Hi All,
We are trying to implementing Due Diligence(DDR) in GRC Vendor Risk Management, as part of the DDR process the internal team can also assess the Vendor Risk Assessment with the help of below OOB system Property.
//Start
Allow TPR assessors to modify responses in third-party questionnaires [sn_svdp.allow_assessor_edit]
- Enable TPR assessors [sn_vdr_risk_asmt.vendor_assessor] to answer questions or modify responses (default)
- Enable TPR assessors to modify responses
- Do not enable TPR assessors to answer questions or modify responses
//End
When I tried to impersonate with the role "sn_vdr_risk_asmt.vendor_assessor" and tried to assess the assessment, the questions are read only, please find the below screenshot for reference.
Can you please help me if I am missing something here.
Thanks in advance.
Thanks,
Sarath Kumar
Hi @bejawada ,
Your Property Settings are correct!!
The screenshot you shared i think that's not read-only, try and make the changes again.( Select the drop-down arrow to select)
If not happening still, maybe you can try with another Risk Assessment (VRA), with another user having "sn_vdr_risk_asmt.vendor_assessor" role.
Hi Sandeep,
Thanks for your response, the questions are still read only(not editable). I would like to know if I am doing it correctly.
I am following the below steps to answer the VRA.
1. Navigate and open Vendor Management Workspace
2. Go to the Due Diligence management and open a DD request which is in state "Due Diligence"
3. Go to Third Party risk assessments and open the VRA.
4. Scroll down to the section "Questionnaires and document requests" and click on the assessment.
5. The assessment got opened and the questions are read-only.
Is this the correct process to answer the Vendor Risk Assessment by the Internal team with role "sn_vdr_risk_asmt.vendor_assessor".
Note: I have impersonated with person who has role "sn_vdr_risk_asmt.vendor_assessor" and tried accessing external vendor portal to submit the assessment, it throws a message that "This page is only for vendors to use."
Is there any other process to submit the VRA by Internal team?
Thanks,
Sarath Kumar.
Hi @bejawada ,
Let me explain you in steps :
1. I have logged in as Accessor and i login to Employee center, from Surveys, i will open the IRQ questions and complete my IRQ questions (INA) for a third party in the due diligence process:
2. As Vendor Risk manager, you will check the responses from Accessor from the DDR record, related list and mark it close.
3. As a manager, i will move the DDR to next by clicking on "Start due Diligence" UI action.
4. Then, you will see that the "third-party risk assessments would have generated in the related list.
5. Manager will add the questionnaire to the risk-party risk assessment record (VRA) for the third-party to answer.
6. As a manager/Accessor you can click on "Submit to third party" such that it goes to third-party , the primary contact can see the questions shared in the Third-party portal.
7. I have logged in as primary contact in /svdp portal as Primary contact, : all activities> Assessments> open and complete the assessment and submit:
8. Now, you can see the VRA record is in "responses received" state> move it to "Generating Observations" state.
9. Now, as a accessor, you can "view responses" from the VRA record, you can find there would be a "Edit" Button" . once you click on it, you see below and you can edit the response:
