4 common mistakes of supplier risk mitigation.


Share this post


Your supply chain is only as strong as its weakest link. And with multiple factors that can impact and disrupt your supply chain—from droughts and pandemics to changing industry regulations and cyberattacks—it’s important to have systems and measures in place to identify, predict, and mitigate potential risks before they become a major problem.

However, not all mitigation efforts are created equal. The wrong approach can lead to inefficient tactics, misguided strategies, and an incomplete picture of the real risks facing your business supply chain. This can leave your supply chain vulnerable to otherwise preventable threats and disruptions.  

Below we’ve broken down the top 4 common mistakes businesses make in supplier risk management and why you should avoid them to ensure a stable and secure supply chain across the people, products, partners, and places you do business. 

1. Using a narrow set of metrics to measure and mitigate risk

In order to successfully mitigate risk, you need to be looking at the whole picture of your suppliers and potential risk indicators. Too often, companies rely on only a narrow set of data from their suppliers to measure and identify risks, such as financial metrics, sustainability reports, and manufacturing locations. 

However, while these metrics are important and can paint a general picture of potential risks, there are additional data points to consider—and you’re not likely to get them directly from your suppliers.

Consider broadening your scope to include metrics like


  • Court filings
  • Blacklists 
  • Human capital data
  • Data breaches
  • Cybersecurity ratings
  • Changes in key executives and leadership 

Widening your scope can alert you to risks that you might otherwise miss and help you take action earlier. 

For example, if there is a sudden drop in employee headcount or changes in leadership, that could be an indicator of financial challenges that could impact your supply chain. This is not typically something that a supplier would tell you directly, nor is it something you may read about in the news, so you would need to intentionally include those metrics in your monitoring strategy. But it’s information that could prompt you to reach out to your supplier for additional context or at least make you aware of potential risk and prepare for it. 

Bottom line: more accurate, validated data creates a more holistic view of risk and enables you to put more pieces of the puzzle together so you can make better data-driven decisions. 

2. Relying on suppliers for insights

Many companies rely on their suppliers to provide relevant data. For example, businesses often survey their suppliers during the vetting or onboarding process, requiring information about the supplier’s capabilities, quality, security, practices, financials, etc. 

However, relying solely on your suppliers for accurate, complete data can lead to visibility gaps and biased or missing information as suppliers are incentivized to present themselves in the best light. 

This doesn’t mean you should stop gathering data from suppliers—this is an important step and a best practice that is especially helpful for gathering information that is not publicly available. But it’s important to also validate the data and gather data outside of questionnaires. 

This step is often skipped or ignored due to the time-intensiveness of scouring multiple sites, conducting endless google searches, and reading endless sustainability reports to uncover key data. Finding a platform, like Craft, can help aggregate this data in one place and provide insights that can help reduce the time intensiveness and challenges of that task. 

3. Only focusing mitigation efforts on top suppliers

When it comes to risk mitigation, it’s common for procurement and supply chain professionals to focus their attention solely on their top suppliers. And it makes sense. It’s not unusual for 20% of suppliers to make up 80% of spend within a company, so it’s natural to focus attention on them. 

However, over-prioritizing your top spenders is a risky mistake because it ignores the potential impact of your small suppliers—many of which often provide crucial specialty components. This can be especially problematic when a product cannot be shipped or assembled until all parts are present because any interruption to your smaller suppliers’ production or supply of materials can disrupt your entire operation. 

So how do you prevent these visibility gaps?

There are a couple of ways to tackle this problem. First, increase the attention and focus on any active suppliers, regardless of size or spend. Monitoring your active suppliers will ensure you have a complete picture of your supply chain from A to Z so you can pinpoint potential threats and mitigate risks more effectively.

Expanding the focus to a larger number of suppliers can be daunting, especially because gathering the proper information to successfully understand potential risk can be slow and manual. So finding ways to speed up the process of gathering complete, accurate, and reliable information so you can focus on maintaining and developing supplier relationships is crucial. 

The second step is understanding the financial risk when there is a single supplier of a part or material and placing increased focus to find alternate or additional suppliers to mitigate that risk. If you rely on just one supplier, any disruptions they face will impact the rest of your supply chain. By identifying additional suppliers, you can spread the risk so if one supplier experiences problems, you’ll have backup suppliers to fill the gap. 

4. Treating risk mitigation as an activity, not a process

At the end of the day, supplier risk management is an ongoing process, not a one-time activity. Yet, many companies treat vetting and onboarding suppliers as a one-and-done event to complete vendor approval, neglecting long-term risk mitigation efforts such as regular check-ins and building deep supplier relationships. This can lead to supply chain breakdowns later on when suppliers face challenges or you experience unprecedented disruption. 

Being reactive with supplier risk usually means by the time you know, it’s too late and disruption has already come your way. Suppliers will almost never reach out to you, and it’s important to be able to flag potential issues and then be able to reach out and concern. 

Successful risk mitigation means developing relationships with your suppliers so you are aware of potential challenges as they arise, while also ensuring you have the right systems in place to proactively alert you of challenges. 

Having technology that can proactively detect potential risks or indicators of risk and then alert you is important in helping reduce the tedium and workload.