Streamlining the supplier risk assessment workflow

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Streamlining the supplier risk assessment workflow

    This workflow enhancement in the Third-Party Risk Management (TPRM) module simplifies how procurement specialists manage supplier risk assessments. It reduces manual steps and communication overhead by automating task updates and case triggering during supplier qualification and risk evaluation.

    Show full answer Show less

    Key Features

    • Automated Due Diligence Cases: When a sourcing request enters the "Qualification needed" state, a due diligence case is automatically triggered to handle risk assessments without manual intervention.
    • Integrated Task Management: Procurement specialists, sourcing managers, and procurement managers no longer need to coordinate via emails, calls, or meetings with the risk team, as all updates occur within the system.
    • Supplier Collaboration Portal: Suppliers can complete risk assessments directly through the portal, streamlining data collection and reducing delays.
    • Tiering Assessment Coordination: The tiering assessor’s questionnaire workflow is integrated, updating statuses automatically to "Awaiting response" after supply manager input.
    • Flexible Case Creation: Depending on the installation of Supplier Lifecycle Operations and supplier status (new or existing), the Due Diligence Request (DDR) is created appropriately as either a supplier case or procurement case, ensuring seamless integration with existing supplier onboarding or procurement processes.

    Practical Benefits for ServiceNow Customers

    • Eliminates the need for manual updates and reduces multiple system navigation steps during supplier risk assessment.
    • Improves collaboration between procurement and risk teams by consolidating communications and task tracking within the platform.
    • Ensures timely and consistent supplier risk evaluations, enhancing compliance and reducing operational risk.
    • Supports different organizational setups with or without Supplier Lifecycle Operations, providing flexibility in managing supplier qualification workflows.

    Next Steps

    Procurement specialists should use the due diligence playbook to monitor and complete supplier risk assessment tasks efficiently. Additional related workflows and playbooks are available to handle contract requests, NDAs, delivery address verification, and purchase order edits, further streamlining procurement operations.

    As procurement specialists, track activity on the Third-Party Risk Management (TPRM) records, and update and make changes to the sourcing requests and purchase requests based on the final risk rating.

    With the due diligence playbook for due diligence case types, procurement specialists no longer need multiple clicks to manually update any tasks that they need to complete during the different stages of the supplier risk assessment workflow. They no longer need to open the supplier tiering assessment and risk assessment cases that get auto-triggered whenever there’s a need for supplier qualification. With the TRPM capabilities, when a sourcing request is added to a sourcing event, in the Qualification needed state, a supplier case of type due diligence is triggered to address risk assessments. The risk team is responsible for the workflow after the due diligence is triggered.

    With this due diligence playbook, procurement specialists, sourcing managers, and procurement managers no longer need to handle these activities outside the system through emails, phone calls, or weekly zoom meetings with the risk team. There’s no need to check for any updates from the tiering assessor and update them back to their own working records. They’re also relieved from remembering or finding the appropriate records to update when the risk assessment is complete.

    The tiering assessor must complete the tiering questionnaire after the supply manager submits the tiering questionnaire. The state of the tiering assessment questionnaire changes to Awaiting response.

    The supplier contact completes the risk assessment from the supplier collaboration portal. For more information on this, see Complete a risk assessment from the Supplier Collaboration Portal.

    Note the following scenarios:
    • When Supplier Lifecycle Operations is installed, and the supplier is new, the Due Diligence Request (DDR) is created in Supplier Lifecycle Operations as a supplier case, and the due diligence case is taken care of through the onboard a supplier case.
    • When Supplier Lifecycle Operations is installed, but the supplier is old and already onboarded, the DDR is created as a procurement case.
    • When Supplier Lifecycle Operations is not installed, irrespective of whether the supplier is old or new, the DDR is created in Sourcing and Procurement Operations as a procurement case.
    For information on how Supplier Lifecycle Operations similarly assesses suppliers during the onboarding process, see Minimize risk by assessing suppliers during the onboarding process. For detailed information on the supplier onboarding playbook, see Use the supplier onboarding playbook to onboard suppliers.

    For information on how to configure TPRM, see Configuring Third-party Risk Management. For detailed information on the due diligence workflow, see Due diligence workflow.