TPRM - Internal Questionnaire to Review Answers of Vendor Assessment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2024 09:33 PM
Hi all,
I am setting up a recurring annual assessment (but this question is general to the TPRM Due Diligence/Vendor Assessment process).
An assessment (questionnaire + document requests) will be sent to the Vendor to complete.
Once they have completed it, the Business Owner should then be able to review the documents + answer their own questions about the responses/uploads from the Vendor.
Currently, there doesn't seem to be an OOTB way to do this nicely. I know there is a 'review' part to the Assessment but it doesn't have the capability to create a questionnaire or anything for the Business Owner to answer.
I also know you do the IRQ before the Vendor Assessment is sent out and that would work for some of the questions, but some need context from the answer from the Vendor.
Help would be appreciated.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2025 01:28 AM
This is what my team did for an Insurance sector client; hope this is helpful.
- Define Requirements and Objectives:
- Objective: Ensure compliance with regulatory requirements and mitigate vendor risks.
- Requirements: Identify key assessment areas such as data security, financial stability, and compliance.
- Set Up Vendor Risk Management Module:
- Table: sn_vdr_risk_vendor (Vendor Risk Management)
- Entry Point: Navigate to Vendor Risk Management > Vendors.
- Create Assessment Templates:
- Table: asmt_metric_type (Assessment Metric Type)
- Entry Point: Navigate to Vendor Risk Management > Assessments > Assessment Templates.
- Action: Create templates for different assessment types (e.g., initial due diligence, annual review).
- Configure Vendor Profiles:
- Table: sn_vdr_risk_vendor_profile (Vendor Profile)
- Entry Point: Navigate to Vendor Risk Management > Vendors > Vendor Profiles.
- Action: Populate vendor profiles with necessary details (e.g., contact information, risk level).
- Automate Assessment Distribution:
- Table: asmt_assessment_instance (Assessment Instance)
- Entry Point: Navigate to Vendor Risk Management > Assessments > Assessment Instances.
- Action: Set up workflows to automatically distribute assessments to vendors at specified intervals.
- Vendor Completes Assessment:
- Table: asmt_assessment_instance (Assessment Instance)
- Entry Point: Vendors access the ServiceNow portal to complete assessments.
- Action: Provide clear instructions and deadlines for submission.
- Create Review Tasks for Business Owners:
- Table: sn_vdr_risk_assessment_task (Vendor Risk Assessment Task)
- Entry Point: Navigate to Vendor Risk Management > Assessments > Assessment Tasks.
- Action: Automatically generate review tasks for Business Owners upon vendor submission.
- Custom Questionnaire for Business Owners:
- Table: asmt_metric (Assessment Metric)
- Entry Point: Navigate to Vendor Risk Management > Assessments > Metrics.
- Action: Create custom forms or questionnaires for Business Owners to fill out based on vendor responses.
- Review and Feedback:
- Table: sn_vdr_risk_assessment_task (Vendor Risk Assessment Task)
- Entry Point: Business Owners review submitted documents and responses.
- Action: Provide feedback or request additional information if needed.
- Approval Workflow:
- Table: sn_vdr_risk_assessment_task (Vendor Risk Assessment Task)
- Entry Point: Navigate to Vendor Risk Management > Assessments > Assessment Tasks.
- Action: Configure an approval workflow to route reviewed assessments to relevant stakeholders.
- Continuous Monitoring:
- Table: sn_vdr_risk_vendor (Vendor Risk Management)
- Entry Point: Navigate to Vendor Risk Management > Vendors.
- Action: Set up continuous monitoring for vendor risk profiles and schedule regular reassessments.
- Reporting and Analytics:
- Table: sn_vdr_risk_report (Vendor Risk Report)
- Entry Point: Navigate to Vendor Risk Management > Reports.
- Action: Utilize reporting tools to generate insights and analytics on vendor assessments.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2025 08:21 PM
Hi Naveenkaush,
Thank you for the ideas, I have a few questions about it.
For step 7 - how do you automatically create the review tasks? And how do you link the vendors submission (i.e. answers to questionnaires or document uploads) to the review task?
