Notifications

199 views

Description

Change Risk Assessment uses a sum of actual values, incorrectly not multiplied by each question's weight. This is because 'Survey & Assessment V2' does not offer that same formula for calculation as 'Survey & Assessment V1'.


Steps to Reproduce

1. Change the weight value of some of the questions in a Change Risk Assessment to something higher than 1 (note that demo data ships all weight values as 1).

2. Complete a Risk Assessment. Notice the calculated normalized value is not the sum of the actual values multiplied by the weighted values.


Workaround

This problem has been fixed. If you are able to upgrade, review the Fixed In section to determine the latest version with a permanent fix your instance can be upgraded to.

Before the fixing patch, the Script Include "ChangeRiskAsmtSNC" (sys_id=c4dfd08ed7033200532c24837e6103d8) contained a function that should calculate the weighted composite score, but instead calculates the sum of the actual values. As a workaround, to have the same behavior as the Legacy Change Management Risk Assessment, the correct function listed below should override in the other Script Include "ChangeRiskAsmt" (sys_id=884c5254d7233200532c24837e61032c). Once Survey & Assessment V2 provides the correct formula with the official patch, the workaround will need to be backed out.
	calcAsmtScore: function(asmtInstanceId) {
		var score = 0;
		var ga = new GlideAggregate(this.ASMT_METRIC_RESULT);
		ga.addActiveQuery();
		ga.addAggregate("SUM", this.NORMALIZED_VALUE);
		ga.addQuery(this.INSTANCE, asmtInstanceId);
		ga.addNotNullQuery(this.NORMALIZED_VALUE);
		ga.addQuery(this.NORMALIZED_VALUE, ">=", "0");
		ga.groupBy(this.INSTANCE);
		ga.query();
		if (ga.next())
			score = ga.getAggregate("SUM", this.NORMALIZED_VALUE);

		if (this._log.atLevel(global.GSLog.DEBUG))
			this._log.debug("[calcAsmtScore] score: " + score);

		return score;
	},



Related Problem: PRB1361188

Seen In

SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - ITOM - CMDB CI Class Models - 201907
SR - ITOM - CMDB CI Class Models - 201909
SR - ITOM - Discovery and Service Mapping - 201908
SR - ITOM - Discovery and Service Mapping - v1.0.35
SR - ITOM - Fundamentals Istanbul Jakarta Kingston r1 - v5.99.6
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - ElasticSearch Integration - Madrid 2019 Q1
SR - SIR - Palo Alto WildFire Integration - New York 2019 Q3
SR - SIR - RecordedFuture Integration - New York 2019 Q3
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response PA Content - New York 2019 Q3
SR - SIR - Security Incident Response UI Patch - London 2019 Q2 v.6.2.3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - SIR - VirusTotal Integration - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3

Fixed In

Madrid Patch 9
New York Patch 3
Orlando

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-06-08 01:38:51
Published:2020-06-08