Define engagement risk scoring rules

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • An engagement risk-scoring rule specifies component criteria that determine which engagements are selected for assessment. For example, a rule could enable assessments for engagements that involve more than $40,000 annual business. Engagement scoring rules apply only to engagements.

    Before you begin

    Role required: sn_vdr_risk_asmt.vendor_risk_manager

    About this task

    Important:
    Engagement risk scoring rules apply only to engagements and not to parent third parties. Engagement risk rating scores, therefore, apply only to risk assessments for the engagement.

    Procedure

    1. Navigate to All > Third-party Risk Management > Scoring Setup > Engagement Risk Scoring Rules.
      List of engagement risk scoring rules.
    2. Select New, fill in the form, and then select Submit.
      Engagement Risk Scoring Rule — New.
      Table 1. Engagement Risk Scoring Rules form
      Field Description
      Name Name of the scoring rule.
      Description Description of the scoring rule.
      Number For each engagement risk scoring rule, the system auto-assigns a unique ID number that starts with the text ERS.

      The unique ID is used in all references to the item. You can use the ID to search or filter for the item that you want to work on.
      Third-party risk area criteria

      The third-party risk area criteria that applies to this engagement risk scoring rule.

      A third-party risk area criteria is a group of risk domains (sometimes called risk areas in other platform features) that applies to a particular type of third party. See Define third-party risk area criteria for details on how criteria are defined.
      Engagement risk component criteria The engagement risk component criteria that applies to this engagement risk scoring rule. Components are the entities for which you can assess risk (for example, subsidiaries or engagements). A component criteria is a group of components that should apply to a particular type of third party or engagement.
      Active Option to activate the rule. Only active rules are applied to engagements.
      Order Specify the order to indicate the rule's precedence. If multiple rules apply to the same engagement, the one with the higher-order value is applied.
      Engagement Filter

      Criteria for selecting engagements.

      Use the condition builder to define the criteria.

      For example, you can perform assessments for third parties with whom you do considerable business: Annual spend is greater than $40,000 or third parties within a particular category: Category is software.