Tracking a managed activity
Summarize
Summary of Tracking a managed activity
In the Third-party Risk Management application, you can track and verify managed activities using the Usage analytics activities table (snvdrriskasmtuaactivity). Managed activities represent specific risk-related actions that consume licenses, but an engagement consumes only one license regardless of the number of managed activities within a contract year.
Show less
Key points include:
- Managed activity usage is triggered only when an activity is initiated.
- Activities related to onboarding a new third party (a company not present in the corecompany table) during due diligence are not counted as managed activities.
- Non-onboarding activities such as Inherent Risk Questionnaires awaiting response, tiering assessments awaiting response, third-party risk assessments submitted to third parties, and creation of tasks or issues for third-party risk assessments are counted as managed activities.
- Assessments automatically created and later recalled by event-driven management rules are not counted, but if recalled after submission or if not related to event-driven rules, they are counted as managed activities.
- Canceled assessments are still considered managed activities.
Using the Usage Analytics Activities Table for Verification
The Usage analytics activities table stores a read-only record each time a managed activity occurs, enabling tracking and verification. Records older than two years are automatically archived. To view this table, you must have the Third-party assessment reviewer role (snvdrriskasmt.vendorassessmentreviewer).
Access path: All > Third Party Risk Management > Administration > Managed Activity Analytics.
Key Fields in the Usage Analytics Activities Table
- Created: Date and time when the activity occurred.
- Activity: The record related to the activity.
- Activity type: The type of managed activity, including tiering assessments, internal assessments, third-party risk assessments, issues, and tasks.
- Applies to: Indicates whether the activity applies to the parent third party or the engagement.
- Third party: The third party related to the activity.
- Engagement: The engagement related to the activity.
- Status: The state of the activity, such as Tracked (logged) or Recalled (recalled by a user).
Additional Notes
- Calculated risk scores updated by assessments are considered managed activities but are not logged in the Usage analytics activities table.
- Score updates from risk intelligence score providers are not managed activities.
View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.
Overview of managed activities
You can track and verify managed activities in the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.
An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated.
Activities that are associated with a new third party going through the due diligence onboarding workflow aren’t counted as managed activities. In this context, a new third party is defined as a company that is not in the Company [core_company] table.
If any of the following activities aren’t related to a new third party going through the due diligence onboarding workflow, they’re counted as managed activities:
- An Inherent risk questionnaire (IRQ) that is sent by the system has a status of Awaiting response. For more information, see Assessing your third-party risk.
- A tiering assessment with a questionnaire that is sent by the system has a status of Awaiting response.
- A third-party risk assessment with a questionnaire that is sent by the system has a status of Submitted to third party. For more information, see Life cycle states of a external assessment.
- The creation of a task or issue for a third-party risk assessment. For more information, see Create a task for a third party or engagement and Create an issue for a third party or engagement.
Using the usage analytics activities table for verification
The usage analytics activities table stores a record every time a managed activity occurs. This table is read only. Records that are two years or older are automatically archived. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table.
You can access the Usage analytics activities table by navigating to .
The following example and table show the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table.
| Field | Description |
|---|---|
| Created | Date and time that the activity occurred. |
| Activity | Record that is related to the activity. |
| Activity type | Managed activities that can be associated with tiering assessments, internal assessments, third-party risk assessments (TPRA), issues, and tasks. |
| Applies to |
|
| Third party | Third party that is related to the activity. |
| Engagement | Engagement that is related to the activity. |
| Status | State of the activity:
|