Minimize risk by assessing suppliers during the onboarding process
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Minimize risk by assessing suppliers during the onboarding process
The Risk Assessments Integration for Supplier Lifecycle Operations enables ServiceNow customers to identify and evaluate supplier risks early in the onboarding process. By integrating Supplier Lifecycle Operations with Third-party Risk Management, you can streamline supplier onboarding while conducting thorough risk assessments and due diligence, reducing potential risks associated with new suppliers.
Show less
Key Features
- Supplier onboarding playbook: Guides supplier managers through a structured onboarding process, including due diligence requests and risk assessment steps.
- Due diligence and risk assessment workflow: Supplier managers initiate due diligence requests, which are assessed by third-party risk (TPR) managers and assessors using inherent risk questionnaires and external risk questionnaires completed via the Supplier Collaboration Portal.
- Risk scoring and approval: Risk records are updated with final ratings based on completed assessments and contract approvals, enabling informed decisions on supplier onboarding.
- Integration requirements: Requires installation of Supplier Lifecycle Operations, Third-party Risk Management applications, and associated plugins, along with appropriate licensing for Third-party Risk Management.
Practical Application
ServiceNow customers can use this integration to:
- Create suppliers and initiate onboarding through playbooks that automatically generate due diligence requests.
- Assign risk assessments internally to TPR assessors and externally to suppliers via questionnaires.
- Track and approve risk assessments and contract records to finalize supplier onboarding decisions.
- Leverage risk assessment outcomes combined with other data to decide whether to proceed with or cancel supplier onboarding.
Expected Outcomes
- Reduced supplier onboarding risk through comprehensive risk evaluation.
- Improved collaboration between supplier managers and risk assessors, ensuring thorough due diligence.
- Streamlined onboarding workflow with clear approval steps and risk scoring visibility.
- Enhanced ability to make informed, risk-aware decisions when approving new suppliers.
With Risk Assessments Integration for Supplier Lifecycle Operations, you can identify and assess potential supplier risks when onboarding new suppliers.
Combined benefits of integrating Supplier Lifecycle Operations with Third-party Risk Management
| Feature | Supplier Lifecycle Operations | Third-party Risk Management | All applications together |
|---|---|---|---|
Supplier onboarding |
 |
 |
|
| Information and data management | |
|
|
| Case and dispute management | |
|
|
| Risk onboarding | |
|
|
| Third-party risk due diligence, external and internal risk assessment | |
|
|
| Risk intelligence | |
|
|
| Risk scoring and monitoring | |
|
|
| Risk executive dashboard | |
|
|
Workflow of Risk Assessments Integration for Supplier Lifecycle Operations
Use Supplier Lifecycle Operations and Third-party Risk Management together for these benefits:
- Evaluate supplier risk when onboarding suppliers
- Analyze risk score to determine whether to onboard a supplier
The following figure shows an example workflow of how a supplier manager and a third-party risk (TPR) assessor can use the applications together to evaluate supplier risk.
In this workflow:
- The supplier manager receives a supplier onboarding request.
- The supplier manager uses the onboarding playbook, which provides a streamlined and guided process to onboard suppliers. For more information, see Use the supplier onboarding playbook to onboard suppliers.
- The supplier manager submits a due diligence request.
Performing due diligence is a key aspect of onboarding a supplier. The supplier risk assessment is done by the third-party risk (TPR) assessor. For more information, see Get started with Risk Assessments Integration for Supplier Lifecycle Operations.
- The TPR manager approves the due diligence request.
- The inherent risk questionnaire is created and assigned to the TPR assessor.
- The TPR assessor submits the completed IRQ.
- Two risk assessment questionnaires are created and assigned to the supplier contact.
- The supplier contact logs in to the Supplier Collaboration Portal and completes the risk assessment questionnaires.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- The supplier manager accepts the risk rating and closes the due diligence request.
Requirements for integrating Supplier Lifecycle Operations and Third-party Risk Management
- Install the Supplier Lifecycle Operations (com.snc.sn_supplier_mgmt) application from the ServiceNow® Store. For more information, see Install Supplier Case Management.
- Install and activate the Risk Assessments Integration for Supplier Lifecycle Operations (com.snc.sn_supplier_tprm) plugin.
- Install the Third-party Risk Management (com.sn_vdr_risk_asmt) application from the ServiceNow® Store. For more information, see Configuring Third-party Risk Management.
- Install and activate the GRC: Third-party Due Diligence Request (com.sn_tprm_onboarding) plugin.
Note:
You must have a license for Third-party Risk Management (formerly Vendor Risk Management) to take advantage of this better together solution.
Get started with Risk Assessments Integration for Supplier Lifecycle Operations
Get started with Risk Assessments Integration for Supplier Lifecycle Operations by completing these tasks:
- Create a supplier. For more information, see Create a supplier from the Source-to-Pay Workspace.
- Onboard a new supplier using playbooks. For more information, see Use the supplier onboarding playbook to onboard suppliers.
- The playbook creates a due diligence request. For more information about the fields in this activity, see Request due diligence for a third-party engagement.
- The supplier manager fills and submits a due diligence request, which is assigned to the TPR manager.Note:For each due diligence request, the system auto-assigns a unique ID number that starts with the prefix DDR.
- If the due diligence request is approved by the TPR manager, the inherent risk questionnaire (IRQ) is sent to the TPR assessor (internal stakeholder).
- After the TPR assessor submits the completed IRQ, the due diligence process begins.
- The due diligence process creates two risk assessments, each containing an external due diligence questionnaire, one for the third-party and another for engagement.
- After the supplier contacts complete and submit the external questionnaires from the Supplier Collaboration Portal, the TPR manager goes through the questionnaires and approves the due diligence request. For more information, see Complete a risk assessment from the Supplier Collaboration Portal.
- A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
- After the supplier manager accepts the risk rating, an email is sent to the requester informing that the due diligence request has been successfully processed and approved.
- The supplier manager closes the due diligence request (case).
- As a supplier manager, you can use the risk assessment result data in combination with any other data to determine whether to continue or cancel the onboarding process.