welcome to the vendor risk management demo my name is Philip Rajesh I'm a technical consultant designer solutions today we are going to talk about vrm its capabilities and go through and vrm is the process of ensuring that the use of service providers and suppliers does not create an unacceptable potential for business disruption or a negative impact on risk and compliance management extends beyond internal systems and processes and also includes the party relationships so the key capabilities of vrm are the vendor portfolio vendor tearing assessment management vendor portals issues for mediations and GRC integration we will look at a typical process for a vendor risk from tearing the assessment the generation of findings remediation of issues reports and risks and monitor the first step in the vendor risk management process needs to identify a vendor that we wish to assess this will either be from existing data within the system or from new vendor records we create as needed as we can see from the vendor risk overview dashboard there are a selection of different reports available to define the vendors that we have within the system in this case we could potentially start from vendors where risk rating is not yet been set as mentioned previously the vendor is made up from the vendor portfolio these are vendor records and vendor contact records the vendor records stored in the core company table the field vendor is set to true this makes them available to the vendor risk management process we look at an existing record it see the out of the box fields provided by ServiceNow these are named website industry then the type status risk rating ranked here landed here then the manager business owner as well as contact information and also see from the company related records the we can look at tearing assessments the assessments themselves issues tasks entity type and whether or not the active in the system risks and controls well as security scores which are made available if the security score framework is used a vendor must have at least one vendor contact that is set to primary this vendor will be the primary person who will receive correspondence from the platform as well as the invite the system all of the fields can be customized as per view organizations needs new fields added a new choice is made available and the records can also be created via third-party integrations imported via spreadsheets or the data files as well as created manually within the system second step in the vrm process is to ascend tiering assessment to the organization by which to assess the vendor choose a vendor from a vendor list roll down to tearing assessments we can add a new assessment sign this assessment to an individual this is typically somebody inside of the organization who will be handling the process of hearing assessment then have the vendor which is automatically completed for us with another name and a tiering Assessor this will be the actual individual or individuals who more complete this particular assessment you have more than one Assessor then we will have two different sets of results which will be activated save miss record we can scroll down to the tearing questionnaire and add one from the bank different tearing question is can be set up as needed you take the default vendor tearing scale which is what the results of the questionnaire will be applied to with the eventual score we said miss assessment impersonates the particular user take a look at the sample questionnaire questionnaire submit reenter impersonation right into our user record we can look at the tearing assessment and based on the information coming back from this tearing we can see that it has been given our minor different questions inside the questionnaire can be configured to keep different weights and scoring that will affect the scoring of that question and look at the assessment infants look at the user responses we can then close out this assessment once this is closed you also get the message that the next assessment has been cleared up we return to the vendor we can now see that the vendors here has been set to minor however at any point we can change this if we feel that we need a different tier rating third step in the vrm process is the assessment in the previous stage we completed the tearing assessment which led to the automatic generation of the assessment the assessment is typically carried out by the vendor if we scroll to the company record and go down to the related list we can see the completed hearing assessment if we switch over to the assessment tab we can see the new assessment that has been set up in a state of draft this is automated using the tier based submission rules the submission rules dictate the description and the templates that is used when this assessment is generated look at this assessment we can see that the vendor is assigned the assessment templates and description a name have come in from the tier based assessment yeah we can look at the record scroll down see the questionnaire and document requests that are set up within this template and sample sessemann template is typically a questionnaire and a document request there can be many questionnaires or many document requests inside of a template once we're happy with the information that is here we may wish to assign an owner and then he uses them may wish to be on the watch list so you can see this rocket is in the state of draft so we can submit this to the vendor once this has been submitted to the vendor you can see a message at the top of the screen in impersonate our primary vendor contact and switch to the vendor portal we can see that the questionnaire is waiting to be completed offender I can click on the questionnaire assign them is needed look at any issues and tasks that are raised against it so if I can question err save my responses if you thought of the questionnaire we can see that this initial questionnaire has been answered and is in a state of progress we can also take a look at the document request as a fight if we do have a document we will then be requested to attach a document you not and no other information is required we can then submit this in this particular option we can see that there is one announced a question which would be the more information but because this is not a mandatory field it is not required once all of these have been completed we can submit this assessment used to ignore the questions if we feel that they are not relevant or are not needed and submit the vendor can see then that this has been submitted back to ServiceNow and can then be worked internally by this you can switch back to the vendor record and see that the responses have been received if we scroll down we can take a look at the questionnaire and document requests take a look at the responses we can see that the questionnaire has been given a risk rating of minor the score again is calculated based on the configuration of the questionnaire different questions can be given different scores and different weighting basing on how important those questions are we can then generate any observations we can create issues and tasks either against particular questions within the questionnaire or we can create any tests or issues that are related directly to the questionnaire and not to a question once we are happy with those observations we can choose to finalize with vendor and then close out this record if we return to our company records we can now see that we have a risk rating of low default service now does not set automatically set this risk rating this race risk rating is typically a manual process that is set by the vendor the fourth step in the vrm process is typically issues and remediation as discussed in the previous step issues and tasks can be generated against a Nair question within a questionnaire or from a company record if we Scrolls of the company down to the related lists see we have issues and pasts generate an issue give it a short description assign this to the vendor contact this is an internal process we can analyze the record before we send the issue we can give it a prioritization and throw a recommendation requesting additional information generate a task who is typically something that needs to be corrected or as a task it could be something that needs to be carried out you can then submit this to a vendor if you return to the bottle as the primary vendor we can look at our issues tab and see the issues that has just been submitted yeah the vendor can add any information or comments that they wish touch any additional documentation if any tasks were associated we can also check them here at sign if we have other users on the portal that are convenient as you can see from the Activity Stream documentation to be attached then resolve this issue puritan to the vendors issue record we can see that has now moved to a state overview the document has been attached in C in the Activity Stream the information that was entered from John and a powerful feature from ServiceNow that I can actually still see the vendor logged in and can send direct communication if I wish to further my conversation I am happy with this result close the issue or its into the record and see that that issue is now gone this issue list is set that initial active is true I were to remove it I could still get into this record tasks are generated in the same way it's time and choose to have an internal task does not go to vendor I can bypass and this gives me the option of having an internal task that is not viewed by the vendor that can be worked by the internal CRM team what's the signal information is being complete I can close this record I can see those tasks most issues once the issues and remediations are closed and completes that will conclude one assessment cycle new assessments and new tearing assessments can be set up based on changes to fields inside of the record for instance a tier change or new assessment triggered when a security score drops below a certain threshold these can all be configured as for the organization's requirements also completed assessments can be reopened if tasks or issues need to be raised against a particular question this concludes our end-to-end demo for vendor risk management fee stay tuned for our spotlight video where we will descend into areas in further detail my name is phil approach for cena solutions please leave your questions or comments below thank you very much