Supplier surveys are still the most common way that enterprise firms measure supply chain risk.  But with spikes in ransomware attacks, heightened ESG legislation and generally volatile supply chain trends, surveys are unequivocally inadequate as the primary risk measurement tool. 

Why surveys assess risk inaccurately 


Supplier surveys are subjective, and even when the supplier relationship is strong, their responses are carefully crafted and portrayed in the best light possible by the relevant parties. Even if the supplier answers questions truthfully around their tech stack, for example, they may still respond affirmatively to broader questions about risk mitigation processes that are in place at the firm, regardless of whether or not their team follows through with them on a regular basis. 

Easily outdated 

Supplier surveys are a point-in-time snapshot of a risk assessment, meaning the responses might become irrelevant or less reliable within a matter of days, weeks or months. In fact, due to the length of time it takes for a supplier to fully complete a survey, the responses might be outdated before it even gets into the hands of the surveyor. 

Disparate response data is not actionable

The process of answering all survey questions is extremely manual, but because the burden falls on the supplier to fill it out, most companies issuing the survey don’t think too much of it. However, once completed, manual analysis takes up a significant amount of time, and the person(s) and team in charge of assessing the responses are not necessarily tasked with finding ways to collate the information in a way that provides quick, actionable insights for risk management and procurement professionals. 

Limited risk domain tracking 

Surveys often consist of qualitative questions around security processes, or perhaps ESG scores, but an in-depth survey on all of the risk domains that matter in today’s climate is not feasible. That’s because the way that supply chain risk is measured is fundamentally changing. Understanding cybersecurity health, for example, can often indicate financial risk, as investment in the former can be a positive indicator. Operational and labor metrics can also foreshadow macroeconomic trends. 

At the start of the Russia-Ukraine invasion, for instance, procurement and supply chain leaders scrambled to understand how the conflict would affected their suppliers and entire value chain. But taking a look at hiring and recruiting trends proved to be a better and earlier indicator of certain economic trends – particularly for pharmaceutical firms – than relying on conventional financial market stats.

That’s because both countries are a large market for clinical drug trial participants, particularly for Indian generic drug manufacturers, meaning that a sudden drop in regional hiring trends could have predicted the drop in share prices for some India-based companies such as Cadila, Lupin and Dr. Reddy’s. But many of the suppliers of these drug manufacturers did not have access to this real-time labor data, meaning they were not able to sufficiently plan ahead when the downstream effects became apparent. 

How to shift away from supplier surveys for primary risk measurement

Improve supplier onboarding processes

Improving and standardizing the supplier onboarding process ensures the right infrastructure is in place to gather supplier data quickly, efficiently and accurately over time. Make sure that during the process, suppliers are aware of not just the data that you’ll need but when, how and why. Many private firms, for example, are not used to publicly reporting certain metrics such as financials or R&D, so making sure they understand how the information will be used will prevent obstacles down the road. Some questions may be intended to confirm that a particular supplier doesn’t source material from a blacklisted company or an entity accused of human rights violations; however, without a clear explanation, the request simply creates additional hurdles, time lags and ultimately hinders your company’s efforts at getting the information you need the way you need it. 

Clear communication coupled with sound technology for streamlined information gathering at the start of a supplier relationship will set a strong foundation for future risk assessments. 

Integrate more objective data sources

Enterprise intelligence platforms should be able to not only integrate with your ERPs, CRMs and other applications that house first-party data, but they should also sync with premium data firms that offer objective, real-time assessments. Access to a wide breadth of accurate data across numerous risk domains – including financial, cybersecurity, ESG – is the first step in replacing disparate and outdated survey-based assessments. 

But similar to survey analysis, an overload of information, even if more reliable, does not always translate into actionable insights that category managers and other procurement professionals can use to mitigate potential disruption. Supplier intelligence platforms that can aggregate and use artificial intelligence and machine learning models to offer digestible recommendations for risk mitigation are a key factor in optimizing and digitizing procurement functions.

Boost cross-functional communication with seamless collaboration tools 

An often-told cautionary tale, the story of Ericsson and Nokia’s respective responses to a mutual supplier’s facility fire is a testament to the importance of on-point communication and strong relationships among procurement, leadership and other supply chain stakeholders. In response to the incident at their Albuquerque-based microchip plant, the two companies took very different paths. 

Nokia moved quickly to secure remaining supply at both the Albuquerque plant and others. What’s even more impressive is that their team re-engineered their phones so that chips from other global suppliers in the US and Japan would be compatible. 

Ericsson, on the other hand, was assured the impact of the outbreak would be short-lived and notice of the fire didn’t even reach top leadership until it was too late. Philips was a single-source supplier for the firm, and by the time the news circulated, Nokia had already snatched up any remaining supply. Consequently, about $1.6 billion was lost to Ericsson’s mobile phone division, with $400 million lost in sales.

The reason Nokia was able to move swiftly is because they maintained strong relationships and communication with all levels of management and regularly collaborated with stakeholders to ensure strong contingency plans in cases of emergency. Needless to say, utilizing collaboration and case management tools that are embedded in your intelligence platform and can integrate with ERPs or other commonly-used enterprise applications is imperative for more advanced risk mitigation.


Shifting from supplier surveys to objective data and innovative risk analysis is critical to measuring risk. And utilizing supplier intelligence platforms that integrate both  surveys and third-party sources is key for procurement leaders to optimize sourcing, evaluation and risk sensing.