Talk to Sales

Blog

Trust Your SupplierBlogBlogWhat to Do When Your Supplier Passes the Risk Check But Something Still Feels Wrong

What to Do When Your Supplier Passes the Risk Check But Something Still Feels Wrong

Author: April Harrison 6 min read
What to dowhen your supplier passes the risk check but something feels off.

Your supplier just cleared the automated risk check. 

Green across the board. Acceptable score. No sanctions flags. No adverse media. Nothing that would stop the approval. 

And yet something feels wrong. 

Maybe it's a response that seemed rehearsed. A certificate that arrived faster than it should have. A reference who answered every question a little too smoothly. Nothing you could point to in a report. Just a feeling built from years of doing this work. 

This happens more than most procurement teams talk about. And how you handle it matters. 

The Score Is Not the Decision 

Automated risk scoring does real work. It processes data at a volume no human team could manage manually, applies consistent criteria, and surfaces flags that might otherwise go unnoticed. 

But it can only measure what it can see. 

It cannot measure the instinct of someone who has been reviewing supplier relationships for eight years. It cannot flag a supplier whose references all use suspiciously similar language. It cannot pick up on the evasiveness in how a contact talks about their sub-tier relationships. 

The score said yes. Your judgment is saying wait. Both of those are inputs to the decision, not just the score. 

A two-column comparison chart. The left column, labeled "What the score sees," lists eight items in blue: sanctions list matches, financial health indicators, adverse media flags, ESG ratings, ownership structure, country of origin, certification status, and credit risk signals. The right column, labeled "What the score misses," lists eight items in red: whether responses feel rehearsed, reference quality and consistency, evasiveness under follow-up, sub-tier transparency willingness, document timing vs. complexity, relationship history and context, your team's pattern recognition, and what changed since onboarding. A plus sign between the columns and a caption below read: "Both are inputs to the decision. Not just the score."
Click image to enlarge

Four Things to Do Before You Proceed 

  1. Name what's bothering you, specifically 

Vague unease isn't a basis for action. But it is a basis for investigation. 

Before you escalate or move forward, try to write down the concern in one or two sentences. Is it something the supplier said or didn't say? A document that looks right but arrived too quickly? An inconsistency between their questionnaire and their public information? 

Writing it down does something useful: it either reveals that the concern is more substantive than it felt, which justifies slowing down, or it dissolves when examined, which gives you the confidence to proceed. Either way, you now have a record that you noticed something and did something with it. 

That record matters later. 

  1. Go back to the supplier with a specific follow-up

A supplier with nothing to hide will generally welcome clarification. One that becomes evasive, slow, or suddenly unable to produce documentation they previously said was available is telling you something, too. 

The follow-up doesn't need to be adversarial. Frame it as standard due diligence. Ask for a document you haven't seen. Request clarification on a specific inconsistency. Ask to speak with a different contact. 

Keep a record of what you asked, when, and exactly what came back. Dates and response times matter. If this relationship becomes the subject of an audit, that paper trail is what protects your team. 

  1. Bring in the right people before you decide

The decision to proceed with a supplier who raised concerns shouldn't rest on one person. 

At a minimum, involve a compliance or risk stakeholder alongside the procurement lead. Depending on the supplier's criticality, legal or finance should be in the loop, too. 

This isn't about slowing down for the sake of process. It's about distributing accountability appropriately. Multiple informed people reviewing the same information and reaching a collective decision is a defensible governance event. One person proceeding alone based on a clean score, and something going wrong six months later, is a different conversation entirely. 

A brief documented discussion is significantly better than no record at all. Even an email thread that captures who reviewed what and what was decided. 

  1. Document your reasoning, whatever you decide

This is the step most teams skip. It's also the one that matters most when something goes wrong later. 

If you proceed, write down what the concern was, what additional steps you took, what you found, who was part of the decision, and what made proceeding acceptable. If you decide not to proceed, write that down too. 

The goal isn't to justify yourself after the fact. It's to capture the reasoning behind a judgment call at the moment it's made, while it's fresh. That reasoning is worth something. Without it, your team faces the same situation again, with no record of what you learned this time. 

The Bigger Problem: This Reasoning Disappears 

Most procurement teams know they should be doing some version of the above. The gap isn't knowledge, it's capture. 

When a procurement manager approves a borderline supplier after additional scrutiny, the reasoning behind that decision typically lives in their head, in a few email threads, or in a conversation nobody wrote down. If that person moves on, or if the relationship becomes the subject of a compliance review, that reasoning is gone. 

Procurement teams make hundreds of judgment-intensive decisions every year. Supplier approvals that required extra scrutiny. Risk score overrides justified by relationship context. Exceptions granted because of timing or information the score couldn't capture. Almost none of that reasoning gets preserved in a way that a future team member or an auditor could actually use. 

This is the decision trace problem in practice. Not a dramatic failure. A quiet, steady loss of the institutional intelligence that makes judgment-based decisions defensible over time. 

A side-by-side workflow comparison. The left column shows the standard workflow in four steps: exception requested, manager reviews request, decision approved or denied, status updated in system. It ends with a red box labeled "Context lost: no record of why the decision was made." The right column shows the TYS workflow with the same four steps, but Steps 2 and 4 capture additional detail: business justification including timing, relationship context, and risk factors in Step 2, and decision trace preserved, attached to the record, searchable and retrievable in Step 4. It ends with a green box labeled "Context captured: full reasoning attached to the record." A caption below reads: "An exception without documentation is a liability. An exception with documentation is a governance event."
Click image to enlarge

What Good Looks Like 

Teams that handle this well share a few habits. 

They write down what triggered the concern before they act on it. They document what additional steps they took and what those steps produced. They make sure the right people are part of the decision. And they attach the reasoning to the supplier record in a way that's actually retrievable, not buried in someone's inbox. 

Over time, that documentation becomes more than a paper trail for any single decision. It becomes a record of how your team actually makes calls, what factors have historically justified exceptions, and what patterns should trigger more scrutiny next time. 

The question worth asking 

Think about the last supplier your team approved after some hesitation. If you had to explain that decision today, could you do it in five minutes? Who reviewed it, what the concern was, and what made proceeding acceptable?

If the honest answer is no, that's the gap. And it's worth closing before the question gets asked by someone else. 

TYS helps procurement teams capture the reasoning behind supplier decisions, not just the decisions themselves. If you're navigating risk score overrides without a consistent process for documenting them, reach out for a demo on TYS exception workflows with the form below or read the whitepaper on decision intelligence in procurement. 


Blog Decision Intelligence Risk Management
Previous reading
What to Do When Your Supplier Passes the Risk Check But Something Still Feels Wrong
Next reading
Why Your ERP’s Vendor Module Isn’t Enough (And What to Use Instead)
MENU