Sourcing and Procurement Operations integration with Third-party Risk Management

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Sourcing and Procurement Operations integration with Third-party Risk Management

    This integration enhances the Sourcing and Procurement Operations application by leveraging Third-party Risk Management capabilities to assess and manage supplier risks effectively. It requires both applications to be installed and provides a seamless connection between supplier data and risk assessments, enabling better governance and risk mitigation during procurement processes.

    Show full answer Show less

    Key Features

    • Company and Supplier Table Connection: A Related company field in the Supplier table links suppliers to corresponding Company records, enabling synchronized data management between the two tables.
    • Visibility of Risk and Tiering Assessments: Tiering and risk assessments created in Third-party Risk Management are displayed as related lists in the Supplier table, providing procurement specialists with direct access to vendor risk information.
    • Vendor Risk Reviewer Role: Procurement specialists with this role can view vendor risk assessments, facilitating informed decision-making.
    • Valid Risk Assessment Automation: A scheduled job updates the Valid risk assessment field in the Supplier table based on current risk assessment validity, ensuring up-to-date risk status.
    • Enhanced Risk Assessment Cases: The existing Conduct a Supplier Risk Assessment case now includes members of the GRC group with a Purchasing Task Owner role and displays all related risk assessments for improved oversight.
    • New Supplier Tiering Assessment Case: Automatically or manually triggered based on supplier risk tier, this case supports tiering assessments to influence sourcing decisions and procurement workflows.
    • Customization Options: Customers can configure case templates and control how sourcing requests depend on assessment completion, optimizing procurement task flows.

    What Customers Can Expect

    • Improved supplier risk visibility integrated directly into procurement processes.
    • Automated tracking and validation of supplier risk assessments to ensure compliance and reduce potential exposure.
    • Streamlined management of supplier data across Sourcing and Procurement Operations and Third-party Risk Management applications.
    • Enhanced collaboration between procurement and risk teams through defined roles and access controls.
    • Greater control over sourcing request progression tied to supplier risk and tiering assessments, supporting better procurement decisions.

    Leverage relevant supplier risk assessment capabilities by integrating Sourcing and Procurement Operations with Third-party Risk Management.

    The following capabilities can be leveraged by customers if they have both the Sourcing and Procurement Operations and Third-party Risk Management applications installed:
    • Connection between the Company and Supplier tables through the Related company field. Also, leverage properties in the tables to synchronize other fields between the two tables at your own discretion.
    • Viewing tiering assessments and risk assessments for a vendor in the Supplier table.
    • Vendor Risk Reviewer role as a procurement specialist.
    • Adding members to the Governance, Risk, and Compliance (GRC) group, containing the new Purchasing Task Owner role.
    • Automation of the Valid risk assessment field in the Supplier table.
    • Enhancements to the existing Conduct a Supplier Risk Assessment case.
    • Creating a new Conduct a Supplier Tiering Assessment case. This is automatically triggered based on its requirement specified in the Tiering assessment needed? field in the Supplier table.
      Note:
      This is unique to the Risk Assessments Integration for Sourcing and Procurement Operations application and is not available if the customer has Sourcing and Procurement Operations alone.

    Risk Assessments Integration for Sourcing and Procurement Operations application

    Customers can use the Risk Assessments Integration for Sourcing and Procurement Operations application for leveraging certain capabilities if they have both the Sourcing and Procurement Operations and Third-party Risk Management applications installed.

    With this application, the Related company field is defaulted from the current application. This new reference field displays under the Global company field as a reference to the Company table. This field is only available when the Third-party Risk Management and Sourcing and Procurement Operations applications are installed. Also, the Tiering Assessments and Risk Assessments related lists in the Supplier table are only available when the Third-party Risk Management and Sourcing and Procurement Operations applications are installed.

    Company table connection

    Two new fields are added, one in the Supplier table named Related company, and another in the Company table named Supplier that references the Supplier table.

    When you open any existing supplier record in the Supplier table, you can link it to an existing record in the Company table with the Related company field. If that record does not exist, the procurement administrator creates a record in the Company table to establish the connection.

    When you create a new supplier record in the Supplier table, a new vendor record is automatically created in the Company table with read-only reference to the Supplier table.

    Valid risk assessment visibility in the Supplier table

    Tiering and risk assessments on a vendor can be created on the vendor record in the Third-party Risk Management application. These assessments are made visible in the Supplier table as related lists, to validate any supplier in Sourcing and Procurement Operations. A procurement specialist, containing the Vendor Assessment Reviewer role can read any vendor risk assessment data.

    For information, see Third-party Risk Management.

    Valid supplier risk assessment

    To determine if a supplier has a valid risk assessment, a scheduled job is run, and the customer’s system administrator can configure its frequency. This job keeps the Valid risk assessment field in the Supplier table up-to-date, based on the Risk rating valid to field on risk assessments in the Vendor Risk Assessments table.

    A risk assessment is considered valid when:
    • Today's date is on or before the date defined in the Risk rating valid to field.
    • The value in the Valid risk assessment field in the Supplier table is Yes.

    A Conduct a Supplier Risk Assessment case is created if a risk assessment is invalid. Risk assessments can be triggered manually by the Vendor Risk Manager, or automatically from any change in vendor tier rating.

    Enhancing the Conduct a Supplier Risk Assessment case

    A Vendor Risk Manager can be assigned the Conduct a Supplier Risk Assessment case to validate a supplier's risks and to ensure that the supplier does not pose risks to the company.

    The existing Conduct a Supplier Risk Assessment case is enhanced such that:
    • The GRC group contains the Purchasing Task Owner role, with visibility and access to the case.
    • The case has a related list of the risk assessments, both valid and expired, for better visibility.

    Creating a Conduct a Supplier Tiering Assessment case

    A new Conduct a Supplier Tiering Assessment case can be created in either of these methods, and assigned to the manager of the GRC group:
    • Automatically, triggered based on its requirement specified in the Tiering assessment needed? field in the Supplier table. If the risk rating of the related supplier is critical, high, or empty, a Conduct a Supplier Tiering Assessment case is auto-triggered.
      Note:
      This is unique to the Risk Assessments Integration for Sourcing and Procurement Operations application and is not available if the customer has Sourcing and Procurement Operations alone.
    • Manually, by a customer.

    You can customize this case through the Supplier Tiering Assessment case templates, by defining the Sourcing decision dependent on case field to decide if this case should stop the sourcing request from moving into the Requires Decision state. The default value of this field is Yes. In this scenario, if all purchase requisition lines are in the Pricing Obtained state, and there are other cases still open, the sourcing request moves to the Awaiting Task Completion state. When the open cases are closed, the sourcing request moves to the Requires decision state. When the Sourcing decision dependent on case field is set to No, and if all purchase requisition lines are in the Pricing Obtained state, then the sourcing request will be in the same Pricing Obtained state even if other cases are open.

    If the sourcing request gets converted to a purchase request, the case is available to be completed in the purchase requisition.

    Note:
    All tiering assessments for a supplier are displayed in related lists.

    For more information on sourcing requests, purchasing tasks, and procurement cases, see Sourcing request and Purchasing tasks and procurement cases.