Tracking a managed activity

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tracking a Managed Activity

    The Tracking a Managed Activity feature allows users to monitor and verify managed activities within the Third-party Risk Management application through the Usage analytics activities table. Each engagement uses only one license, regardless of the number of managed activities associated with it. Activities related to new third parties in the due diligence onboarding workflow are not counted as managed activities.

    Show full answer Show less

    Key Features

    • Managed activities include:
      • An Inherent Risk Questionnaire (IRQ) with a status of Awaiting Response.
      • A tiering assessment with a questionnaire also marked as Awaiting Response.
      • A third-party risk assessment with a status of Submitted to Third Party.
      • The creation of tasks or issues for third-party risk assessments.
    • Activities cancelled or recalled are still considered managed activities, except for those related to event-driven management rules.
    • The usage analytics activities table is read-only and automatically archives records older than two years.
    • Access to this table requires the Third-party assessment reviewer role.

    Key Outcomes

    By utilizing the Usage analytics activities table, ServiceNow customers can track the status and type of managed activities effectively. This ensures improved verification processes and better management of third-party risks, leading to more accurate assessments and compliance with risk management protocols.

    View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.

    Overview of managed activities

    You can track and verify managed activities in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated.

    Activities that are associated with a new third party going through the due diligence onboarding workflow aren’t counted as managed activities. In this context, a new third party is defined as a company that is not in the Company [core_company] table.

    If any of the following activities aren’t related to a new third party going through the due diligence onboarding workflow, they’re counted as managed activities:

    If a third-party risk assessment or due diligence request is automatically created by an event-driven management rule and later recalled, it isn’t counted as a managed activity. An assessment that is related to an event-driven management rule can be recalled up until the time that it’s submitted to the third party. For more information, see Event-driven management — automate assessment processes.
    Note:
    If an assessment isn’t related to an event-driven management rule, you can't recall it and it’s counted as a managed activity. If an assessment is canceled, it’s still considered as a managed activity.

    Using the usage analytics activities table for verification

    The usage analytics activities table stores a record every time a managed activity occurs. This table is read only. Records that are two years or older are automatically archived. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table.

    You can access the Usage analytics activities table by navigating to All > Third Party Risk Management > Administration > Managed Activity Analytics.

    The following example and table show the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    Figure 1. Usage analytics activities table
    Usage analytics activities table with sample data.
    Table 1. Usage analytics activities
    Field Description
    Created Date and time that the activity occurred.
    Activity Record that is related to the activity.
    Activity type Managed activities that can be associated with tiering assessments, internal assessments, third-party risk assessments (TPRA), issues, and tasks.
    Applies to
    • Third party: The activity applies to the parent third-party organization.
    • Engagement: The activity applies to the engagement.
    Third party Third party that is related to the activity.
    Engagement Engagement that is related to the activity.
    Status State of the activity:
    • Tracked: The activity is logged.
    • Recalled: The activity was recalled by a user after it occurred.
    Note:
    The calculated risk scores that are updated by assessments are managed activities. However, they aren’t logged in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table. The score updates from the risk intelligence score providers aren’t managed activities. For more information on the risk intelligence scores, see Viewing risk intelligence scores.