Monitoring the due diligence request process

  • Release version: Xanadu
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring the due diligence request process

    TPR managers and admins use the due diligence management dashboard to monitor and manage all stages of due diligence requests, including IRQs, external due diligence, approvals, contract risk, and closed requests. Each due diligence request is automatically assigned a unique DDR ID for easy tracking. The Due diligence management page, accessible from multiple locations, opens to the Details tab where critical information and updates on requests can be viewed and managed.

    Show full answer Show less

    Key Features

    • Details Tab: View and update third-party due diligence information, log internal and external comments, attach files, and track updates in the activity stream.
    • IRQ Process Monitoring: After engagement approval, start the Internal Risk Questionnaire (IRQ) process to assess third-party risk scores.
    • External Due Diligence: Access external assessments via the VRA number to evaluate third-party risk externally.
    • Approval Process: Monitor approvers and their actions, including approval levels and decisions.
    • Risk Intelligence Scores: View third-party risk intelligence scores provided by external services with drill-down capabilities.
    • Contract Risk Process: Manage contractual provisions to mitigate identified risks, typically handled by corporate counsel.
    • Unique ID Numbers: Automatically assigned to requests and tasks for easy searching and filtering.

    Practical Actions on Due diligence Requests

    • Start onboarding: Initiate the due diligence process for requests in the New state.
    • Discuss: Send messages to other users, recorded in the activity stream.
    • Save: Save any changes made on any tab.
    • Delete: Remove engagement request records if necessary.
    • Compose Section: Add permanent internal work notes (private) and comments visible to both internal users and third-party contacts.
    • Attachments: Add relevant files to support the due diligence request.

    Benefits for ServiceNow Customers

    This process enables ServiceNow customers to efficiently track and manage all due diligence activities in a centralized platform. It ensures clear visibility into risk assessment stages, approvals, and contract risk management, helping organizations mitigate third-party risks effectively. The automatic ID assignment and detailed activity tracking facilitate audit readiness and collaboration among stakeholders.

    TPR managers and TPR admins can perform a wide variety of tasks from the due diligence management dashboard. They can work on all processes in the workflow for a due diligence request: IRQs, external due diligence, approval, contract risk, and closed requests.

    For each due diligence request, the system auto-assigns a unique ID number that starts with the text DDR. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. The page opens to the Details tab. Typically, you start from the TPRM Home page.

    Due diligence request details for the third party.

    Monitoring processes from the request management page

    Viewing basic information about a request on the Details tab

    From the Details tab, you can view and adjust the due diligence request information for a third party. You can also log external-facing comments and private work notes, attach files, and track request updates in the activity stream. See Due diligence request process management.

    Monitoring the IRQ process

    The first internal step after an engagement request is approved is to start the IRQ process to scope the risk by determining the third party's risk score. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. See IRQ process management.

    Monitoring the external due diligence process
    Select a VRA Number to open the external assessments page in the Due diligence management page. See Third-party (external) risk assessment management.
    Monitoring the approval process

    You can view the list of users who can approve or reject a DD request and also view the details of their approval actions. In addition, you can view the approval levels for a request. See Approval process management.

    View the risk intelligence scores for a third party

    The information on the Risk intelligence scores tab comes from risk intelligence provider services. Select any link to drill into the settings and scores. See Viewing risk intelligence scores.

    Monitoring the Contract risk process
    Protect your organization's interests, as the Third-party risk contract negotiator, often the corporate counsel, by incorporating specific contractual provisions so that you can address the risks identified using the Third-party Risk Management application. See Accessing DD requests that are in the contract risk process.

    Actions on the Due diligence management pages

    Tip:
    When you create (or the system generates) a new record (for example, a request for due diligence or a task), the system auto-assigns a unique ID number that helps to identify the type of data in the record. You can use the ID number to search for or filter the item you want to work on. See Unique ID numbers for TPRM records.
    Table 1. Actions
    Action Description
    Start onboarding For requests in the New state, this button enables the TPR manager to start the process.
    Discuss Select Discuss to send a message to other users. The message is recorded in the Activity section of the Details tab.
    Save Select Save to save any change you made to a value on any tab.
    … Delete Select Delete to delete the record of the engagement request.
    Working in the Compose section
    The Compose section on the Details tab enables you to permanently add text to the record. The Activity section is updated with any actions on issues and tasks, submissions to TP contacts, and also with work notes and comments that users add to the record. Add text in the following fields as needed:
    • Work notes (Private): Information about the third-party risk assessment. Work notes are visible only to internal users who are assigned to the process.
    • Comments: Comments about the third-party risk assessment are visible both to internal users and to third-party contacts.
    Adding an attachment

    Select Browse in the Attachments section to select and add an attachment.