Playbook stages and activities when Third-party Risk Due Diligence is installed

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Playbook Stages and Activities When Third-party Risk Due Diligence is Installed

    This guide outlines the stages and activities involved in performing risk assessments when the Third-party Risk Management (TPRM) module is installed. It provides a structured approach for supplier managers and fulfillers to manage due diligence cases effectively.

    Show full answer Show less

    Key Features

    • Review Case: Assign or keep the case assigned, update descriptions, and initiate work.
    • Update Case: Change the state of the due diligence case to "work in progress."
    • Create Request: Check installation status of TPRM, identify duplicate requests, and initiate new due diligence requests by filling in necessary supplier and engagement information.
    • Assess Risk: Monitor the approval status of Initial Risk Questionnaires (IRQ) and due diligence processes.
    • Review Risk Rating: Evaluate and either accept or reject the supplier's risk rating, with actions leading to further processes if rejected.
    • Close Case: Notify requesters of approval, add closing comments, and mark the case as completed.

    Key Outcomes

    By following these stages, ServiceNow customers can ensure thorough risk assessment of third-party suppliers, streamline communication, and maintain compliance with risk management protocols. Successful completion of these activities leads to informed decision-making and enhanced supplier risk management.

    The following table lists the Perform risk assessment playbook stages and activities when Third-party risk Due Diligence is installed.

    Table 1. Perform risk assessment playbook stages and activities
    Stage Activity Activity Details
    Review case Assign case As a supplier manager or fulfiller, you can use this activity to assign the case to a different person or keep the case assigned to you.

    You can do the following:

    • In the Assigned to search field, search for and select the person that you want to assign the case to.
    • In the Short description field, update the description for the case.
    • Select one of the following actions:
      • Select Save to save your changes.
      • Select Start work to start working on the case.
    Update case to work in progress

    Updates the state of the due diligence case to work in progress.
    Create request Check if TPRM is installed Checks if the TPRM plugin is installed.
    Check for duplicate due diligence (risk assessment) requests Reviews existing due diligence requests for this supplier.
    You can do the following:
    • Cancel: If there's an existing due diligence request, you can select this option to cancel this due diligence case.
    • Create new request: Creates a new due diligence request.
    Create due diligence request Do the following:
    • Under Options, select Onboard a new engagement.
    • In the Third party field, select the supplier.
    • Fill in the required fields in the following sections:
      • Third-party information
      • Third-party address
      • Engagement information
      • Engagement address
      • Engagement primary contact
    • Select Submit.
    Check the status of the due diligence request Waits for initial approval on the due diligence request and the risk process to start. Select View record to view the due diligence request.
    Assess risk Waiting on IRQs to be completed Waits for the approval of the IRQs and the due diligence to start.
    Waiting on the due diligence to be completed Waits for the due diligence to be completed and the formal review process to start.
    Waiting on the due diligence to be reviewed and approved Waits for the due diligence request to be reviewed and approved.
    Review risk rating Accept or reject risk ratings Review the risk rating of the supplier and choose to accept or reject the risk rating.

    Available actions:

    • Accept
    • Reject

      If you select Reject, the playbook opens the Rejection stage.
    Close case Notify the requester that the request has been approve Available actions:
    • Send email: Sends an email to the requester, informing them that the case has been approved.
    • Skip: Skips this activity.
    Close case Add closing comments to complete the case.

    In the Close notes field, add your comments and select Close case.

    The state of the due diligence case is updated to Closed completed.