Vendor Risk Overview reports — Legacy view
Summarize
Summary of Vendor Risk Overview reports — Legacy view
The Vendor Risk Overview page, part of Third-party Risk Management (TPRM), provides reports that deliver insights into your third-party risk program. This legacy view is accessible viaAll > Third-party Risk Management > Overview. However, it has been replaced by more advanced third-party risk reports on the Vendor Management Workspace starting with TPRM version 18.1.3. Customers using versions prior to 18.1.3 can continue to use this dashboard.
Show less
The legacy tiering process is being superseded by the Internal Questionnaire (IRQ) process, which offers enhanced flexibility, control, and scalability. IRQs dynamically trigger external questionnaires based on responses and risk tier, improving upon static tiering assessments. Existing tiering assessments can be duplicated and converted into IRQ internal assessments to facilitate transition.
Reports on the Vendor tab
This tab provides a comprehensive overview of vendor-related risk metrics, including:
- Total Vendors: The count of all third parties.
- Open Tiering Assessments: Vendors with active tiering assessments.
- Open Risk Assessments: Vendors with active risk assessments.
- Past Tiering Assessments: Vendors who missed assessment deadlines.
- Tier-Recommended Risk Assessments: Vendors undergoing risk assessments based on their tier.
- Vendor Classification by Tier: Visual donut chart showing vendor distribution across risk tiers.
- Vendors Performing Risk Assessment Based on Tiering: Active tiering-based risk assessments sorted by third-party risk.
- Open Issues by Priority: All open third-party risk issues sorted by priority.
- Vendors by Risk Rating: Vendors categorized by risk rating.
- Upcoming Vendor Risk Assessments: Scheduled assessments.
- Vendor-related Policy Exceptions: Policy exceptions generated from third-party risk issues.
Reports on the Engagement tab
This tab focuses on engagements with third parties and includes:
- Total Engagements: The total number of engagements.
- Open Tiering Assessments: Engagements with active tiering assessments.
- Open Risk Assessments: Engagements with active risk assessments.
- Past Tiering Assessments: Engagements that missed tiering assessment deadlines.
- Past Risk Assessments: Engagements with active tiering-based risk assessments.
- Engagements Classification by Tier: Donut chart showing engagements assigned to each risk tier.
- Engagements by Type: Count of each engagement type.
- Open Issues by Priority: Open engagement issues sorted by priority.
- Engagements by Risk Rating: Engagements categorized by risk rating.
Key Outcomes
ServiceNow customers can leverage these reports to monitor third-party and engagement risks through tiering assessments and risk assessments, track open issues and policy exceptions, and plan upcoming assessments. Transitioning to IRQs enables more dynamic and flexible risk evaluation, improving risk management efficiency.
The Vendor Risk Overview page is replaced by the third-party risk reports on the Vendor Management Workspace.
Viewing the reports
To open the Vendor Risk Overview, navigate to . The page displays reports that provide insights into your third-party risk management program. The
The more complete IRQ process replaces tiering
In the TPRM application, the IRQ is an internal questionnaire that improves the original tiering assessment process. IRQs enhance internal risk assessments with increased flexibility, control, and scalability. Unlike a tiering assessment where external questionnaires are determined solely by the risk tier, an IRQ can dynamically trigger external questionnaires based on both respondents' answers and risk tier.
To enable a seamless transition to TPRM, you have the option to duplicate existing tiering assessments and designate them as IRQ internal assessments. Risk tiering is supported as an unchanging legacy process.
Vendor Risk Overview — Vendor tab
| Report | Description |
|---|---|
| Total Vendors | Total number of third parties. |
| Open Tiering Assessments | Number of third parties with active tiering assessments open. |
| Open Risk Assessments | Number of third parties with active risk assessments open. |
| Past Tiering Assessments | Number of third parties that have not completed the tiering assessment within the assessment time frame. |
| Tier-Recommended Risk Assessments | Number of third parties performing risk assessments based on tiering. |
| Vendor Classification by Tier | Donut report showing the number of third parties assigned to each risk tier. |
| Vendors Performing Risk Assessment Based on Tiering | Number of third parties with active tiering-based risk assessments sorted by third-party risk. |
| Open Issues by Priority | All third-party risk open issues sorted by priority. |
| Vendors by Risk Rating | Number of third parties sorted by risk rating. |
| Upcoming Vendor Risk Assessments | Number of third-party risk assessments scheduled. |
| Vendor-related Policy Exceptions | All policy exceptions generated from third-party risk issues. |
Vendor Risk Overview — Engagement tab
| Report | Description |
|---|---|
| Total Engagements | Total number of engagements. |
| Open Tiering Assessments | Number of engagements with active tiering assessments open. |
| Open Risk Assessments | Number of engagements with active risk assessments open. |
| Past Tiering Assessments | Number of engagements that have not completed the tiering assessment within the assessment time frame. |
| Past Risk Assessments | Number of engagements with active tiering-based risk assessments. |
| Engagements Classification by Tier | Donut report showing the number of engagements assigned to each tier. |
| Engagements by Type | Number of engagements of each type. |
| Open Issues by Priority | All engagement open issues sorted by priority. |
| Engagements by Risk Rating | Number of engagements sorted by risk rating. |