Risk intelligence report requests management

Release version: Australia

Updated March 12, 2026

4 minutes to read

You can view a list of risk intelligence report (RIR) requests, their associated providers, scores, and report URLs. In addition, you can create requests and make updates by using the Third-party Risk Management application.

Risk intelligence report request process

If you have the third-party risk (TPR) assessor [sn_vdr_risk_asmt.vendor_risk_assessor] or TPR manager [sn_vdr_risk_asmt.vendor_risk_manager] role, you can request a RIR or score. You can create a RIR request that is associated with a third party or due diligence request. If you want to associate an RIR request with a due diligence request, it must be after an inherent risk questionnaire (IRQ) has been completed (that is when the due diligence request has entered the IRQ in progress state). You can update the Sanction section at any time.

For more information, see Request a risk intelligence report, Request a risk intelligence report associated with a due diligence request, Risk intelligence report request form, and Track sanctions-related information.

The following example shows how a new risk intelligence report request appears in Vendor Management Workspace.

Risk intelligence report request view from the Details tab on the report request page. — Figure 1. Example of a risk intelligence report request

The following table shows the information that is captured in an RIR request.

Table 1. Risk intelligence report request
Field	Description
Risk intelligence report request section
Number	Unique ID number that is auto-assigned by the system and starts with the text RIR.
Provider	Organization that is responsible for generating the risk intelligence information for the request.
Request type	Type of report or score that is provided. Each service that is offered by the provider returns a particular type of risk rating or score. For example, Financial risk or Security risk. Note: The request types that are available are dependent on what has been set up for the provider. For more information, see Set up a request type for a provider.
Third party	Third party that is to be scored by the provider.
Due diligence request	Due diligence request that is associated with the risk intelligence request. There’s an option to request risk intelligence as part of a due diligence request. For more information, see Request a risk intelligence report associated with a due diligence request.
Short description/Description	Text that explains and clarifies the intent of the request for stakeholders.
State	Current state of the request: Open Order pending Order in progress Closed complete Closed incomplete
Request date	Date that the order is pending and ready to be sent to the provider.
Received date	Date that the response from the provider is received.
Report results section
Score	Overall risk score that is determined by the provider.
URL	Link to additional information about the origin of the generated score.
Score generated on	Date that the score is generated.
Sanction section
Sanctioned	Option that you can select Yes to indicate that the third party is sanctioned. This field is set to No by default.
Start date	Start date of the sanctioned enforcement.
End date	End date of the sanctioned enforcement.
Details	Text that explains and clarifies the type of sanction and how it impacts your business relationship with the third party.

Risk intelligence report requests tab

While viewing the data for a third party, you can select the Risk intelligence report requests tab to view the list of report requests.

The following example shows the Risk intelligence report requests tab in Vendor Management Workspace.

Risk intelligence report requests view from Risk intelligence Report requests tab in Vendor Management Workspace. — Figure 2. Risk intelligence report requests tab

For more information on RIR requests, see Using risk intelligence reports and scores.

Risk intelligence report request states

The RIR requests have the following potential states:

Open

An RIR request enters this state after the record has been created and saved by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request. For each risk intelligence request, the system auto-assigns a unique ID number that starts with the text RIR.

Order pending

An RIR request enters this state after the record has been reviewed and submitted by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request.

The following changes take place:

The order has been submitted to the provider.
The Request date field has been populated with the date that this record was submitted on.
All fields in the Risk intelligence report request section are read-only.

Order in progress

An RIR request enters this state after the order has been received by the provider.

The following changes take place:

The score records are generated with the report request.
The Score generated on field is updated.

Closed incomplete

An RIR request enters this state after the order was received by the provider but couldn’t be processed due to an error, and the order was closed.

Closed complete

An RIR request enters this state after the order was received and processed by the provider.

Canceled

An RIR request enters this state after a TPR manager, TPR assessor, or contract negotiator cancels the report request. If you must cancel a request, it can be done while the request is in the Open or Order pending state. If you want to create a duplicate of a canceled request, you can’t edit that record. You must create a new RIR request.