Tracking a managed activity

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tracking a managed activity

    In the Third-party Risk Management application, you can track and verify managed activities using the Usage analytics activities [snvdrriskasmtuaactivity] table. An engagement consumes a single license regardless of the number of managed activities within a contract year. Managed activity usage is counted only when an activity is initiated, excluding activities tied to onboarding a new third party (a company not listed in the Company [corecompany] table).

    Show full answer Show less

    The following activities are counted as managed activities if they are not related to onboarding a new third party:

    • An Inherent Risk Questionnaire (IRQ) with status "Awaiting response."
    • A tiering assessment with a questionnaire status of "Awaiting response."
    • A third-party risk assessment with questionnaire status "Submitted to third party."
    • Creation of tasks or issues for third-party risk assessments.

    Automatically created assessments via event-driven management rules that are later recalled before submission to the third party are not counted as managed activities. However, assessments not linked to event-driven rules cannot be recalled and count as managed activities. Cancelled assessments are still counted as managed activities.

    Using the Usage Analytics Activities Table for Verification

    The Usage analytics activities table records each managed activity, is read-only, and archives records older than two years automatically. To view this table, users need the Third-party assessment reviewer [snvdrriskasmt.vendorassessmentreviewer] role. It can be accessed via:

    All > Third Party Risk Management > Administration > Managed Activity Analytics

    The table includes key fields such as:

    • Created: Date and time of the activity.
    • Activity: Reference to the related record.
    • Activity type: Types include tiering assessments, internal assessments, third-party risk assessments, issues, and tasks.
    • Applies to: Indicates if the activity applies to the third party or the engagement.
    • Third party and Engagement: Entities related to the activity.
    • Status: Either "Tracked" (logged) or "Recalled" (user recalled after occurrence).

    Note that calculated risk scores updated by assessments are managed activities but are not logged in this table. Additionally, score updates from risk intelligence score providers are not considered managed activities.

    View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.

    Overview of managed activities

    You can track and verify managed activities in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated.

    Activities that are associated with a new third party going through the due diligence onboarding workflow aren’t counted as managed activities. In this context, a new third party is defined as a company that is not in the Company [core_company] table.

    If any of the following activities aren’t related to a new third party going through the due diligence onboarding workflow, they’re counted as managed activities:

    If a third-party risk assessment or due diligence request is automatically created by an event-driven management rule and later recalled, it isn’t counted as a managed activity. An assessment that is related to an event-driven management rule can be recalled up until the time that it’s submitted to the third party. For more information, see Event-driven management — automate assessment processes.
    Note:
    If an assessment isn’t related to an event-driven management rule, you can't recall it and it’s counted as a managed activity. If an assessment is canceled, it’s still considered as a managed activity.

    Using the usage analytics activities table for verification

    The usage analytics activities table stores a record every time a managed activity occurs. This table is read only. Records that are two years or older are automatically archived. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table.

    You can access the Usage analytics activities table by navigating to All > Third Party Risk Management > Administration > Managed Activity Analytics.

    The following example and table show the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.

    Figure 1. Usage analytics activities table
    Usage analytics activities table with sample data.
    Table 1. Usage analytics activities
    Field Description
    Created Date and time that the activity occurred.
    Activity Record that is related to the activity.
    Activity type Managed activities that can be associated with tiering assessments, internal assessments, third-party risk assessments (TPRA), issues, and tasks.
    Applies to
    • Third party: The activity applies to the parent third-party organization.
    • Engagement: The activity applies to the engagement.
    Third party Third party that is related to the activity.
    Engagement Engagement that is related to the activity.
    Status State of the activity:
    • Tracked: The activity is logged.
    • Recalled: The activity was recalled by a user after it occurred.
    Note:
    The calculated risk scores that are updated by assessments are managed activities. However, they aren’t logged in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table. The score updates from the risk intelligence score providers aren’t managed activities. For more information on the risk intelligence scores, see Viewing risk intelligence scores.