Tracking a managed activity

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tracking a managed activity

    In the Third-party Risk Management application, you can track and verify managed activities using the Usage analytics activities [snvdrriskasmtuaactivity] table. Each engagement consumes only one license per contract year, regardless of the number of managed activities involved. Managed activity usage counts only when an activity is initiated, but activities related to onboarding a new third party (a company not existing in the corecompany table) are excluded from managed activity counts.

    Show full answer Show less

    Managed activities include:

    • Inherent Risk Questionnaires (IRQ) with status "Awaiting response"
    • Tiering assessments with questionnaires "Awaiting response"
    • Third-party risk assessments with questionnaires "Submitted to third party"
    • Creation of tasks or issues related to third-party risk assessments

    Assessments automatically created and later recalled by event-driven management rules are not counted as managed activities unless they are submitted to the third party. Cancelled assessments are still counted as managed activities.

    Using the Usage Analytics Activities Table for Verification

    The Usage analytics activities table logs each managed activity occurrence and is read-only. Records older than two years are archived automatically. Access to this table requires the Third-party assessment reviewer [snvdrriskasmt.vendorassessmentreviewer] role. You can access it via: All > Third Party Risk Management > Administration > Managed Activity Analytics.

    The table captures key details such as:

    • Created: Date and time of the activity
    • Activity: The related record
    • Activity type: Type of managed activity (tiering assessments, internal assessments, third-party risk assessments, issues, tasks)
    • Applies to: Whether the activity applies to the third party or engagement
    • Third party: Related third-party organization
    • Engagement: Related engagement
    • Status: Current state of the activity (Tracked or Recalled)

    Note that while calculated risk scores updated by assessments are considered managed activities, they are not logged in this table. Similarly, score updates from risk intelligence providers are not tracked as managed activities.

    View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.

    Overview of managed activities

    You can track and verify managed activities in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated.

    Activities that are associated with a new third party going through the due diligence onboarding workflow aren’t counted as managed activities. In this context, a new third party is defined as a company that is not in the Company [core_company] table.

    If any of the following activities aren’t related to a new third party going through the due diligence onboarding workflow, they’re counted as managed activities:

    If a third-party risk assessment or due diligence request is automatically created by an event-driven management rule and later recalled, it isn’t counted as a managed activity. An assessment that is related to an event-driven management rule can be recalled up until the time that it’s submitted to the third party. For more information, see Event-driven management — automate assessment processes.
    Note:
    If an assessment isn’t related to an event-driven management rule, you can't recall it and it’s counted as a managed activity. If an assessment is canceled, it’s still considered as a managed activity.

    Using the usage analytics activities table for verification

    The usage analytics activities table stores a record every time a managed activity occurs. This table is read only. Records that are two years or older are automatically archived. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table.

    You can access the Usage analytics activities table by navigating to All > Third Party Risk Management > Administration > Managed Activity Analytics.

    The following example and table show the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    Figure 1. Usage analytics activities table
    Usage analytics activities table with sample data.
    Table 1. Usage analytics activities
    Field Description
    Created Date and time that the activity occurred.
    Activity Record that is related to the activity.
    Activity type Managed activities that can be associated with tiering assessments, internal assessments, third-party risk assessments (TPRA), issues, and tasks.
    Applies to
    • Third party: The activity applies to the parent third-party organization.
    • Engagement: The activity applies to the engagement.
    Third party Third party that is related to the activity.
    Engagement Engagement that is related to the activity.
    Status State of the activity:
    • Tracked: The activity is logged.
    • Recalled: The activity was recalled by a user after it occurred.
    Note:
    The calculated risk scores that are updated by assessments are managed activities. However, they aren’t logged in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table. The score updates from the risk intelligence score providers aren’t managed activities. For more information on the risk intelligence scores, see Viewing risk intelligence scores.