Create new internal assessment form
Use the internal assessment form to capture all the information that you need to create an internal assessment. As a third-party risk assessor, you can create an assessment template.
| Field | Description |
|---|---|
| Name | The name that identifies the third-party risk assessment on all forms and lists. |
| Short description | A more detailed explanation of the purpose of the assessment. |
| Number |
For each external risk assessment, the system auto-assigns a unique ID number that starts with the text VRA. The unique ID is used in all references to the item. You can use the ID to search or filter for the item that you want to work on. |
| Applies to | The party to which the assessment applies: Third party or Engagement. |
| Third party | Select the third party to assess. Note: You can reactivate a third party that is in Terminated status. If such a request is accepted and closed, the third party's status is changed to
Active. |
| Engagement | Select the engagement to assess. The field is visible only if you selected Engagement from the Applies to field. |
| Due diligence request | If there’s an existing due diligence request associated with this assessment, it’s listed here. |
| Assessment Engine | The assessment engine used for the Third-party risk assessment. This field is set to Smart. This field is only visible if you have enabled the Smart Assessment Engine enabled
[ Note: When reviewing previous assessments, you can determine which engine was used by checking this field. If the assessment was created using the Classic assessment engine, the field
displays Classic. |
| State | Current stage of the internal assessment process. |
| Assigned to |
The individual who owns an assessment for audit purposes and monitors and manages overall assessment processes. The owner is responsible for confirming that the assessment is completed in a timely fashion by the third party, reviewing their responses, and creating and resolving issues. To drive the assessment to its completion, they are notified when an assessment reaches a particular milestone. They must have the TPR manager or TPR assessor role. |
| Risk rating | The overall risk rating for the third party.
Note: The Risk rating is determined by finding a risk rating scale range in which the risk score falls. It defines how a minimum and maximum range of assessment scores maps to a qualitative risk
score. |
| Respondents | Individual who is assigned to respond to the internal assessment. Multiple respondents can be assigned to an internal assessment. |
| Assessment Schedule | |
| Planned duration (days) | Estimated duration of the assessment. Note: This estimate includes the amount of time needed to receive responses and for internal and external users to review. |
| Planned start date / Planned end date | Planned start and completion dates and times for work on the assessment. Note: The Planned end date is automatically set to one month from the Planned start date. After the
assessment is saved, this date can’t be changed. |
| Actual duration | The amount of time it took to complete the third-party risk assessment. This field is calculated using the Actual state date and Actual end date. |
| Actual start date | Date and time that work on the assessment began. |
| Actual end date | Completion date and time for the assessment. |
| Notes and Comments | |
| Work notes | Information about the assessment. Work notes are visible to users assigned to the issue. |
| Additional comments (Customer visible) | Public information about the assessment. |