Third Party Catalog Use Case Design

This topic explains the Third Party Catalog use case design.

On this page

Architecture diagram

The following diagram shows the relationships between the applications in the Third Party Catalog use case.

Note:

Any connection to the perimeter of the Third Party Hierarchy means the connection could be to any of the 3 levels within the Hierarchy: Third Party Profile, Subsidiary, or Sub-Subsidiary.
Findings are automatically generated within Issues Management for all Assessments. Findings can also be generated manually across the use case, where appropriate.

Applications

The following table describes the use case applications.
Application	Description
Third Party Profile	The Third Party Profile application enables you to store information about each third party included in your business activities. Third Party Profile is a 3-leveled application where complex third party relationships can be documented regarding the third party, its subsidiaries and the sub-subsidiaries. A third party engagement can be tied to any level of the third party hierarchy. This application is the hub for navigation throughout the use case and contains summary metrics and reporting. The Third Party Profile application supports additional fields and functionality when additional Third Party Governance use cases are licensed. If those use cases are not licensed, the additional fields are not needed and can be removed. For more information, see Performing Use Case Cleanup Post-Installation. In this use case, the application does not provide references to the following: Certificates of Insurance Termination 4th Party Exposure Financial Spend Metric Analysis Risk Assessment Engagement Risk Assessments Loss Events Findings and Remediation Third Party Financial Visibility Assessment
Engagements	The Engagements application enables you to document all products and services delivered by a third party. You can assign engagements to business units, relationship managers, risk analysts, and to the contracts that establish the terms and conditions of the product and services being delivered. The Engagements application supports additional fields and functionality when additional Third Party Management use cases are licensed. If those use cases are not licensed, the additional fields are not needed and can be removed. For more information, see Performing Post-Installation Cleanup for Third Party Catalog. In this use case, the application does not provide references to the following: Certificates of Insurance 4th Party Exposure Financial Analysis Risk Ratings Third Party Performance Master Service Agreements Financial Viability Findings and Remediation Supplier Request Form
Engagement Types	The Engagement Types application allows you to define a list of all the engagement types, the associated subtypes, and all the required Certificates of Insurance that are tied to the engagements.
Contracts	The Contracts application stores all third party contracts. You can associate all third party contracts with applicable Engagements. The application allows you to categorize contracts, report on key metrics such as expiration dates and dollar amounts, and attach the actual contract documents. In addition, you can use the included workflow to submit and approve contracts.
Company	The Company application stores general, financial, and compliance information at the company level. Combined with the Division and Business Unit applications, this application supports roll-up reporting of governance, risk, and compliance initiatives across the enterprise. Note: The Company application is included in the Enterprise Catalog package.
Division	The Division application represents the intermediate unit within the business hierarchy which is a layer below the high-level company and a layer above the individual business unit. You can use this application to further document the relationships within your business and measure the effectiveness and compliance of individual divisions within the enterprise. Note: The Division application is included in the Enterprise Catalog package.
Business Unit	The Business Unit application provides a detailed view of all activities related to the specific business unit. Note: The Business Unit application is included in the Enterprise Catalog package.
Contacts	The Contacts application serves as a central repository for contact information, is utilized across multiple areas of Archer, and contains information that is often leveraged by other use cases. Updates to a profile record within this application automatically propagate in any records with displayed contact information. Note: The Contacts application is included in the Enterprise Catalog package.
Facilities	The Facilities application maintains a listing of all organizational facilities, such as data centers and branches. You can document and review all information associated with a specific facility, such as contact personnel, location information, and technologies associated with the location. Note: The Facilities application is included in the Enterprise Catalog package.

Access roles and record permissions

The following table describes the use case access roles.
Access Role	Description
Third Party: Administrator	Serves as the administrator of the use case. This role has create, read, update, and delete access rights.
Third Party: 1st Line of Defense	Provides the appropriate access levels within the use case to the first line of defense, such as Business Unit Owners, Business Unit Managers, and Relationship Managers. The first line of defense is responsible for recording third party engagements and documenting new contracts.
Third Party: Executive Management	Provides the appropriate access levels within the use case to the executive team. The executive team is responsible for reviewing third party reports.
Third Party: External Third Party	Provides the appropriate access levels within the use case to external third parties, such as the Primary Third Party Contacts, Secondary Third Party Contacts, and Tertiary Third Party Contacts.
Third Party: Legal And Procurement	Provides the appropriate access levels within the use case to the legal and procurement team, such as the Procurement Group and Procurement Officer. The legal and procurement team is responsible for reviewing and approving contracts and renewing expired contracts.
Third Party: Risk Analysts	Provides the appropriate access levels within the use case to risk analysts.
Third Party: 2nd Line of Defense	Provides the appropriate access levels within the use case to the second line of defense, such as Business Unit Risk Owners. The second line of defense is responsible for recording third party engagements.
Third Party: Read Only	Provides read-only access to the use case to personas who required limited access, such as a Funding Manager.

For a complete list of access roles and detailed, page-level access rights, see the Data Dictionary.

For a complete list of application record permission fields, including which user/groups fields populate the fields and where the fields inherit permissions from, see the Data Dictionary.

Dashboards

The following table describes the use case dashboards.
Dashboard	Description
Third Party Task Driver	The Third Party Task Driver dashboard contains quick links for frequent tasks and features relevant metrics to the current user, such as contracts and engagements that are pending action. This dashboard also uses interactive charts to display data, such as third parties by relationship manager and contracts by third party, status, and expiration date. The Third Party Task Driver dashboard is available to all third party access roles because it is filtered by the current user.
Third Party Process Manager	The Third Party Process Manager dashboard displays items relevant to users such as relationship managers and procurement officers to help them determine how processes are functioning and identify areas for improvement. This dashboard features metrics, such as expiring contracts and contracts pending review. This dashboard also uses interactive charts to show data, such as third parties by status and engagement distribution per business unit. Only users that are assigned to the Third Party: 1st Line of Defense, Third Party: Legal and Procurement, or Third Party: Administrator groups can view this dashboard.
Third Party Management	The Third Party Management dashboard provides critical third party information to help the executive team understand how third parties support crucial business processes. This dashboard uses interactive charts to display data, such as overall performance rating by third party, contract distribution by third party, and budgeted vs. actual annual engagement spend per business unit. This dashboard also features metrics for active and expired contracts to give insight on which items require immediate action. Only users that are assigned to the Third Party: Administrator, Third Party: Executive Management, or Third Party: Read Only groups can view this dashboard.

Data feeds

Note: For instructions on setting up the feeds, see Setting Up Third Party Catalog Data Feeds.

The following table describes the use case data feeds.
Data Feed	Description
Link Contracts to Third Party - Third Party Profile Level Link Contracts to Third Party - Subsidiary Level Link Contracts to Third Party - Sub-subsidiary Level	These data feeds allow you to link third parties at each level of the Third Party Profile application to contracts based on related Engagement records.

Contracts advanced workflow

This section describes the out-of-the-box Contracts advanced workflow in Third Party Catalog.

Stage 1: Submitting a Contract

New contract records are automatically enrolled in the advanced workflow. The contract evaluator receives a notification about the request and a task appears on their task-driven landing screen. The system automatically sets a Submit Due Date for 5 days into the future. The contract evaluator evaluates the document, and can either cancel the record, have it reassigned, or submit the record for approval. If the contract is canceled, the record exits the advanced workflow.

Stage 2: Reviewing a Contract

After the contract evaluator submits the record for approval, the contract reviewer receives a notification and a task appears on their task-driven landing screen. The system automatically sets the Submitted Date as the current date and the Review Due Date for 15 days into the future. The contract reviewer must review the contract and can either cancel, reject, or approve the record. If the contract is canceled, the contract evaluator is notified, and the contract record exits the advanced workflow. If the contract is rejected, the record is sent back to Stage 1 for the contract evaluator to review and adjust accordingly. If the contract is approved, the record exits the advanced workflow.

Stage 3: Renewing a Contract

When a contract approaches the expiration date, any user with update access to the Contract record can renew the contract and then enroll the contract in the advanced workflow to initiate the contract review process.

Data Dictionary

The Third Party Catalog Data Dictionary contains configuration information for the use case.

You can obtain the Data Dictionary for the solution by contacting your Archer Account Representative.

ADDRESS	ABOUT ARCHER	CUSTOMERS
13200 Metcalf Ave	Events	Archer Academy
Suite 300	Resources	Archer Exchange
Overland Park, KS 66213	Services	Support
	About Us	Archer Community