Accessing the IRQ process

On the Due diligence management page, select the DDR number for any due diligence request and then the select the Inherent risk assessments tab.

The tab displays the list of all IRQ processes for the engagement request. For each IRQ process, the system auto-assigns a unique ID number that starts with the text INA.

Viewing the list of internal risk assessments

Inherent risk assessments tab

Table 1. Inherent risk assessments tab

Column	Description
Number	For each IRQ process, the system auto-assigns a unique ID number that starts with the text INA. Select an INA number to work on the Third-party risk assessments page to the Risk overview tab. The unique ID is used in all references to the item. You can use the ID to search or filter for the item that you want to work on.
Name, Assigned to, Risk rating	Data from the engagement request.
State	The current state of the inherent risk assessment: Draft, Awaiting response, Response received, or Closed.
Respondents	Users who responded to the request.

Risk overview tab on the Inherent risk assessments page

For each IRQ process, the system auto-assigns a unique ID number that starts with the text INA. Select an INA number to work on the IRQ process on the Inherent risk assessments page.

• The symbols indicate the state of each stage in the IRQ process for the request.

  

• Assessment instances section: List of assessments that are associated with the third party.
• Tracking section: Count of assessments associated with the third party that are in the Open, Overdue, and Closed status.

Details tab on the Inherent risk assessments page

• Internal assessment section: General information on the third party plus schedules for the overall assessment and questionnaire due dates from the engagement due diligence request.
• The Compose section on the Details tab enables you to permanently add text to the record. The Activity section is updated with any actions on issues and tasks, submissions to TP contacts, and also with work notes and comments that users add to the record. Add text in the following fields as needed:

  • Work notes (Private): Information about the third-party risk assessment. Work notes are visible only to internal users who are assigned to the process.
  • Comments: Comments about the third-party risk assessment are visible both to internal users and to third-party contacts.
• The Third-party overview section provides key information on the third party that is associated with the engagement request.

Questionnaires tab on the Inherent risk assessments page

The tab lists all open IRQs. Select a questionnaire name to view the details.

Scales tab on the Inherent risk assessments page

The tab lists the definitions of the calculated rating and tier values. See Set up risk rating scales for scoring and Third-party risk tiering assessments — Legacy process for instructions for defining the settings.

Assessment instances tab on the Inherent risk assessments page

All values on the tab come from the internal assessments that have been conducted on the third part in the engagement.

Table 2. Assessment instances tab

Column	Description
Number	For each IRQ process, the system auto-assigns a unique ID number that starts with the text INA. The unique ID is used in all references to the item. You can use the ID to search or filter for the item that you want to work on.
Metric type	Questionnaire that determined the questionnaires used in the assessment.
Assigned to	User that is responsible for managing and responding to the IRQ.
Due date	Deadline for third party to respond to and return all questionnaires.
State	Current stage of the IRQ process for the engagement request.
Internal risk score	An engagement risk-scoring rule specifies component criteria that determine which engagements are selected for assessment. For example, a rule could enable assessments for engagements that involve more than $40,000 annual business. Engagement scoring rules apply only to engagements. See Define engagement risk scoring rules.