Vendor Risk Overview reports — Legacy view
Summarize
Summary of Vendor Risk Overview reports — Legacy view
The Vendor Risk Overview reports provide insights into third-party risk management within the Governance, Risk, and Compliance framework. As of version 18.1.3 of Third-party Risk Management, the Vendor Risk Overview dashboard is deprecated and replaced by third-party risk reports available in the Vendor Management Workspace.
Show less
Key Features
The Vendor Risk Overview consists of two main tabs: Vendor and Engagement, each containing various reports that help track and manage third-party risks effectively.
Vendor Tab Reports
- Total Vendors: Displays the total number of third parties.
- Open Tiering Assessments: Shows the count of third parties with active tiering assessments.
- Open Risk Assessments: Number of third parties with active risk assessments.
- Past Tiering Assessments: Indicates third parties that have not completed assessments on time.
- Tier-Recommended Risk Assessments: Lists third parties performing assessments based on tiering.
- Vendor Classification by Tier: A donut report illustrating third parties assigned to each risk tier.
- Open Issues by Priority: All open third-party risk issues categorized by priority.
- Vendors by Risk Rating: Number of third parties sorted by their risk ratings.
- Upcoming Vendor Risk Assessments: Lists third-party risk assessments scheduled for the future.
- Vendor-related Policy Exceptions: Shows policy exceptions generated from third-party risk issues.
Engagement Tab Reports
- Total Engagements: Total number of engagements tracked.
- Open Tiering Assessments: Count of engagements with active tiering assessments.
- Open Risk Assessments: Number of engagements with active risk assessments.
- Past Tiering Assessments: Engagements that have not completed tiering assessments on time.
- Past Risk Assessments: Engagements with active tiering-based risk assessments.
- Engagements Classification by Tier: A donut report showing engagements assigned to each risk tier.
- Engagements by Type: Lists the number of engagements of each type.
- Open Issues by Priority: Open issues related to engagements sorted by priority.
- Engagements by Risk Rating: Number of engagements sorted by their risk ratings.
Key Outcomes
By utilizing the Vendor Risk Overview reports, ServiceNow customers can effectively monitor and manage third-party risks, ensuring compliance and minimizing potential issues through better visibility and reporting capabilities. The transition to using IRQs enhances risk assessment processes, improving flexibility and scalability in managing vendor risks.
The Vendor Risk Overview page is replaced by the third-party risk reports on the Vendor Management Workspace.
Viewing the reports
To open the Vendor Risk Overview, navigate to . The page displays reports that provide insights into your third-party risk management program. The
The more complete IRQ process replaces tiering
In the TPRM application, the IRQ is an internal questionnaire that improves the original tiering assessment process. IRQs enhance internal risk assessments with increased flexibility, control, and scalability. Unlike a tiering assessment where external questionnaires are determined solely by the risk tier, an IRQ can dynamically trigger external questionnaires based on both respondents' answers and risk tier.
To enable a seamless transition to TPRM, you have the option to duplicate existing tiering assessments and designate them as IRQ internal assessments. Risk tiering is supported as an unchanging legacy process.
Vendor Risk Overview — Vendor tab
| Report | Description |
|---|---|
| Total Vendors | Total number of third parties. |
| Open Tiering Assessments | Number of third parties with active tiering assessments open. |
| Open Risk Assessments | Number of third parties with active risk assessments open. |
| Past Tiering Assessments | Number of third parties that have not completed the tiering assessment within the assessment time frame. |
| Tier-Recommended Risk Assessments | Number of third parties performing risk assessments based on tiering. |
| Vendor Classification by Tier | Donut report showing the number of third parties assigned to each risk tier. |
| Vendors Performing Risk Assessment Based on Tiering | Number of third parties with active tiering-based risk assessments sorted by third-party risk. |
| Open Issues by Priority | All third-party risk open issues sorted by priority. |
| Vendors by Risk Rating | Number of third parties sorted by risk rating. |
| Upcoming Vendor Risk Assessments | Number of third-party risk assessments scheduled. |
| Vendor-related Policy Exceptions | All policy exceptions generated from third-party risk issues. |
Vendor Risk Overview — Engagement tab
| Report | Description |
|---|---|
| Total Engagements | Total number of engagements. |
| Open Tiering Assessments | Number of engagements with active tiering assessments open. |
| Open Risk Assessments | Number of engagements with active risk assessments open. |
| Past Tiering Assessments | Number of engagements that have not completed the tiering assessment within the assessment time frame. |
| Past Risk Assessments | Number of engagements with active tiering-based risk assessments. |
| Engagements Classification by Tier | Donut report showing the number of engagements assigned to each tier. |
| Engagements by Type | Number of engagements of each type. |
| Open Issues by Priority | All engagement open issues sorted by priority. |
| Engagements by Risk Rating | Number of engagements sorted by risk rating. |