TPRM - Financial Due-diligence<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } 1. Where is the type of due diligence set up? Is it a record producer, a field, or a separate workflow?– The documentation page “Types of due diligence in Third-party Risk Management” describes conceptual types (financial, legal, operational, etc.), not a separate configuration entity.– In the data model, there is a single Third-party due diligence request record on the table [sn_tprm_dd_request]. The form has fields such as State and Request type (Onboard a new engagement, Reassess, Offboard, etc.), but there is no OOTB “due diligence type = Financial/Legal/Operational” field on that record. This is documented under “Third-party due diligence request – Field Description,” where only Request type and other basic attributes are listed.Reference:[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-workspace-vrm/reference/tprm-ws-dd-mgt-pg-details-tab.html]– The conceptual “type” (for example, financial due diligence) is realized by which assessments and questionnaires you attach and run as part of the due diligence request, not by a dedicated “type” field or separate workflow per type.2. Is it a record producer?– The initial request is created via the standard “Request third-party risk due diligence” entry point, which is exposed as a record producer / request form from Employee Center and writes into the Third-party due diligence request table [sn_tprm_dd_request].– That record producer captures high-level information (third party, engagement, annual spend, request type, etc.) but it does not let you pick “Financial vs Legal due diligence” as a separate value.Reference (related content from the same topic):[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-workspace-vrm/reference/tprm-ws-dd-mgt-pg-details-tab.html]3. Is it a field?– Out of the box there is no field on the due diligence request that directly stores “Financial / Legal / Operational” as a due diligence type.– The closest built-in classification on the request is Request type (Onboard, Reassess, Offboard…), which controls lifecycle, not which risk domain (financial, legal, etc.) you are assessing.4. Is it a separate workflow?– There is one due diligence workflow (states like IRQ, external due diligence, approval, contract risk, closed) that is used for all due diligence requests. The types described in the documentation do not map to separate workflow definitions; they are implemented by configuring different assessments/questionnaires and routing logic on top of that single workflow.Reference:[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-workspace-vrm/reference/tprm-ws-dd-mgt-pg-details-tab.html]5. How is “Financial due diligence” actually triggered/configured?– The recommended pattern is to use the Inherent Risk Questionnaire (IRQ) and Smart Assessment capabilities to decide when to send a specific external questionnaire, such as a financial due diligence questionnaire.– The official community article on IRQs gives an explicit example: “Is the total investment greater than $50K? A financial due diligence questionnaire can be sent.” This shows that “financial” is captured by a specific questionnaire and the trigger condition, not by a standalone “type” field.Reference:[https://www.servicenow.com/community/grc-articles/third-party-risk-management-gt-inherent-risk-questionnaires-irqs/ta-p/3305039]– In practice, you:a) Create one or more TPRM Smart Assessment / questionnaire templates that represent your “Financial due diligence” content (for example, a template focused on financial statements, liquidity, leverage, etc.).b) Use IRQ process management and/or Event-driven management rules to automatically attach and send that questionnaire when specific answers or scores indicate higher financial exposure (for example, annual spend over a threshold, critical services, specific geographies).Related configuration documentation (how to orchestrate IRQ and external questionnaires):– IRQ process and due diligence:[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-vendor-risk/concept/tprm-due-diligence-types.html]– IRQ / assessment process management:[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-vendor-risk/concept/tprm-assessing-tpr.html]– Event-driven management rules (automate when assessments are created/sent):[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-workspace-vrm/task/tprm-event-drvn-mgt-rule-create.html]6. Are there any OOTB questionnaires for this?– The Third-party Risk Management application [com.sn_vdr_risk_asmt] includes sample questionnaires when you load demo data (for example, general third-party and engagement risk questionnaires). This is confirmed in the TPRM “Questions related to plugins and sample questionnaires” community thread.Reference:[https://www.servicenow.com/community/grc-forum/tprm-questions-related-to-plugins-and-sample-questionnaires/m-p/2873580]– However, “Financial due diligence” is not a separate out-of-the-box module. You are expected to either clone and tailor the sample questionnaires or build your own Smart Assessment templates that cover financial topics, and then hook them into the IRQ / event-driven rules as described above.7. Summary of where configuration actually lives– Due diligence request itself:– Table: sn_tprm_dd_request– Created via the “Request third-party risk due diligence” record producer / form.– Fields such as Request type, Third party, Engagement, Annual spend, etc., are documented here:[https://www.servicenow.com/docs/bundle/zurich-governance-risk-compliance/page/product/grc-workspace-vrm/reference/tprm-ws-dd-mgt-pg-details-tab.html]– Due diligence “type” (financial, legal, etc.):– Implemented through specific Smart Assessment / external questionnaire templates and the conditions that attach/trigger them.– Conditions are typically driven from IRQ scoring and answers, using IRQ process management plus event-driven management rules.Because of that design, there is no single “Financial due diligence” toggle or field to configure. Instead, you configure:– Which questionnaires represent your financial due diligence.– Under what IRQ conditions or risk tiers those questionnaires are automatically sent.