Minimize risk by assessing suppliers during the onboarding process
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Minimize risk by assessing suppliers during the onboarding process
The Risk Assessments Integration for Supplier Lifecycle Operations enables ServiceNow customers to identify and evaluate potential risks associated with suppliers during the onboarding process. By integrating Supplier Lifecycle Operations with Third-party Risk Management, organizations can streamline supplier onboarding while performing thorough risk due diligence. This integration supports better decision-making to minimize supplier-related risks.
Show less
Key Features
- Integrated Supplier Onboarding and Risk Management: Combines capabilities of Supplier Lifecycle Operations and Third-party Risk Management to assess supplier risks early.
- Guided Onboarding Playbook: Provides a structured workflow for supplier managers to onboard suppliers efficiently, including submitting due diligence requests.
- Due Diligence and Risk Assessments: Facilitates creation and approval of due diligence requests, completion of inherent risk questionnaires by third-party risk assessors, and external questionnaires by suppliers via the Supplier Collaboration Portal.
- Risk Scoring and Monitoring: Updates risk records with final ratings after contract approval, enabling informed onboarding decisions.
- Automated Notifications and Case Management: Sends email notifications upon due diligence completion and allows supplier managers to close due diligence requests.
Requirements and Setup
- Install Supplier Lifecycle Operations and Third-party Risk Management applications from the ServiceNow Store.
- Activate Risk Assessments Integration for Supplier Lifecycle Operations and the GRC: Third-party Due Diligence Request plugins.
- A valid license for Third-party Risk Management is required to use this integrated solution.
Practical Workflow for Customers
- Supplier managers receive onboarding requests and use the onboarding playbook to initiate due diligence.
- Due diligence requests are assigned to third-party risk managers who approve and assign inherent risk questionnaires to internal assessors.
- Completed questionnaires trigger external due diligence questionnaires sent to suppliers through the Supplier Collaboration Portal.
- After suppliers submit questionnaires, third-party risk managers review and approve due diligence requests.
- Contracts are created and approved, followed by updating risk records with final risk ratings.
- Supplier managers review risk ratings to decide whether to proceed with or cancel onboarding, then close the due diligence case.
Benefits for ServiceNow Customers
This integration empowers supplier managers and risk assessors to collaborate efficiently, ensuring comprehensive risk evaluations during onboarding. It reduces onboarding risks, improves compliance with risk policies, and helps maintain a trusted supplier ecosystem by providing clear, actionable insights and automated workflows.
With Risk Assessments Integration for Supplier Lifecycle Operations, you can identify and assess potential supplier risks when onboarding new suppliers.
Combined benefits of integrating Supplier Lifecycle Operations with Third-party Risk Management
| Feature | Supplier Lifecycle Operations | Third-party Risk Management | All applications together |
|---|---|---|---|
Supplier onboarding |
 |
 |
|
| Information and data management | |
|
|
| Case and dispute management | |
|
|
| Risk onboarding | |
|
|
| Third-party risk due diligence, external and internal risk assessment | |
|
|
| Risk intelligence | |
|
|
| Risk scoring and monitoring | |
|
|
| Risk executive dashboard | |
|
|
Workflow of Risk Assessments Integration for Supplier Lifecycle Operations
Use Supplier Lifecycle Operations and Third-party Risk Management together for these benefits:
- Evaluate supplier risk when onboarding suppliers
- Analyze risk score to determine whether to onboard a supplier
The following figure shows an example workflow of how a supplier manager and a third-party risk (TPR) assessor can use the applications together to evaluate supplier risk.
In this workflow:
- The supplier manager receives a supplier onboarding request.
- The supplier manager uses the onboarding playbook, which provides a streamlined and guided process to onboard suppliers. For more information, see Use the supplier onboarding playbook to onboard suppliers.
- The supplier manager submits a due diligence request.
Performing due diligence is a key aspect of onboarding a supplier. The supplier risk assessment is done by the third-party risk (TPR) assessor. For more information, see Get started with Risk Assessments Integration for Supplier Lifecycle Operations.
- The TPR manager approves the due diligence request.
- The inherent risk questionnaire is created and assigned to the TPR assessor.
- The TPR assessor submits the completed IRQ.
- Two risk assessment questionnaires are created and assigned to the supplier contact.
- The supplier contact logs in to the Supplier Collaboration Portal and completes the risk assessment questionnaires.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- The supplier manager accepts the risk rating and closes the due diligence request.
Requirements for integrating Supplier Lifecycle Operations and Third-party Risk Management
- Install the Supplier Lifecycle Operations (com.snc.sn_supplier_mgmt) application from the ServiceNow® Store. For more information, see Install Supplier Lifecycle Operations.
- Install and activate the Risk Assessments Integration for Supplier Lifecycle Operations (com.snc.sn_supplier_tprm) plugin.
- Install the Third-party Risk Management (com.sn_vdr_risk_asmt) application from the ServiceNow® Store. For more information, see Configuring Third-party Risk Management.
- Install and activate the GRC: Third-party Due Diligence Request (com.sn_tprm_onboarding) plugin.
Note:
You must have a license for Third-party Risk Management (formerly Vendor Risk Management) to take advantage of this better together solution.
Get started with Risk Assessments Integration for Supplier Lifecycle Operations
Get started with Risk Assessments Integration for Supplier Lifecycle Operations by completing these tasks:
- Create a supplier. For more information, see Create a supplier from the Source-to-Pay Workspace.
- Onboard a new supplier using playbooks. For more information, see Use the supplier onboarding playbook to onboard suppliers.
- The playbook creates a due diligence request. For more information about the fields in this activity, see Request due diligence for a third-party engagement.
- The supplier manager fills and submits a due diligence request, which is assigned to the TPR manager.Note:For each due diligence request, the system auto-assigns a unique ID number that starts with the prefix DDR.
- If the due diligence request is approved by the TPR manager, the inherent risk questionnaire (IRQ) is sent to the TPR assessor (internal stakeholder).
- After the TPR assessor submits the completed IRQ, the due diligence process begins.
- The due diligence process creates two risk assessments, each containing an external due diligence questionnaire, one for the third-party and another for engagement.
- After the supplier contacts complete and submit the external questionnaires from the Supplier Collaboration Portal, the TPR manager goes through the questionnaires and approves the due diligence request. For more information, see Complete a risk assessment from the Supplier Collaboration Portal.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- After the supplier manager accepts the risk rating, an email is sent to the requester informing that the due diligence request has been successfully processed and approved.
- The supplier manager closes the due diligence request (case).
- As a supplier manager, you can use the risk assessment result data in combination with any other data to determine whether to continue or cancel the onboarding process.