Streamlining the supplier risk assessment workflow

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Streamlining the Supplier Risk Assessment Workflow

    This content outlines enhancements to the supplier risk assessment workflow within the Third-Party Risk Management (TPRM) system, aimed at improving efficiency for procurement specialists. The updates reduce manual processes and facilitate better tracking of supplier assessments through an integrated system, eliminating the need for external communications such as emails or meetings.

    Show full answer Show less

    Key Features

    • Due Diligence Playbook: Streamlines the process of tracking risk assessments and reduces the need for multiple clicks to update tasks.
    • Auto-triggered Supplier Cases: When a sourcing request enters the Qualification needed state, a due diligence case is automatically created, allowing the risk team to take over the workflow seamlessly.
    • Simplified Communication: Procurement specialists can manage tasks within the system, avoiding the need to check for updates externally.
    • Tiering Assessment Process: After submission by the supply manager, the tiering questionnaire status changes to Awaiting response, and the supplier can complete their risk assessment via the Supplier Collaboration Portal.
    • Supplier Lifecycle Operations Integration: Depending on whether suppliers are new or existing, the system creates Due Diligence Requests (DDRs) accordingly, streamlining onboarding and assessment processes.

    Key Outcomes

    By implementing these improvements, ServiceNow customers can expect:

    • Increased efficiency in managing supplier risk assessments.
    • Reduced reliance on manual updates and external communications.
    • Enhanced tracking capabilities for supplier qualifications and assessments.
    • Streamlined onboarding processes for both new and existing suppliers.

    Customers can leverage the due diligence playbook and TPRM capabilities to ensure a smooth and efficient workflow in supplier risk management.

    As procurement specialists, track activity on the Third-Party Risk Management (TPRM) records, and update and make changes to the sourcing requests and purchase requests based on the final risk rating.

    With the due diligence playbook for due diligence case types, procurement specialists no longer need multiple clicks to manually update any tasks that they need to complete during the different stages of the supplier risk assessment workflow. They no longer need to open the supplier tiering assessment and risk assessment cases that get auto-triggered whenever there’s a need for supplier qualification. With the TRPM capabilities, when a sourcing request is added to a sourcing event, in the Qualification needed state, a supplier case of type due diligence is triggered to address risk assessments. The risk team is responsible for the workflow after the due diligence is triggered.

    With this due diligence playbook, procurement specialists, sourcing managers, and procurement managers no longer need to handle these activities outside the system through emails, phone calls, or weekly zoom meetings with the risk team. There’s no need to check for any updates from the tiering assessor and update them back to their own working records. They’re also relieved from remembering or finding the appropriate records to update when the risk assessment is complete.

    The tiering assessor must complete the tiering questionnaire after the supply manager submits the tiering questionnaire. The state of the tiering assessment questionnaire changes to Awaiting response.

    The supplier contact completes the risk assessment from the supplier collaboration portal. For more information on this, see Complete a risk assessment from the Supplier Collaboration Portal.

    Note the following scenarios:
    • When Supplier Lifecycle Operations is installed, and the supplier is new, the Due Diligence Request (DDR) is created in Supplier Lifecycle Operations as a supplier case, and the due diligence case is taken care of through the onboard a supplier case.
    • When Supplier Lifecycle Operations is installed, but the supplier is old and already onboarded, the DDR is created as a procurement case.
    • When Supplier Lifecycle Operations is not installed, irrespective of whether the supplier is old or new, the DDR is created in Sourcing and Procurement Operations as a procurement case.
    For information on how Supplier Lifecycle Operations similarly assesses suppliers during the onboarding process, see Minimize risk by assessing suppliers during the onboarding process. For detailed information on the supplier onboarding playbook, see Use the supplier onboarding playbook to onboard suppliers.

    For information on how to configure TPRM, see Configuring Third-party Risk Management. For detailed information on the due diligence workflow, see Due diligence workflow.