Using multiple risk models

The Multiple Risk Models feature is only available to Plus Package 3PM customers.

Multiple risk models allow you to associate more than one risk modelClosed Created for different third-party types and categories within the type to apply separate evaluation criteria to diverse types of third parties. Four factors make up a risk model: country, type and category, DDQ questions, and third-party custom field questions. with a third-party type and category. This enables you to view different risks associated with a third party based on specific relationships, evaluate the third party's risk tolerance, develop strategies to build resilience into your system, and consider precise risk calculations.

When multiple risk models are enabled, a default risk area named Risk RatingClosed The risk assessment history which changes over time based on the risk model assigned and other factors. Details include how the relationship is categorized, the services provided, the country risk, due diligence questionnaire responses, and custom fields. is created with a default value of 0 (zero). The primary risk rating is the risk rating from which the scope of investigation is recommended based on its score. An active risk model that is part of a risk area with the lowest order number is considered the primary risk area for any third-party type and category. The primary risk area is considered in workflows, forms, rate, the dashboard, and analytics. You can enable up to five risk models.

FAQ

What is the Multiple Risk Models feature?

The Multiple Risk Models feature enables you to associate multiple risk models with a third-party type and category, and view different risks associated with the third party based on specific relationships.

Who can use the Multiple Risk Models feature?

The Multiple Risk Models feature is only available to Plus Package 3PM customers.

Contact your CSM or Support_3PM@Diligent.com. The support staff can enable the MRM feature.

How many risk models can be applied to a third-party profile?

The maximum number of risk models you can apply to a third-party profile is five.

What happens when the Multiple Risk Models feature is enabled?

When the Multiple Risk Models feature is enabled, a default risk area named Risk Rating is created, and all previously active risk models for any third-party type and category are part of the default risk area.

What is the primary risk model, and how do we identify which model is the primary risk area for any third-party type and category?

The primary risk area is the risk area from which the scope of investigation is recommended based on its score. It is used elsewhere in the Third-Party Manager application, for example in reporting and workflows. A risk model that is part of an active risk area with the lowest order number is considered the primary risk model for any third-party type and category.

Where can we see all the risk models applied to any third-party type and category?

The Record Detail tab for any third-party profile shows all applied risk models.

What is a risk area?

A risk area is a category under which a risk model is defined.

How can we assign a risk area to a risk model?

You can assign a risk area to any risk model when you set up a new risk model or update an existing one. The risk area's order helps determine the primary risk model for any third-party type and category.

Can we enable or disable a risk model?

Yes. To enable or disable any risk model, see Enable a risk model for a third party.

Does the Multiple Risk Models feature work with engagements?

Yes, multiple risk models work with engagements.

What kind of training and support is available for the Multiple Risk Models feature?

Diligent provides tutorials and guides to help you understand the feature. It is possible we will add live demonstrations to help users familiarize themselves with the new feature. Our support team is available to assist with any questions or concerns.

Does the Multiple Risk Models feature replace any existing features?

The Multiple Risk Models feature enhances the existing risk model feature and does not replace any other existing features. It works alongside our risk model feature.

Can I provide feedback about Multiple Risk Models feature?

We welcome feedback from our users. You can submit your feedback to Third-Party Manager Support.

Where can I find more detailed information about the Multiple Risk Models feature?

For more detailed information, visit our product update page.

Enabling multiple risk models for the first time

To enable the Multiple Risk Models feature, contact your CSM or Diligent Support.

Add a risk area

  1. From the left navigation pane on theThird-Party Manager dashboard, select Third Party.

  2. Select the Settings tab.

  3. Select the Content Control tab.

  4. Select the FieldClosed A field is a way to input information, often a question. / Lists tab.

  5. In the View list, select Risk Areas. In the list, risk areas are mapped to type and category.

  6. Select Add New.

  7. Enter a unique risk area name, select Active, and enter a unique order number. A lower risk model order number indicates a higher priority. To assign the risk area the highest priority, enter 1 as the order number.

    Note

    You can change the risk area name and order number. Entering an existing risk area name or order number results in an error.

  8. Select Save.

Note

You can delete risk models not associated with a security role. If a third party has run against the security role, the risk model is permanently associated with that security role. The risk model can be activated or deactivated but not deleted.

Associate a risk area with a risk model

To associate a risk area with a risk model, follow the steps in Create the model and add type and category.

Enable a risk model for a third party

When multiple risk models are enabled, you can enable up to five risk models. If you want to create a new risk model, see Managing risk models. To enable a risk model:

  1. From the left navigation pane on theThird-Party Manager dashboard, select Third Party.

  2. Select the Settings tab.

  3. Select the Content Control tab.

  4. In the Manage Application Content section, select Risk Inventory.

  5. In the Manage Risk Models section, select View / Clone Published.

  6. In the list, select Enable next to a risk model.

    Note

    If the type and category for a risk model has too many risk models enabled, an error message displays. You must disable a risk model to enable another one. Select View / Clone Published, and then disable a risk model in the list.

View your profile with multiple risk models

  1. From the left navigation pane on theThird-Party Manager dashboard, select Third Party.

  2. Select the Third Party Management tab.

  3. Select the third party for which you want to view associated risk models.

    You can use Quick Search to locate the third party, or select the third party from Recently Viewed or the list of third parties. The Record Detail tab shows the risk models enabled for the third party. The Risk Assessment History dialog displays the risk areas and risk models associated with the third party and identifies the primary risk model.