Key Capabilities

Supplier Risk Management

The apexanalytix Supplier Risk Management solution establishes compliance and risk management best practices to protect your company from the first time you work with a supplier and over the course of the complete supplier lifecycle.

Collaboration icon

View overall risk across all of your suppliers.

In one dashboard, you can map risk levels across your supply base. Visualize where risks reside: highlighting hotspots for regulatory, fraud, cyber or other risk types with a click.

Integration 02

Gain at-a-glance visibility of risk for any supplier.

Click into any supplier’s risk scorecard and see their levels of compliance against every risk policy in your business. Trend-lines help your team understand current risk levels in context over time.

Gain at-a-glance visibility of risk for any supplier.

Use Private AI capabilities to contextualise risk information. Quickly understand the context, impact and best-practice remediation of any risk factor using built-in AI capabilities. Each dashboard is supported by clear explanations and guidance, enabling more risk-aware decision making.

Co-ordinate action plans from the supplier dashboard.

Where risks require a response, automatically engage relevant stakeholders and enable them with AI-generated recommendations based upon company policy (or best-practices where no policy is available). Additionally, progress of each case can easily be tracked from the supplier dashboard.

Inherent & Residual Risk

Within apexanalytix, risk management is viewed in the context of ensuring that each supplier falls within your company’s policies, regulatory constraints and other factors. For each supplier, we automatically calculate the inherent risk that working with them could fall below those standards.

 

Residual risk is the level or risk which remains after inherent risks are mitigated in this process. To help close the gap further, workflows are generated to engage suppliers and mitigate concerns.

 

Inherent Risk

At its core, inherent risk refers to the risk associated with a supplier or engagement before any mitigation measures are applied. For instance, when a supplier is being evaluated but hasn’t yet provided any input, this is the phase where inherent risk is assessed.

 

How is it measured?

We evaluate inherent risk through three types of invites that leverage engagement-level assessments:

 

Picture1

Discovery Invite

This is used during the early evaluation stage for potential suppliers that have not been selected yet. When paired with the risk module, an engagement table is created to categorize different engagement types such as SaaS offerings or professional services. Each engagement type comes with a unique inherent risk profile.

Full Registration Invite

Sent to suppliers who have already been selected. This invite is used to onboard them while still evaluating their inherent risk during the lifecycle.

Standalone Risk Module

Clients who don't use the Discovery or Registration modules can utilize the Risk module independently to assess inherent risk.

Inherent Risk Questionnaires

For every engagement type, we use Inherent Risk Questionnaires (IRQs). IRQs are typically answered by buyers or procurement personnel, capturing critical data to calculate engagement-specific risk scores. The risk assessment is consolidated into a dashboard, offering instant visibility of inherent risk scores.

Features that streamline the process:

• Integration with APIs allows clients to import pre-existing risk data from other systems.

• Automated data entry reduces manual intervention, making the process more efficient.

• The dashboard presents a full breakdown of scores for review by risk approvers before extending interaction with the supplier.

Beyond IRQs, our system supports assessments like financial stability, cyber risk, and sanctions checks to account for risks outside these questionnaires.

Capacity risk header

Residual Risk

Residual risk comes into play after mitigation measures or supplier-provided input have been incorporated into the evaluation process. The key transition from inherent to residual risk happens when suppliers provide responses through due diligence questionnaires (DDQs).

How is it measured?

• Residual risk assessments start with conditional due diligence questionnaires, tailored to the inherent risk levels. Suppliers with higher inherent risk may need to complete more comprehensive DDQs. Common categories include financial ethics, modern slavery practices, and young worker compliance.

• Clients can leverage one of our dozen customizable DDQ templates or adjust them based on their specific processes.

• Responses are reviewed and added to the existing risk scorecard, converting the metric from inherent to residual risk score.

Compliance risk header

Configurable Risk Weighting

User-defined weightings within the apexanalytix risk management module allow your company to define the areas of risk it is concerned about. This keeps your risk management and reporting consistent while remaining focused on business goals. Weighting can be defined at multiple levels of the risk hierarchy for each vendor.

A contract icon

Composite Score

Composite score: the overall risk score for each vendor. This score is an aggregate of each risk factor you manage. For vendors in different categories, you might choose that only specific risk areas contribute to this score (such as financial and compliance).

Collaboration icon

Risk factor score

Risk factor score: the sum of the controls associated with a specific risk factor. For example, you might choose that responses to cyber questionnaires are outweighed by the results of our automated incident monitoring.

Diversity

Individual question score

Individual question score: the ability to assign weighting to individual questions on a risk questionnaire. For example, a question asking suppliers to about their insurance might outweigh other elements of your financial risk questionnaire.

Integration Capabilities

We integrate with over 1,000 data sources to help build an actionable picture of risk among suppliers. Notable examples include an Equifax integration for credit reports and Certificial for insurance information.

You can also incorporate data from your existing niche risk solutions using a variety of methods including API integration. Our risk management module will treat this data the same as information apex’s solution collects.

A common use case might be that your sustainability function is already using an assessment tool to measure suppliers. This data can be incorporated to preserve their workflows while centralizing access to their critical data.

In time, you might choose to transition these use cases towards apexanalytix’s native solutions. For example, our ESG solution allows you to assess thousands of suppliers within a few days (rather than months per vendor). When you reach this decision, the highly configurable nature of our solution means you can keep collecting the key information that your processes already rely on.

International,Business,Partnership,And,Connection,Concept,On,Map,,Mixed,Media

Supplier Risk Categories

The apexanalytix solution supports seven key risk areas of risk and can be configured to any risk that is specific to your company's requirements.

Risk Event Monitoring

apexanalytix’s risk event monitoring leverages multiple data sources to identify potential events that could impact suppliers and their critical locations. This starts with collecting the location of headquarters and key facilities (manufacturing, shipping, support) at onboarding and when there is change.

With this data, apex can automatically elevate the risk of suppliers that could be impacted by geopolitical, environmental, cyber and other disruptive events based on news and dark web monitoring. A supplier’s risk gets elevated and an internal risk manager is alerted with a detailed report. They can then filter by any risk attribute and visualize the risk across the globe. Since apexanalytix is an open platform, any solution supporting ordering, logistics or anything else can be integrated via ODATA and APIs.

Real-time risk modelling means your team can visualise the consequences of incidents, highlighting which suppliers are affected and the business-units impacted to quickly determine the best next step.

Risk type headers (2)

Financial Risk

apexanalytix assesses the viability of companies through a partnership with Equifax to provide the financial health of companies based on business failure risk rating system that includes bankruptcies, credit score, judgements, liens and more indicators of financial health.

In addition to the financial health assessment, apex integrates with trusted data sources to identify signals of risk.
News monitoring: Has there been a news report of geo-political activity that could impact the supplier’s business?
Insurance coverage: Lapses in insurance could indicate financial instability.
Dark web: Cybercriminals selling a supplier’s data could be an indicator of future disruption or financial loss.
Fraud indicators: apex continuously scans supplier identity and transactional data to identify fraudulent entities and bank account changes.
Financial questionnaires: Best practice surveys are required at onboarding and throughout the lifecycle to identify risk that you would only know by asking the supplier.

Finance risk header

Sustainability / ESG

Align supply chain reporting with your company’s ESG goals by monitoring supplier compliance against regulatory requirements and your company’s priorities. This could include a wide variety of social and governance topics (e.g., supplier diversity, carbon emissions, labor standards or conflict minerals). apexanalytix combines a variety of data sources to evaluate your suppliers’ opportunity for impact.

Integrated data sources (OSHA, NLRB, WOW)

• Web data harvesting

• News monitoring

• Benchmarking (industry, region, company size)

• Supplier questionnaires

Sustainability header

Performance Risk

apexanalytix performance management scorecards are based on two key data sources to identify low performing suppliers and initiate improvement plans (or replace suppliers altogether).

Internal questionnaires

• Identify performance from the people who work directly with the supplier and know the market.

• Sent based on a specific time or based on upcoming agreement negotiations.

• Surveys can be by product line or specific aspects of the engagement.

Software Integrations

• Performance data from third-party solutions (quality, procurement, ERPs and other systems) can be fed into the scorecard.

Supplier performance header

Compliance

After confirming tax information with the appropriate government, apex begins assessing compliance risk with checks against critical data sources, segment-specific requirements and, if needed, engaging the supplier with questionnaires. All of these checks are performed at onboarding and continuously monitored.

Critical compliance data sources: 100+ prohibited entity lists and 200+ PEP lists.

Segment-specific: healthcare credentials, US DOT safety ratings, business registration, industry data sources

Supplier public info: scanning supplier websites for public policies to comply with regulations (child labor, modern slavery, sustainability, etc.)

News monitoring: events that may impact their compliance risk could be present in the news

• Segment-based supplier questionnaires

Enterprise community data: apexanalytix’s database of 250 million suppliers contain data that can pre-populate their profiles at onboarding. Data could include public policies, previous alerts, annual revenue or other attributes.

Compliance risk header

Capacity

apexanalytix identifies supplier capacity risk through three key data categories:

Supplier questionnaires

• Automate standardized questions to suppliers and populate the capacity scorecard based on NLP and pre-defined weighting.

Internal survey or data feeds

• Codify anecdotal knowledge through consistent internal surveys to identify suppliers that have missed shipments, had quality issues or are not performing to expectations.

• Integrate any third-party or homegrown data feeds into capacity scorecard through ODATA or API.

Onsite assessments

• Capture data from onsite assessments and track issues or progress with critical suppliers.

Bring your own risk header

Cyber Risk

apexanalytix provides visibility of cyber maturity across your third-party network which impact the security of data shared between your organizations. This is done through three data sources:

Vulnerability monitoring to identify security gaps in public infrastructure (compromised emails, missing patches, etc.).

Threat intelligence to get notified once there is activity on the dark web regarding data breaches, ransomware or other cyber incidents.

Supplier surveys and document upload requirements regarding cyber policies (e.g., data protection policies, password reset policies).

Cyber risk header

Bring Your Own Risk

On top of this, our built-in extensibility allows companies to measure and manage whatever other risk factors affect their corporate goals. Easily create and configure scorecards for any supplier segment based on your requirements and integrate third-party data sources.

Since different attributes will have greater impact to different segments, weigh segment attributes based on segment impact and adjust scoring for a comprehensive, accurate picture of risk.

Our platform can integrate with sources of your industry-specific risk factor, providing the full benefits of our Risk Resolution Engine and consolidating reporting within supplier dashboards. Additionally, you can export scores and risk attributes to other systems to support any business unit.

If subject-matter-experts within your organization rely on specific tools or data providers, connecting apexanalytix streamlines risk visibility and eliminates blind-spots caused by data siloes.

Risk hero header

Engagement Level Risk

Understanding Risk Dashboards & Engagement Types

When accessing the risk dashboard for a vendor, you can review various scorecards, such as the inherent risk questionnaire (IRQ). These questionnaires are typically answered by the internal team, like the buyer or procurement specialist, and include ratings such as “meets expectations” or “doesn’t meet expectations.”

Each question is assigned possible points, which determine its weight in the overall score. For example, if possible points are set to 10 for one question versus 1 for others, it will carry a higher weight in the risk assessment.

You can also add multiple engagements for a supplier, such as hardware, software, or consulting services. Each engagement is assigned its own unique risk score.

For instance, software engagements often emphasize security considerations like encryption and single sign-on, which might not apply to audit or consulting engagements. This customization ensures that different engagements are assessed with relevant questions and scorecards, aligning with their specific risk profiles.

Business,People,,Distributor,And,Inventory,With,Tablet,For,Stock,Check,

Managing Supplier Engagements & Risk Evaluation

Using the apex’s Discovery module, you can easily add suppliers and define their engagements to be evaluated separately, which allows for tailored questions and assessments.

Once responses are captured, a risk dashboard is automatically generated with comprehensive engagement-level scores that can roll up into an overall supplier risk score. For larger teams, multiple engagements within the same company—such as those involving different departments—are assigned customized risk parameters.

This system provides flexibility, whether you’re conducting risk evaluations during initial discovery, full registration or as a standalone module. Risk dashboards and inherent risk scores ensure you maintain thorough oversight, no matter the type or scale of your supplier interactions.

Male,And,Female,Engineers,Collaborate,With,Other,Stakeholders,,Including,Suppliers
amy-platis-thumb
apexanalytix has elevated the way we work with suppliers.
Amy Platis, Director of Finance, APM at Northwestern Medicine Hear Amy's Story
john-k-thumbnail
Time to onboard a supplier went down significantly.
John Kalina, VP Administrative Services at Independence Blue Cross Hear John's Story