The Rise of Supply Chain Risk Management — and Its Growing Demands
Audits and questionnaires have long been relied upon for supply chain risk management. Audits involve a thorough review of a supplier's operations and are typically conducted by a third-party auditor, helping to identify potential risks and ensure compliance with regulations and standards. Questionnaires, sometimes called desk audits, are used to gather information from suppliers about their practices and procedures. A survey conducted by the Supply Chain Management Review found that 67% of organizations use audits and 54% use questionnaires for supply chain risk management. The demand for more rigorous supply chain oversight is being driven by a growing recognition that supply chain risk events can have far-reaching consequences for businesses, including reputational damage, financial losses, and legal liabilities. To mitigate these risks, governments are enacting regulations that require companies to conduct due diligence on their supply chains, such as the Uyghur Forced Labor Prevention Act and the UK Modern Slavery Act. Investors are also pushing for greater supply chain transparency and risk management, with initiatives such as the CDP Supply Chain Program, which evaluates companies on their supply chain sustainability performance. New laws and regulations, along with investor expectations, are requiring companies to know far more about their supply chain than questionnaires can produce. It is true that there are some questions that only a supplier can answer, but if a company's strategy relies heavily on supplier-provided information, it may want to consider adding supply chain risk management technology to its risk management stack.
Self-reported, static, and narrow in scope — analogue tools create dangerous blind spots across the supply chain.
Questionnaires are subjective in nature and rely on self-reported data from suppliers. This inherent subjectivity can lead to inaccuracies and inconsistencies in risk assessments. Suppliers may not always provide complete or truthful information, potentially masking risks that can later result in supply chain disruptions. A study found that due to concerns about reputation and legal consequences, suppliers may underreport labor abuses or provide misleading information, which can result in a false sense of security and an inability to respond promptly to emerging risks. Questionnaires provide a snapshot of a supplier's risk profile at a specific point in time. However, risk factors in supply chains can change rapidly, and static questionnaires cannot provide real-time visibility into emerging risks or evolving supplier practices. Risks such as environmental impact, labor conditions, or regulatory compliance require ongoing monitoring and continuous evaluation. Questionnaires typically cover a predefined set of questions, often focused on basic risk areas such as financial stability, labor practices, or environmental protocols — but supply chain risks are multi-faceted and can extend beyond these limited areas. Risks related to environmental sustainability, social responsibility, cybersecurity, or geopolitical factors may not be adequately captured through questionnaires alone, leading to blind spots that leave companies vulnerable. Low supplier response rates compound the problem further. On average, less than 30 percent of suppliers respond to questionnaires. Suppliers may perceive the surveys to be time-consuming and burdensome, may be required to complete multiple surveys from different customers, or may be reluctant to disclose sensitive operational information. Suppliers are running businesses with the same time and resource constraints as their buyers, making widespread, reliable participation difficult to achieve. A study published in the Harvard Business Review found that supplier audits are often ineffective at identifying human rights violations in supply chains, as auditors tend to focus on symptoms rather than root causes. A checkbox compliance mindset can lead to a situation where suppliers and organizations focus more on meeting minimum requirements rather than addressing underlying risks — creating a false sense of security and a failure to identify and mitigate risks not captured by compliance checklists. Furthermore, there are places in the world where auditors are not allowed to go at all, which represents a significant and unaddressed risk exposure.
Relying only on lagging indicators means companies are always reacting — never preventing.
Audits and questionnaires should be viewed as lagging indicators — tools that reveal what has already happened — rather than comprehensive risk management solutions. The cost of missing leading indicators that questionnaires do not catch can be significant, with estimates from the International Labour Organization ranging from 2% to 7% of a company's annual turnover in human rights-related supply chain risks alone. The critical distinction is between lagging and leading indicators. Lagging indicators tell you what has already occurred, while leading indicators — such as big data analytics, AI, predictive models, and federated supplier data — reveal what is currently happening or is likely to happen. Effective supply chain risk management requires both, with questionnaires and audits serving as just one component in a much broader toolbox. Supply chains are dynamic. Risks change with new suppliers, shifting regulations, and global events. A one-time audit is not enough. Effective supply chain risk software should provide ongoing monitoring with real-time alerts, giving companies continuous visibility into emerging risks and allowing teams to act proactively rather than reactively. Without this, companies will always be behind the curve when it comes to identifying and addressing risk.
Combining analogue tools with AI, real-time data, and multi-tier visibility is the only way to truly protect your supply chain.
While questionnaires can provide a starting point for risk assessment in supply chains, relying solely on them is insufficient and leaves companies exposed to significant risks. To effectively monitor risk, companies should adopt a more comprehensive approach that combines questionnaires with real-time data, ongoing monitoring, and deeper supplier evaluations. Leveraging technology solutions, data analytics, and collaboration with industry partners can help enhance risk visibility, identify emerging risks, and ensure the resilience of the supply chain. True supply chain visibility means seeing past direct Tier 1 suppliers. Real supply chain risk often hides deeper — at Tier 2, Tier 3, and raw material sourcing levels. Without deeper visibility, a risk strategy will always be incomplete. Companies should look for solutions that blend questionnaires with independent data, analytics, and monitoring so that supply chain visibility is not limited to what suppliers choose to self-report. By embracing a more dynamic and holistic risk management approach — one that includes AI-powered mapping, continuous monitoring, and leading indicators alongside traditional questionnaires and audits — companies can safeguard their operations, protect their reputation, and maintain long-term sustainability in an increasingly complex and regulated business landscape.
*not sales material disguised as 'resources.'