Assessing and Monitoring Compliance Risks During Third-Party Due Diligence

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Integrating Policy and Compliance Management with Third-party Risk Management dynamically updates compliance status based on third-party questionnaire responses, improving visibility and enabling risk-informed decisions.

    Combined benefits of integrating Policy and Compliance Management with Third-party Risk Management

    Use these applications together to:

    • Evaluate compliance risk during onboarding and ongoing third-party engagements.
    • Update compliance status automatically based on questionnaire responses.
    • Combine compliance and risk data for more complete risk scoring.
    • Enable collaboration between compliance and risk teams to mitigate issues quickly.
    Feature Policy and Compliance Management Third-party Risk Management All applications together
    Create policies and controls Yes No Yes
    Continuously monitor compliance and control changes Yes No Yes
    Third-party risk due diligence No Yes Yes
    Risk intelligence No Yes Yes
    Risk scoring and monitoring No Yes Yes

    Workflow for Policy and Compliance Management integration with Third-party Risk Management

    Using these applications together provides the following benefits:

    • Evaluate compliance risk when onboarding third parties and engagements.
    • Leverage combined compliance and risk data for better decision-making.
    1. Compliance Manager creates and manages policies, control objectives, and controls.
    2. TPR Assessor initiates external risk assessments for third parties and engagements.
    3. The third party completes the assessments.
    4. Responses update compliance status dynamically.
    5. TPR Assessor evaluates risk based on updated compliance status and other assessment data.
    6. Compliance Manager and TPR Assessor collaborate to mitigate identified risks.
    Hinweis:
    Direct mapping of control objectives to Smart Assessment Engine questions is not supported; compliance updates occur through post-assessment actions.

    Requirements for integration

    Install the following plugins:

    1. Third-party Risk Management (com.sn_vdr_risk_asmt)
    2. Due Diligence Request Workflow (com.sn_tprm_dd)
    3. Policy and Compliance Management (com.sn_compliance)

    Get started with integration

    Complete these tasks:

    1. Create a policy (Create a policy using the Compliance Workspace).
    2. Create control objectives and controls (Create a control objective using the Compliance Workspace and Create a control using the Compliance Workspace).
    3. Add controls to third parties, engagements, and questions ( and ).
    4. Create and submit a due diligence request (Request due diligence for a third-party engagement).
    5. Approve request → IRQ sent to TPR Assessor.
    6. TPR Assessor completes IRQ → due diligence begins.
    7. Due diligence creates two risk assessments (third-party and engagement).
    8. Third party completes questionnaires → TPR Manager reviews (Assessing your third-party risk).
    9. Compliance Manager and TPR Assessor collaborate to mitigate risks based on:
      • Updated compliance status from responses.
      • Risk scores and assessment data.
      • Insights from due diligence.