Tracking a managed activity
Summarize
Summary of Tracking a managed activity
The Third-party Risk Management application enables you to track and verify managed activities using the Usage analytics activities table (snvdrriskasmtuaactivity). Each engagement consumes only one license regardless of the number of managed activities within a contract year. Managed activity usage counts only when an activity is initiated.
Show less
Activities related to new third parties—defined as companies not listed in the Company [corecompany] table—undergoing due diligence onboarding are not counted as managed activities. However, certain activities involving existing third parties are counted, including:
- Inherent risk questionnaires (IRQ) with status Awaiting response.
- Tiering assessments with questionnaires having status Awaiting response.
- Third-party risk assessments with questionnaires in status Submitted to third party.
- Tasks or issues created for a third-party risk assessment.
Automatically created assessments by event-driven management rules that are later recalled do not count as managed activities if recalled before submission to the third party. Assessments unrelated to event-driven rules cannot be recalled and count as managed activities. Cancelled assessments are still considered managed activities.
Using the Usage analytics activities table for verification
The Usage analytics activities table logs each managed activity and is read-only. Records older than two years are archived automatically. To view this table, users need the Third-party assessment reviewer [snvdrriskasmt.vendorassessmentreviewer] role. It can be accessed via:
All > Third Party Risk Management > Administration > Managed Activity Analytics
The table includes key fields such as:
- Created: Timestamp of the activity.
- Activity: Reference to the related record.
- Activity type: Types include tiering assessments, internal assessments, third-party risk assessments, issues, and tasks.
- Applies to: Specifies whether the activity applies to the third party or the engagement.
- Third party: The related third-party organization.
- Engagement: The related engagement.
- Status: Indicates if the activity is Tracked or Recalled.
Note that updates to calculated risk scores from assessments are managed activities but are not logged in this table. Similarly, score updates from risk intelligence providers are not considered managed activities.
View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.
Overview of managed activities
You can track and verify managed activities in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.
An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated.
Activities that are associated with a new third party going through the due diligence onboarding workflow aren’t counted as managed activities. In this context, a new third party is defined as a company that is not in the Company [core_company] table.
If any of the following activities aren’t related to a new third party going through the due diligence onboarding workflow, they’re counted as managed activities:
- An Inherent risk questionnaire (IRQ) that is sent by the system has a status of Awaiting response. For more information, see Assessing your third-party risk.
- A tiering assessment with a questionnaire that is sent by the system has a status of Awaiting response. For more information, see Create a VRM tiering assessment.
- A third-party risk assessment with a questionnaire that is sent by the system has a status of Submitted to third party. For more information, see Life cycle states of a external assessment.
- The creation of a task or issue for a third-party risk assessment. For more information, see Create a task for a third party or engagement and Create an issue for a third party or engagement.
Using the usage analytics activities table for verification
The usage analytics activities table stores a record every time a managed activity occurs. This table is read only. Records that are two years or older are automatically archived. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table.
You can access the Usage analytics activities table by navigating to .
The following example and table show the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.
| Field | Description |
|---|---|
| Created | Date and time that the activity occurred. |
| Activity | Record that is related to the activity. |
| Activity type | Managed activities that can be associated with tiering assessments, internal assessments, third-party risk assessments (TPRA), issues, and tasks. |
| Applies to |
|
| Third party | Third party that is related to the activity. |
| Engagement | Engagement that is related to the activity. |
| Status | State of the activity:
|