Streamlining the supplier risk assessment workflow

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Streamlining the supplier risk assessment workflow

    This workflow enhancement simplifies supplier risk assessment for procurement specialists by automating case triggering and task management within the Third-Party Risk Management (TPRM) system. It eliminates manual updates and external communications, enabling seamless coordination between procurement and risk teams.

    Show full answer Show less

    Key Features

    • Automatic triggering of due diligence cases when sourcing requests enter the Qualification needed state.
    • Integration of supplier tiering and risk assessments into a unified workflow without needing to manually open multiple cases.
    • Procurement specialists, sourcing managers, and procurement managers can track and complete tasks directly in the system, reducing reliance on emails, calls, or meetings.
    • The tiering assessor completes the tiering questionnaire after the supply manager submits theirs, with status updates reflecting progress.
    • Suppliers complete risk assessments via the Supplier Collaboration Portal.
    • Different case creation behaviors depending on the installation and status of Supplier Lifecycle Operations:
      • New suppliers with Supplier Lifecycle Operations installed create Due Diligence Requests (DDR) as supplier cases managed through onboarding.
      • Existing suppliers with Supplier Lifecycle Operations installed create DDR as procurement cases.
      • Without Supplier Lifecycle Operations, DDRs are always created as procurement cases.

    Key Outcomes

    • Reduced manual effort and errors in updating supplier risk information.
    • Improved transparency and real-time tracking of supplier risk assessments within the platform.
    • Streamlined communication between procurement and risk teams through automated workflows.
    • Enhanced supplier qualification processes aligned with onboarding and sourcing operations.

    As procurement specialists, track activity on the Third-Party Risk Management (TPRM) records, and update and make changes to the sourcing requests and purchase requests based on the final risk rating.

    With the due diligence playbook for due diligence case types, procurement specialists no longer need multiple clicks to manually update any tasks that they need to complete during the different stages of the supplier risk assessment workflow. They no longer need to open the supplier tiering assessment and risk assessment cases that get auto-triggered whenever there’s a need for supplier qualification. With the TRPM capabilities, when a sourcing request is added to a sourcing event, in the Qualification needed state, a supplier case of type due diligence is triggered to address risk assessments. The risk team is responsible for the workflow after the due diligence is triggered.

    With this due diligence playbook, procurement specialists, sourcing managers, and procurement managers no longer need to handle these activities outside the system through emails, phone calls, or weekly zoom meetings with the risk team. There’s no need to check for any updates from the tiering assessor and update them back to their own working records. They’re also relieved from remembering or finding the appropriate records to update when the risk assessment is complete.

    The tiering assessor must complete the tiering questionnaire after the supply manager submits the tiering questionnaire. The state of the tiering assessment questionnaire changes to Awaiting response.

    The supplier contact completes the risk assessment from the supplier collaboration portal. For more information on this, see Complete a risk assessment from the Supplier Collaboration Portal.

    Note the following scenarios:
    • When Supplier Lifecycle Operations is installed, and the supplier is new, the Due Diligence Request (DDR) is created in Supplier Lifecycle Operations as a supplier case, and the due diligence case is taken care of through the onboard a supplier case.
    • When Supplier Lifecycle Operations is installed, but the supplier is old and already onboarded, the DDR is created as a procurement case.
    • When Supplier Lifecycle Operations is not installed, irrespective of whether the supplier is old or new, the DDR is created in Sourcing and Procurement Operations as a procurement case.
    For information on how Supplier Lifecycle Operations similarly assesses suppliers during the onboarding process, see Minimize risk by assessing suppliers during the onboarding process. For detailed information on the supplier onboarding playbook, see Use the supplier onboarding playbook to onboard suppliers.

    For information on how to configure TPRM, see Configuring Third-party Risk Management. For detailed information on the due diligence workflow, see Due diligence workflow.