Dynamic Risk Engine
Aggregate real-time data across five risk pillars with automatic recalculation, threshold alerts, and proactive mitigation planning.
Risk Pillars
Recalculation Time
Critical Alert Time
Target Low Risk
The 5-Pillar Framework
Comprehensive risk assessment across five weighted dimensions, giving you a 360° view of supplier health.
Credit scores, CCJs, payment behaviour
Regulatory status, document validity, sanctions
Delivery rates, quality metrics, BCP
Security certifications, breach history, DPA
CRP status, ISO 14001, governance
Pillar Deep Dive
Explore the specific data points and risk indicators that feed into each dimension.
Financial Pillar
20% WEIGHTAssesses supplier financial stability and payment behaviour
Input Sources
- • Credit scores from Creditsafe/Experian/D&B
- • Financial statement analysis
- • County Court Judgements (CCJs)
- • Days Sales Outstanding (DSO)
- • Invoice dispute rates
Risk Indicators
- HIGH Poor credit score (<40)
- ALERT Recent CCJs detected
- WARN Declining financial ratios
- REVIEW High dispute rate
Compliance Pillar
30% WEIGHTEvaluates regulatory compliance and document validity
Input Sources
- • Bribery Act compliance pack scores
- • Modern Slavery pack scores
- • GDPR pack scores
- • Document validity status
- • Sanctions screening results
Risk Indicators
- HIGH Pack scores <60
- ACTION Expired documents
- CRITICAL Sanctions match
- GAP Missing Modern Slavery stmt
Operational Pillar
25% WEIGHTMeasures delivery performance and operational resilience
Input Sources
- • On-time delivery rates
- • Quality metrics (defect rates, rework)
- • Business continuity plan adequacy
- • Geographic/single-source concentration
- • Capacity assessment
Risk Indicators
- CONCERN Delivery rate <90%
- REVIEW High defect rates
- RISK Single source dependency
- GAP No BCP in place
Risk Level Classification
Thresholds are tenant-configurable to align with your risk appetite
Standard monitoring, annual review
Enhanced monitoring, quarterly review
Active management, mitigation plan required
Immediate intervention, suspension consideration
Automatic Recalculation
Risk scores recalculate within 10 seconds of any triggering event, with full audit logging of contributing factors.
Recalculation Triggers
- Compliance pack questionnaire completed
- Document uploaded or expired
- Credit score update from agency
- Incident recorded (works, tickets)
- Performance scorecard updated
- Sanctions screening match detected
Threshold Alerts
Automatic alerts when suppliers cross risk thresholds, ensuring timely intervention.
Alert Types
- THRESHOLD When score moves between risk bands
- CRITICAL Executive notification within 1 hour
- PILLAR Single pillar drops significantly
- RED FLAG From compliance pack responses
See It in Action
You are the head of procurement at a mid-sized NHS trust. One of your critical suppliers, a medical equipment maintenance provider, has just had a County Court Judgment registered against them. Your current process for catching this kind of thing is a once-a-year supplier review spreadsheet. By the time you spot it, the supplier will have been operating under financial stress for months, potentially affecting the quality and reliability of their service to your trust.
How It Works
The 5-Pillar Risk Engine scores every supplier in your system across five distinct risk categories: Financial, Compliance, Operational, Cyber, and ESG. This is not a single traffic light or a vague high-medium-low rating. Each pillar produces its own score, and those scores are combined using configurable weightings to produce an overall supplier risk rating.
Financial Risk draws on credit check data, payment behaviour history, and financial indicators like CCJs, filed accounts, and credit score changes. If you connect a credit check provider, scores update automatically when new data is available.
Compliance Risk is calculated from the results of your compliance questionnaires, document status (are key documents current or expired?), and the supplier's response rate to requests. A supplier who has not completed their Modern Slavery assessment and has an expired insurance certificate will carry a higher compliance risk score than one with everything up to date.
Operational Risk factors in performance scorecard results, helpdesk ticket volumes and resolution times, and delivery or service quality metrics from your Quarterly Business Reviews.
Cyber Risk captures the supplier's responses to cyber security questions in compliance packs, including data handling practices, incident response plans, and certifications like Cyber Essentials or ISO 27001.
ESG Risk is drawn from the supplier's ESG questionnaire responses, carbon reporting data, and alignment with PPN 06/21 Carbon Reduction Plan requirements where applicable.
Each pillar's weighting is configurable at the organisation level. A financial services firm might weight Compliance and Cyber risk heavily, while a construction company might prioritise Operational and Financial risk. You set the model to match your risk appetite, and the scores adjust accordingly.
Risk scores recalculate automatically when underlying data changes. A new compliance questionnaire submission, an expired document, a poor performance scorecard, or a credit check update will all trigger a recalculation. You do not need to wait for an annual review cycle to spot a problem.
When a supplier's score crosses a threshold you define, the system raises an alert. You can set different thresholds for different actions: a warning notification at one level, a mandatory review at another, and automatic restrictions on new purchase orders at a third.
Risk overrides allow authorised users to manually adjust a score when they have context that the automated model cannot capture, such as knowledge that a low credit score is due to a planned restructuring rather than financial distress. Every override is logged with a reason and an expiry date, so they do not become permanent exceptions that nobody reviews.
Five distinct risk pillars, each scored from real platform data and weighted to your organisation's priorities, give you a supplier risk model that updates continuously rather than once a year.
Related Features
Explore more of the platform
Mitigate Supply Chain Risk
Don't wait for a crisis. Proactively manage supplier risk with our dynamic, multi-dimensional scoring engine.