Minimize risk by assessing suppliers during the onboarding process
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Minimize risk by assessing suppliers during the onboarding process
This integration between Supplier Lifecycle Operations and Third-party Risk Management enables ServiceNow customers to effectively identify and assess potential risks associated with new suppliers during the onboarding process. It streamlines supplier onboarding by embedding risk due diligence and assessment workflows, allowing organizations to make informed decisions about supplier acceptance and minimize operational risks.
Show less
Key Features
- Integrated Risk Assessment Workflow: Supplier managers initiate onboarding using guided playbooks that trigger due diligence requests evaluated by third-party risk (TPR) assessors.
- Due Diligence and Risk Questionnaires: The process includes inherent risk questionnaires for internal assessors and external due diligence questionnaires completed by suppliers via the Supplier Collaboration Portal.
- Risk Scoring and Approval: TPR managers review and approve due diligence requests, update risk records with final ratings, and facilitate contract approvals tied to risk outcomes.
- Automated Tracking and Notifications: Unique IDs track due diligence requests, and email notifications inform stakeholders upon approval and completion of risk assessments.
- Comprehensive Data Management: Combines supplier data, risk scores, and contract information to support informed onboarding decisions.
Requirements
- Installation of Supplier Lifecycle Operations and Third-party Risk Management applications from the ServiceNow Store.
- Activation of Risk Assessments Integration for Supplier Lifecycle Operations and GRC: Third-party Due Diligence Request plugins.
- Valid licensing for Third-party Risk Management is required to leverage the integrated solution.
Practical Use and Workflow
ServiceNow customers use this integration to:
- Create and onboard suppliers using predefined playbooks that automate due diligence initiation.
- Assign and manage risk assessment tasks between supplier managers, TPR managers, and assessors.
- Collect risk assessment data from both internal stakeholders and external suppliers through structured questionnaires.
- Review and approve risk ratings before finalizing contracts and completing the onboarding process.
- Utilize risk assessment outcomes to determine whether to proceed with or halt supplier onboarding, thereby minimizing potential risks.
With Risk Assessments Integration for Supplier Lifecycle Operations, you can identify and assess potential supplier risks when onboarding new suppliers.
Combined benefits of integrating Supplier Lifecycle Operations with Third-party Risk Management
| Feature | Supplier Lifecycle Operations | Third-party Risk Management | All applications together |
|---|---|---|---|
Supplier onboarding |
 |
 |
|
| Information and data management | |
|
|
| Case and dispute management | |
|
|
| Risk onboarding | |
|
|
| Third-party risk due diligence, external and internal risk assessment | |
|
|
| Risk intelligence | |
|
|
| Risk scoring and monitoring | |
|
|
| Risk executive dashboard | |
|
|
Workflow of Risk Assessments Integration for Supplier Lifecycle Operations
Use Supplier Lifecycle Operations and Third-party Risk Management together for these benefits:
- Evaluate supplier risk when onboarding suppliers
- Analyze risk score to determine whether to onboard a supplier
The following figure shows an example workflow of how a supplier manager and a third-party risk (TPR) assessor can use the applications together to evaluate supplier risk.
In this workflow:
- The supplier manager receives a supplier onboarding request.
- The supplier manager uses the onboarding playbook, which provides a streamlined and guided process to onboard suppliers. For more information, see Using the supplier onboarding playbook to onboard suppliers.
- The supplier manager submits a due diligence request.
Performing due diligence is a key aspect of onboarding a supplier. The supplier risk assessment is done by the third-party risk (TPR) assessor. For more information, see Get started with Risk Assessments Integration for Supplier Lifecycle Operations.
- The TPR manager approves the due diligence request.
- The inherent risk questionnaire is created and assigned to the TPR assessor.
- The TPR assessor submits the completed IRQ.
- Two risk assessment questionnaires are created and assigned to the supplier contact.
- The supplier contact logs in to the Supplier Collaboration Portal and completes the risk assessment questionnaires.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- The supplier manager accepts the risk rating and closes the due diligence request.
Requirements for integrating Supplier Lifecycle Operations and Third-party Risk Management
- Install the Supplier Lifecycle Operations (com.snc.sn_supplier_mgmt) application from the ServiceNow® Store. For more information, see Install Supplier Lifecycle Operations.
- Install and activate the Risk Assessments Integration for Supplier Lifecycle Operations (com.snc.sn_supplier_tprm) plugin.
- Install the Third-party Risk Management (com.sn_vdr_risk_asmt) application from the ServiceNow® Store. For more information, see Configuring Third-party Risk Management.
- Install and activate the GRC: Third-party Due Diligence Request (com.sn_tprm_onboarding) plugin.
Note:
You must have a license for Third-party Risk Management (formerly Vendor Risk Management) to take advantage of this better together solution.
Get started with Risk Assessments Integration for Supplier Lifecycle Operations
Get started with Risk Assessments Integration for Supplier Lifecycle Operations by completing these tasks:
- Create a supplier. For more information, see Create a supplier from the Source-to-Pay Workspace.
- Onboard a new supplier using playbooks. For more information, see Using the supplier onboarding playbook to onboard suppliers.
- The playbook creates a due diligence request. For more information about the fields in this activity, see Request due diligence for a third-party engagement.
- The supplier manager fills and submits a due diligence request, which is assigned to the TPR manager.Note:For each due diligence request, the system auto-assigns a unique ID number that starts with the prefix DDR.
- If the due diligence request is approved by the TPR manager, the inherent risk questionnaire (IRQ) is sent to the TPR assessor (internal stakeholder).
- After the TPR assessor submits the completed IRQ, the due diligence process begins.
- The due diligence process creates two risk assessments, each containing an external due diligence questionnaire, one for the third-party and another for engagement.
- After the supplier contacts complete and submit the external questionnaires from the Supplier Collaboration Portal, the TPR manager goes through the questionnaires and approves the due diligence request. For more information, see Complete a risk assessment from the Supplier Collaboration Portal.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- After the supplier manager accepts the risk rating, an email is sent to the requester informing that the due diligence request has been successfully processed and approved.
- The supplier manager closes the due diligence request (case).
- As a supplier manager, you can use the risk assessment result data in combination with any other data to determine whether to continue or cancel the onboarding process.