LogoLucyWorks
  • Lessons
  • Answers
  • Pricing
  • About
  • Ask Lucy
  • Book a call
LW·A21·Glossary← All answers

What is a supplier risk register?

A supplier risk register is a ranked table of suppliers, the risks each one carries, the evidence behind those risks, and the actions needed to reduce exposure or prepare a fallback.

A supplier risk register is a working list of supplier exposures. It brings together the suppliers that could hurt delivery, cost, quality, compliance, or continuity, then ranks them so the team knows where to act first.

The register is not just a list of big suppliers. Spend is one input, but risk also comes from dependency. A small supplier can be more dangerous than the largest spend line if it is sole-source, hard to replace, tied to a specific process, overdue for audit, or sitting on a contract that expires before a backup is ready.

A useful register usually includes supplier name, commodity, spend, verified source status, contract timing, audit recency, replacement difficulty, business impact, current controls, owner, due date, and next action. The exact columns vary by company, but the test is simple: can a manager read the row and know what could break, how serious it is, and what someone is doing about it?

The word "verified" is doing work. If the ERP says a supplier is dual-sourced but a note says the backup contract has lapsed, the register should use the verified status, not the label. If a criticality field was set years ago and no longer matches the process, the register should flag the mismatch instead of repeating it.

The point is priority. A risk register helps the team choose where to spend limited attention: renewal, audit, backup qualification, inventory buffer, data correction, or an escalation to leadership.

The evidence matters as much as the score. A row with a high score but no reason is hard to act on. A row that says "sole source, no qualified backup, replacement lead time over twelve months" gives the buyer a next move.

It should stay alive. A register is not a quarterly decoration. It needs an owner, review rhythm, and field corrections, or the next version inherits the same stale source data.

Work this yourself — from the course

Build a Supplier Risk Register When Three of Your Data Fields Are LyingBuilds a supplier risk register while working around a data-integrity problem: several fields in the source ERP and supplier-master data are simply wrong, and the lesson teaches how to catch and correct them before scoring risk.

Related questions

  • Can AI build a supplier risk register?

See what the platforms caught — and missed

Twenty procurement tasks, four AI platforms, real dated runs. Lesson 2 is free to read, no account needed.

Read the free lessonTraining for your team
LogoLucyWorks

AI training that ends with a working agent.

Product
  • The 20 Lessons
  • Answers
  • Ask Lucy
  • PAIR-20 benchmark
  • Reality Check
  • Pricing
  • Book a call
Company
  • About
Legal
  • Cookie Policy
  • Privacy Policy
  • Terms of Service
© 2026 LucyWorks. All Rights Reserved.