Supplier Risk Monitoring

Effective Supplier Risk Management Changes How You See Opportunities

Written by Christine Ferrusi Ross

Over a decade ago, I was working with a client that wanted feedback on its latest marketing campaign – one aimed at the risk and security market. The main premise was how your world would change if you weren’t afraid. The campaign gave multiple examples of moving from a reactive state to a proactive one, like “throw instead of catch.” But my favorite example was considered too racy to be part of the formal campaign – “sleep with the enemy.”

The main point of the last statement, despite it double entendre, was actually a great business example of how companies could partner more effectively if they weren’t afraid of security breaches or other risks that come from working with suppliers and other third parties.

And sadly today many companies haven’t evolved their supplier risk management efforts in the past decade. Many of the companies I talk to are just getting serious about how to operationalize their risk programs, finally moving beyond lip service to actually trying to figure out how to track risks and address those risks before their businesses are harmed.

At Neo Group, we talk to clients about three key components to their supplier (and global delivery location) risk management:

  1. Defining the risks. What really concerns you? Is it that the supplier won’t be able to deliver on its contractual obligations; that it might do (or not do) something that will cause your firm to become noncompliant with legal requirements or industry regulations; something else? Whatever end result concerns you, you need to build a catalogue of the risks that could trigger that poor result.
  2. Monitoring those risks. While we often think of bad things happening “out of nowhere,” realistically there are often indicators that begin to appear months before the risk occurs. But tracking whether a risk is rising or falling requires continuous monitoring of every piece of news you can find about your suppliers. Not fun or sexy, but critical to risk management.
  3. Developing an action plan. The hard part – what do you DO if the risk is rising or actually happens? It’s particularly complicated because many risk indicators are subtle and in the moment it’s difficult to know exactly what to do. For example, you know not to get in a car if the engine is on fire, but what if the tires are kind of bald and there’s a 30% chance that one of them will blow out while you’re on the road? Having a specific set of risk criteria and associated action steps (this could literally be a set of if/then statements) to give you guidance so you can jump into action as soon as needed instead of taking weeks to decide – or worse, doing nothing because you weren’t sure what to do.

Of course a program that includes these three components can help you avoid or reduce risk – that’s the obvious objective. But just like the campaign all those years ago, you can also use your supplier risk management program to be proactive and take advantage of new opportunities because you’ll no longer be afraid of the unknown.

To dive deeper into these three risk management components, I encourage you to download our latest Insight paper, Third Party Oversight: The Three Components of an Effective Program, and register for our webinar, The Three Components of an Effective Third Party Oversight Program. And I’d love your feedback. You can reach me at

Announcing Supply Wisdom® Exuma

The next evolution in Automated Risk Management is here. Now you can automate risk mitigation across the entire risk management lifecycle, from Risk Identification to Risk Decision to Risk Action.