Monitoring the due diligence request process

  • Release version: Yokohama
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring the due diligence request process

    ServiceNow’s Third-Party Risk Management (TPRM) provides TPR managers and admins with a comprehensive Due Diligence Management dashboard to monitor and manage all stages of the due diligence request workflow. This includes Internal Request Questionnaire (IRQ), external due diligence, approval, contract risk, and closure processes. Each due diligence request is automatically assigned a unique DDR ID, allowing easy tracking and access from various locations within the system.

    Show full answer Show less

    Key Features

    • Details Tab: View and update request information, add private work notes, external comments, attach files, and track updates through an activity stream.
    • IRQ Process Monitoring: Scope third-party risk by assessing the risk score early in the process.
    • External Due Diligence: Access external assessments via VRA Numbers to evaluate third-party risks.
    • Approval Process: Review approvers, their actions, and approval levels associated with each due diligence request.
    • Risk Intelligence Scores: Examine third-party risk scores provided by external intelligence services with options to drill into detailed settings.
    • Contract Risk Process: Manage contractual provisions addressing identified risks, typically handled by corporate counsel or contract negotiators.
    • Unique ID Numbers: Every record, such as due diligence requests or tasks, receives a unique ID to facilitate efficient searching and filtering.

    Actions on Due Diligence Management Pages

    • Start Onboarding: Initiate the due diligence process for new requests.
    • Discuss: Send messages to other users; all communications are recorded in the activity stream.
    • Save: Save changes made to any field on the request.
    • Delete: Remove engagement request records if necessary.

    Working with Notes and Attachments

    Within the Compose section on the Details tab, users can add permanent text entries categorized as either:

    • Work Notes (Private): Internal notes visible only to assigned internal users.
    • Comments: Visible to both internal users and third-party contacts for transparent communication.

    Additionally, users can add attachments by browsing and selecting files, supporting comprehensive documentation within each due diligence record.

    TPR managers and TPR admins can perform a wide variety of tasks from the due diligence management dashboard. They can work on all processes in the workflow for a due diligence request: IRQs, external due diligence, approval, contract risk, and closed requests.

    For each due diligence request, the system auto-assigns a unique ID number that starts with the text DDR. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. The page opens to the Details tab. Typically, you start from the TPRM Home page.

    Due diligence request details for the third party.

    Monitoring processes from the request management page

    Viewing basic information about a request on the Details tab

    From the Details tab, you can view and adjust the due diligence request information for a third party. You can also log external-facing comments and private work notes, attach files, and track request updates in the activity stream. See Due diligence request process management.

    Monitoring the IRQ process

    The first internal step after an engagement request is approved is to start the IRQ process to scope the risk by determining the third party's risk score. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. See IRQ process management.

    Monitoring the external due diligence process
    Select a VRA Number to open the external assessments page in the Due diligence management page. See Third-party (external) risk assessment management.
    Monitoring the approval process

    You can view the list of users who can approve or reject a DD request and also view the details of their approval actions. In addition, you can view the approval levels for a request. See Approval process management.

    View the risk intelligence scores for a third party

    The information on the Risk intelligence scores tab comes from risk intelligence provider services. Select any link to drill into the settings and scores. See Viewing risk intelligence scores.

    Monitoring the Contract risk process
    Protect your organization's interests, as the Third-party risk contract negotiator, often the corporate counsel, by incorporating specific contractual provisions so that you can address the risks identified using the Third-party Risk Management application. See Accessing DD requests that are in the contract risk process.

    Actions on the Due diligence management pages

    Tip:
    When you create (or the system generates) a new record (for example, a request for due diligence or a task), the system auto-assigns a unique ID number that helps to identify the type of data in the record. You can use the ID number to search for or filter the item you want to work on. See Unique ID numbers for TPRM records.
    Table 1. Actions
    Action Description
    Start onboarding For requests in the New state, this button enables the TPR manager to start the process.
    Discuss Select Discuss to send a message to other users. The message is recorded in the Activity section of the Details tab.
    Save Select Save to save any change you made to a value on any tab.
    … Delete Select Delete to delete the record of the engagement request.
    Working in the Compose section
    The Compose section on the Details tab enables you to permanently add text to the record. The Activity section is updated with any actions on issues and tasks, submissions to TP contacts, and also with work notes and comments that users add to the record. Add text in the following fields as needed:
    • Work notes (Private): Information about the third-party risk assessment. Work notes are visible only to internal users who are assigned to the process.
    • Comments: Comments about the third-party risk assessment are visible both to internal users and to third-party contacts.
    Adding an attachment

    Select Browse in the Attachments section to select and add an attachment.