Vendor Risk Overview reports — Legacy view
Summarize
Summary of Vendor Risk Overview reports — Legacy view
The Vendor Risk Overview page in ServiceNow’s Third-party Risk Management (TPRM) application provides legacy reports to help customers monitor and analyze their third-party risk management program. However, this legacy dashboard is deprecated starting from version 18.1.3 and replaced by enhanced third-party risk reports accessible via the Vendor Management Workspace.
Show less
Customers with TPRM versions prior to 18.1.3 can still use this legacy Vendor Risk Overview dashboard for insights.
Key Features
- Access Path: Navigate to All > Third-party Risk Management > Overview to view the legacy reports.
- IRQ Process Replacement: The legacy tiering assessment process is replaced by the more flexible and scalable Internal Risk Questionnaire (IRQ) process in TPRM. IRQs dynamically trigger external questionnaires based on respondents’ answers and risk tiers, allowing for improved internal risk assessments.
- Option to Migrate: Existing tiering assessments can be duplicated and designated as IRQ internal assessments to enable a smooth transition.
- Legacy Support: Risk tiering remains supported as a legacy, unchanging process for customers who continue to use it.
Reports on the Vendor tab
This tab provides vendor-specific insights including:
- Total number of third parties managed.
- Counts of open and past tiering and risk assessments.
- Visualization of vendor classification by risk tier.
- Details on vendors performing risk assessments based on tiering.
- Open third-party risk issues sorted by priority.
- Vendor counts sorted by risk rating.
- Upcoming scheduled vendor risk assessments.
- Policy exceptions related to vendor risk issues.
Reports on the Engagement tab
This tab focuses on engagements with third parties and includes reports on:
- Total engagements and their classification by risk tier and type.
- Open and past tiering and risk assessments for engagements.
- Open issues associated with engagements sorted by priority.
- Engagements sorted by risk rating.
Practical Implications for ServiceNow Customers
- Customers using versions before 18.1.3 can rely on this legacy dashboard for vendor risk insights but should plan migration to the newer reports in the Vendor Management Workspace for enhanced features.
- The IRQ process offers greater flexibility and control over risk assessments, improving the accuracy and scalability of third-party risk evaluations compared to the legacy tiering method.
- Understanding the reports on both Vendor and Engagement tabs enables better risk monitoring and decision-making regarding third-party relationships.
The Vendor Risk Overview page is replaced by the third-party risk reports on the Vendor Management Workspace.
Viewing the reports
To open the Vendor Risk Overview, navigate to . The page displays reports that provide insights into your third-party risk management program. The
The more complete IRQ process replaces tiering
In the TPRM application, the IRQ is an internal questionnaire that improves the original tiering assessment process. IRQs enhance internal risk assessments with increased flexibility, control, and scalability. Unlike a tiering assessment where external questionnaires are determined solely by the risk tier, an IRQ can dynamically trigger external questionnaires based on both respondents' answers and risk tier.
To enable a seamless transition to TPRM, you have the option to duplicate existing tiering assessments and designate them as IRQ internal assessments. Risk tiering is supported as an unchanging legacy process.
Vendor Risk Overview — Vendor tab
| Report | Description |
|---|---|
| Total Vendors | Total number of third parties. |
| Open Tiering Assessments | Number of third parties with active tiering assessments open. |
| Open Risk Assessments | Number of third parties with active risk assessments open. |
| Past Tiering Assessments | Number of third parties that have not completed the tiering assessment within the assessment time frame. |
| Tier-Recommended Risk Assessments | Number of third parties performing risk assessments based on tiering. |
| Vendor Classification by Tier | Donut report showing the number of third parties assigned to each risk tier. |
| Vendors Performing Risk Assessment Based on Tiering | Number of third parties with active tiering-based risk assessments sorted by third-party risk. |
| Open Issues by Priority | All third-party risk open issues sorted by priority. |
| Vendors by Risk Rating | Number of third parties sorted by risk rating. |
| Upcoming Vendor Risk Assessments | Number of third-party risk assessments scheduled. |
| Vendor-related Policy Exceptions | All policy exceptions generated from third-party risk issues. |
Vendor Risk Overview — Engagement tab
| Report | Description |
|---|---|
| Total Engagements | Total number of engagements. |
| Open Tiering Assessments | Number of engagements with active tiering assessments open. |
| Open Risk Assessments | Number of engagements with active risk assessments open. |
| Past Tiering Assessments | Number of engagements that have not completed the tiering assessment within the assessment time frame. |
| Past Risk Assessments | Number of engagements with active tiering-based risk assessments. |
| Engagements Classification by Tier | Donut report showing the number of engagements assigned to each tier. |
| Engagements by Type | Number of engagements of each type. |
| Open Issues by Priority | All engagement open issues sorted by priority. |
| Engagements by Risk Rating | Number of engagements sorted by risk rating. |