Instead, I can immediately see the correct people responsible for taking action on the security and IT teams. The ServiceNow IRM risk management application also automatically calculates the risk score, taking into consideration the threat and the potential loss if we leave it unaddressed. For this particular threat, the risk score is high, and the calculated average loss expectancy (ALE) is almost $14M. If the calculations were within our predefined risk threshold of $8M, I could accept it. In this case, the level of risk is unacceptable, and I need to act. I can see this vulnerability has been active for two weeks. By clicking on the indicator9s related list, I can also identify which device has the unpatched vulnerability. A combination of continuous risk monitoring capabilities for essential business services and out-of-the-box risk indicators from ServiceNow helped us spot the risk. Looking at my controls list, I can see that