Monitoring the due diligence request process

  • Release version: Zurich
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring the due diligence request process

    This topic guides TPR managers and admins through monitoring and managing the due diligence request process within the ServiceNow Third-party Risk Management (TPRM) application. It covers how to track and interact with various workflow stages for due diligence requests, identified by unique DDR numbers, from initial requests through to contract risk and closure.

    Show full answer Show less

    Key Features

    • Accessing Due Diligence Requests: Users can open the Due Diligence Management page from multiple locations by selecting the DDR number, which uniquely identifies each request.
    • Details Tab: View and update request information, log external-facing comments and private work notes, attach files, and monitor updates via the activity stream.
    • IRQ Process Monitoring: Track the first internal step of risk scoping and risk scoring after request approval.
    • External Due Diligence: Access external assessments through VRA numbers within the Due Diligence Management page.
    • Approval Process Monitoring: View approvers, approval actions, and approval levels for each request.
    • Risk Intelligence Scores: Review third-party risk intelligence scores provided by external services and drill into detailed settings and scores.
    • Contract Risk Process: Support contract negotiation and risk mitigation by incorporating specific provisions to address identified risks.
    • Action Buttons: Start onboarding for new requests, send discussion messages recorded in the activity stream, save changes, or delete requests as needed.
    • Compose Section: Add permanent work notes (private to internal users) or comments (visible internally and to third parties), and manage attachments to enrich request records.
    • Unique ID Numbers: Each record or task is auto-assigned a unique ID to facilitate searching and filtering within the system.

    Practical Benefits

    • Enables efficient tracking and management of all stages of due diligence requests.
    • Supports collaboration and communication both internally and with third parties through work notes and comments.
    • Improves risk visibility and mitigation by integrating risk scores and contract risk processes.
    • Streamlines workflows by providing actionable buttons and clear navigation paths for TPR managers and admins.

    TPR managers and TPR admins can perform a wide variety of tasks from the due diligence management dashboard. They can work on all processes in the workflow for a due diligence request: IRQs, external due diligence, approval, contract risk, and closed requests.

    For each due diligence request, the system auto-assigns a unique ID number that starts with the text DDR. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. The page opens to the Details tab. Typically, you start from the TPRM Home page.

    Due diligence request details for the third party.

    Monitoring processes from the request management page

    Viewing basic information about a request on the Details tab

    From the Details tab, you can view and adjust the due diligence request information for a third party. You can also log external-facing comments and private work notes, attach files, and track request updates in the activity stream. See Due diligence request process management.

    Monitoring the IRQ process

    The first internal step after an engagement request is approved is to start the IRQ process to scope the risk by determining the third party's risk score. You can access the Due diligence management page from many locations by selecting the DDR number for any due diligence request. See IRQ process management.

    Monitoring the external due diligence process
    Select a VRA Number to open the external assessments page in the Due diligence management page. See Third-party (external) risk assessment management.
    Monitoring the approval process

    You can view the list of users who can approve or reject a DD request and also view the details of their approval actions. In addition, you can view the approval levels for a request. See Approval process management.

    View the risk intelligence scores for a third party

    The information on the Risk intelligence scores tab comes from risk intelligence provider services. Select any link to drill into the settings and scores. See Viewing risk intelligence scores.

    Monitoring the Contract risk process
    Protect your organization's interests, as the Third-party risk contract negotiator, often the corporate counsel, by incorporating specific contractual provisions so that you can address the risks identified using the Third-party Risk Management application. See Accessing DD requests that are in the contract risk process.

    Actions on the Due diligence management pages

    Tip:
    When you create (or the system generates) a new record (for example, a request for due diligence or a task), the system auto-assigns a unique ID number that helps to identify the type of data in the record. You can use the ID number to search for or filter the item you want to work on. See Unique ID numbers for TPRM records.
    Table 1. Actions
    Action Description
    Start onboarding For requests in the New state, this button enables the TPR manager to start the process.
    Discuss Select Discuss to send a message to other users. The message is recorded in the Activity section of the Details tab.
    Save Select Save to save any change you made to a value on any tab.
    … Delete Select Delete to delete the record of the engagement request.
    Working in the Compose section
    The Compose section on the Details tab enables you to permanently add text to the record. The Activity section is updated with any actions on issues and tasks, submissions to TP contacts, and also with work notes and comments that users add to the record. Add text in the following fields as needed:
    • Work notes (Private): Information about the third-party risk assessment. Work notes are visible only to internal users who are assigned to the process.
    • Comments: Comments about the third-party risk assessment are visible both to internal users and to third-party contacts.
    Adding an attachment

    Select Browse in the Attachments section to select and add an attachment.