that I think Okay So in the interest of time so I'm actually I'm actually so you need a role called as the risk assessment project owner for you to actually set up the project That's the reason I'm not able to see uh you know I'm not able to set up and scope the risk properly Uh that's because I for the for demonstrating the composity I had logged in as someone person but in the interest of time what I'm going to do is I'm going to quickly go let's assume that uh the project is now set up because once the scope is done the next step is your assessment Now I'm since since I've already logged in as able to do as an assessor I will go quickly and I can either go to the task or I can go in progress here So I'm making a small assumption that is already set up Now I'm going to quickly go to let's say my assessment Now let's assume that it is already scoped and set up and I get to click on open assessments here So as you can see here this is how it opens up So you have we already have three risks here uh that were identified as part of the uh project and I can go ahead and then perform the risk assessment since I'm now already part of the workshop here I can go ahead and then see the proceedings of the workshop and assess as it proceeds So some of the things I'd like to call out here is that if you see here have a new risk symbol here that's a you know that's a small icon that we made sure to provide which gives a tip to the to the assessor uh that hey you know what this particular uh risk is an emerging risk it's a new risk it was never assessed before so that's an indication towards that so I can go ahead and then fill in you know multiple details whether it's inherent control all of that and then when I'm U and I I can also let's say for example I let me showcase you that as well I also feel free to go ahead and then add a risk as well So maybe I as an assessor feel uh depending on the process of the RCA I feel that you know there are more multiple risks that needs to be added I can quickly click on add risks in which case if if there are more risks that are listed in the it will list out which I can add or I can go ahead and create one from the risk statement or I can create an ad hoc risk on the fly itself In addition to that I can also go ahead and then remove the risk as well in case I feel this is no longer relevant for me I don't have to do it I can do it right here I don't have to go back to the scoping step I don't have to depend on uh you know the risk assessment project owner who set up the project for me as an assessor do all of this because like I said I'm right now in the workshop I'm doing it as in think uh you know as when things move and since in such a meeting it can be really dynamic right So I can go ahead and then perform all of this the it system is going to showcase the progress of how many risks are assessed so far So far it says zero but I can go ahead and fill it in Now I'm going to quickly finish this assessment real quick and then I'm going to proceed for submission So let's see here So I'm going to finish this and probably in the interest of time I'm saying you know what I don't want any control assessment to be done right I can go ahead and then fill in all of this and I can say my response is let's say I want to accept this risk right so I go ahead and fill in different datas here but let's say when I when it's time for me to go ahead and make a submission I can do a quick validate check to see whether I have covered everything this is going to be done anyway when I'm attempting to submit it as you can see here system is cleanly calling me out saying that hey you know what there is probably something that you've not yet done so I can go and everything else is marked as done and this is not done it clearly highlights me this is on error and I also get the error details here we have introduced the new sidebar here which says to me saying that you know what what's the error there's a mandatory response please provide response for that particular factor now this is dynamic here in this case I only have one error but if let's say there are two or three errors here and other risks as and when I click on the other risk you will get to see the errors populated in the fact in in the on the right hand side panel as well so for now I'm just going to quickly finish this and yeah and I'm done and I'm ready to submit it so the moment I hit on submit you know I am I get an option as an assessor do I want to view the summary or do I want to confirm my submission so uh the summary view is something um something uh which is both useful for the assessor as well as in fact it is more useful for the approver as well where as an approver if I once after the submission that will happen once after the submission I get to see the summary statement it's going to clearly call out these are three or four risk or five risks that were part of the that were assessed It also the risks that were removed uh despite being scoped earlier and gives you a clear indication of these are inherent this is the this is how an inherent risk is rated This is the control effectiveness These are the key controls This is how it is rated So basically you get and and what the risk responses are as well So once this is uh you know once this is done the appro can go ahead and then basically approve uh this based on the summary itself So but for now I'm just going to click on it since I'm the assessor and confirming submission There you go So for now I actually set up in such a way that it is auto approved uh again in the interest of time But however uh like I said you could you are free to configure multiple levels of approval depending on what the risk is depending on what what the entity is all of that so uh it it could be a simple single level approval it could be multi level as well and that's an existing functionality that we've just reused here so that is in a nutshell how the risk assessment project is done there are also a couple of things that I'd like to point out and then probably I will wait I will you know I'll open the forum for questions here so what we took a look at right now is we saw the We we took a look at of how the risk assessment project owner sets up the assessment scopes the risk as part of the part of this one identifies the stakeholders relevant stakeholders and then this as a stakeholder I as in this case able tutor I logged in as able tutor just right this is how it happened now couple of other things which I can also show you is the ability to for example reassign we briefly spoke about reass reassignment as well so I'm I can feel free to select it this can be done by the project owner By the way I'm not going to do it because I'm still the assessor I may not have the right privileges to do that but uh this uh I can select it and there you go You see I see a reassign uh uh button here And the moment I click it system is going to ask me to fill in okay who is the new assessor i can do that as well This is sort of a bulk reassignment functionality in the construct of a project And the other thing which I like to also point out is the feature of reassessment uh as well So if I click on this and I have now the option to perform a reassessment So I can so I can click on reassess Maybe I can choose what is the reason for reassessment is a periodic reassessment is a change in exposure perhaps a periodic risk assessment In the future like I said it will be driven by schedules but for now uh like I said it's manual So I'm going to choose this as a reason and I'm hitting on confirm Now on I confirm it what system is going to do is system is going to copy over all previously done assessments and it's going actually it's going to give you give me an option uh to to copy over as well You will see that and then one with that opt So as you can see here it is now created a new project with all the risks that were previously assessed right and I get to say you know what I get to confirm that saying yes I I mean I can again system is checking with me so that whether is this this is what you want to reassess I am the I believe I'm the assessor I can hit an open assessment and yes So the moment I hit on let's get started here it's going to give me an option do you want to copy previous discussment responses as well So if I hit yes if I hit no it's like a typical um uh initial assessment that gets triggered but if I hit yes system is going to copy over previously done assessment responses and then immediately populate it for me and if you see the beauty of it it's first immediately populating the first one This is how we manage performance and then it keeps making the you know uh the first risk editable for me so that I can start working on it again things that we pay attention to so that the lives of the SSS are much easier rather than loading everything we load the first one so that you can immediately start working on the on the risk So there you go that's the functionality of how previous responses have been copied over Now it's all about me as an assessor going and then checking whether things are okay If not I clear it I populate the right response and basically repeating the same step of submitting Uh so that's the workflow of risk assessment project Uh this was a super fast demo I know but I I'm really excited to answer some of the questions as well So um uh Emily we can probably take a couple of questions in this construct and if there is something Oh yeah there is one other thing which I want to call out So oh Harvey well we lost you there for a second Could you repeat what you just wanted to call out yeah Yeah I I wanted to call out one other thing which I missed to showcase earlier in the context of uh uh entities in the ahead and then I just want to make sure that I cover all aspects in this demo like I said So if I go ahead and then choose this there you go So to the question of how will we identify multiple stakeholders because that could be multiple representation from compass entity I could go to the stakeholder tab here I can probably it is loading I can probably feel Yeah there you I have a stakeholders tab here We have enabled the stakeholders tab where you can identify multiple stakeholders which can be part of this particular entity Now that's the thing I thought I missed to um point out which I did Now Emily let's open it up So uh I'm excited to answer any questions both from composite entity standpoint as well as discuss from project standpoint Awesome Thank you so much What a great demo I'm really really excited about these things and it looks like a lot of people are really excited about these too Um first up let's see Can the presenter show the process flow again for a minute so I believe this is the um the assessments flow build out this one Assuming I'm assuming this this one Thank you All right Um next one is uh going back to composite entities do you need to include business process in the composite entity by going with location company and making risks linked to business processes in the composite entity This gives the process lens but ensures we don't have composite entity explosion No it depends See it really depends on see it's all conf it's a configurable construct right so it really depends on the risk it depends on the business need uh because the framework is generic you get to choose whether you need the process as part of the composite identity class or not so the flexibility is there with you you are uh you are all powerful so you can define you have the control to define what should be part of the compost identity and what should not be great um next up how do we determine ownership for composite entities I understand this may vary from org to org but any guidance you can provide would be appreciated Yeah Yeah I think I already answered this question Uh I anticipated the question which is what I wanted to make sure that I showcased in the last So uh in a typical entity yes we have just the um uh you know risk the entity owner but what we did and this is not just for composted entity by the way this is therefore a regular entity as well which we've enhanced that we've brought in the concept of stakeholders uh so that whether it's a compost entity or a regular entity from uh from this release onwards you'll be able to add additional um um you know representatives from different various functions So in case of especially in case of compostity if you feel the need of having multiple stakeholders you can get to do that using the stakeholders thing that I showcased I hope that excellent thank you Is there a specific step required to group the assessments in place of presenting individual risks to stakeholders for signoff uh I I I lost you there a bit Is there a specific Can you repeat that question again is there a specific step required to group the assessments in place of presenting individual risks to stakeholders for signoff i'm assuming this the context is the risk assessment project Uh yeah And is there a specific step to group the assessments for sign off so I'm assuming that you're talking from an approval standpoint Uh so um so as of now we there is no specific way where you can order it or group it as of now Uh but then I like the thought process we can um uh so as of now the way if I go back to the yeah this is the sneak peek So it is more of a stacked view that's what we're calling it So you don't group this within this view It's a stacked view right here And this is the same view which will be presented to the approver as well The only additional thing the apper gets is the view summary where as as I showcased in the demo they get to see a quick sneak peek of these are the risk how these have been assessed what are the risks that were newly added what newly removed before the approer can provide their sign off there right there So there's no such additional grouping there But yeah I'm um excellent All right we have three minutes left for this session So thank you so much everyone for all of the great questions today if we did not get to your question Um please reach out to us We want to make sure that we get all these questions answered for you um and schedule some time with our team if you want to learn more about um these features that we went through today Um so Hari if you could go to uh the next couple of slides Excellent Thank you so much And so before we end the call uh if you do want to learn more about our riskmanagement capabilities don't hesitate to contact us Visit our website where you can learn more about our GRC portfolio of products Check out the community for additional information and assets to get the most out of your Service Now investments And visit our YouTube channel Um our playlist will have this session's recording available in the next 48 hours as well as the recordings from our previous uh upcoming store sess previous and upcoming store release sessions You can also visit the community to register for all of our upcoming webinars next And speaking of our community sorry little sneak peek there for you We uh scan this QR code and you can will be taken immediately to the GRC community This is going to be one-stop shop for all things risk So you definitely want to bookmark it You can access onboarding kits assets to help you with your implementation planning training resources release notes and more So uh you can also get information on our upcoming workshops webinars and more live events to learn more about risk So definitely want to check that out Next And then speaking of our events um make sure that you join us for Knowledge 25 in Vegas just a couple of months away Knowledge is our exclusive in-person user event where you can explore new innovations and gain practical guidance from thought leaders and customers Expand your knowledge with hands-on training labs and interactive sessions as well as network with other industry professionals Registration is almost full So if you want to join us in Vegas make sure that you register today Next and if you can't join us in Vegas um save the date for our risk and security conference in Santa Clara in October Join us for a deep dive into our risk and security solutions hear from industry experts peers and product experts to learn how you can transform your risk and security programs Uh registration is open seats are limited so make sure that you register soon to save your seat And with that we'll wrap up today's session Thank you so much for joining us today and spending part of your day with to learn more about our risk management capabilities Um you should receive a survey It only takes a couple of seconds So we want to make sure uh we hear from you on how we did today Um we also use this to improve sessions like this as well as create uh sessions with future future sessions on topics that you're interested So thank you again for joining us Have a great rest of your day and we'll see you