Playbook stages and activities when Third-party Risk Due Diligence is installed

  • Release version: Washingtondc
  • Updated June 13, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Playbook Stages and Activities When Third-party Risk Due Diligence is Installed

    This document outlines the stages and activities involved in the "Perform Risk Assessment" playbook when Third-party Risk Management (TPRM) is installed in ServiceNow's Procurement Workspace. It is essential for suppliers and risk managers to understand these steps to effectively manage third-party risks during the supplier lifecycle.

    Show full answer Show less

    Key Features

    • Review Case: Assign the case to a specific person or keep it assigned to yourself, and update the case description.
    • Update Case: Change the status of the due diligence case to 'work in progress'.
    • Create Request: Check if TPRM is installed, look for duplicate requests, and create a new due diligence request for a supplier.
    • Assess Risk: Monitor the approval process of Initial Risk Questionnaires (IRQ) and the overall due diligence process.
    • Review Risk Rating: Accept or reject the supplier's risk rating based on the assessment.
    • Close Case: Notify the requester of approval and add closing comments to finalize the case.

    Key Outcomes

    By following these stages, ServiceNow customers can efficiently manage due diligence for third-party suppliers, ensuring that risk assessments are thorough and that necessary approvals are obtained. Ultimately, this structured approach aids in minimizing potential risks associated with supplier engagements, leading to informed decision-making and improved supplier management practices.

    The following table lists the Perform risk assessment playbook stages and activities when Third-party risk Due Diligence is installed.

    Table 1. Perform risk assessment playbook stages and activities
    Stage Activity Activity Details
    Review case Assign case As a supplier manager or fulfiller, you can use this activity to assign the case to a different person or keep the case assigned to you.

    You can do the following:

    • In the Assigned to search field, search for and select the person that you want to assign the case to.
    • In the Short description field, update the description for the case.
    • Select one of the following actions:
      • Select Save to save your changes.
      • Select Start work to start working on the case.
    Update case to work in progress

    Updates the state of the due diligence case to work in progress.
    Create request Check if TPRM is installed Checks if the TPRM plugin is installed.
    Check for duplicate due diligence (risk assessment) requests Reviews existing due diligence requests for this supplier.
    You can do the following:
    • Cancel: If there's an existing due diligence request, you can select this option to cancel this due diligence case.
    • Create new request: Creates a new due diligence request.
    Create due diligence request Do the following:
    • Under Options, select Onboard a new engagement.
    • In the Third party field, select the supplier.
    • Fill in the required fields in the following sections:
      • Third-party information
      • Third-party address
      • Engagement information
      • Engagement address
      • Engagement primary contact
    • Select Submit.
    Check the status of the due diligence request Waits for initial approval on the due diligence request and the risk process to start. Select View record to view the due diligence request.
    Assess risk Waiting on IRQs to be completed Waits for the approval of the IRQs and the due diligence to start.
    Waiting on the due diligence to be completed Waits for the due diligence to be completed and the formal review process to start.
    Waiting on the due diligence to be reviewed and approved Waits for the due diligence request to be reviewed and approved.
    Review risk rating Accept or reject risk ratings Review the risk rating of the supplier and choose to accept or reject the risk rating.

    Available actions:

    • Accept
    • Reject

      If you select Reject, the playbook opens the Rejection stage.
    Close case Notify the requester that the request has been approve Available actions:
    • Send email: Sends an email to the requester, informing them that the case has been approved.
    • Skip: Skips this activity.
    Close case Add closing comments to complete the case.

    In the Close notes field, add your comments and select Close case.

    The state of the due diligence case is updated to Closed completed.