Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time?

In ServiceNow IRM, risk records move through stages as you plan, implement, and track treatments. After a risk response is proposed, it must be reviewed to ensure the controls will effectively reduce exposure and that timing is right. The role responsible for that review and for deciding when to start ongoing oversight is the Risk Manager. This person oversees risk responses, ensures the mitigation aligns with policies and stakeholder expectations, and authorizes moving the record into the Monitor state so monitoring of controls and risk indicators can begin. The Risk Owner is typically accountable for the risk and its execution, but the governance action of advancing to monitoring lies with the Risk Manager. Other roles like Risk Reader or Risk User are generally limited to viewing or basic interaction and don’t handle state transitions or monitoring responsibilities. Monitor state marks the start of ongoing tracking of control effectiveness and residual risk.