What is the difference between inherent risk and residual risk in apexanalytix?

Inherent risk is the level of risk associated with a supplier before any mitigation measures are applied — assessed through Inherent Risk Questionnaires (IRQs) completed by buyers or procurement personnel at the start of an engagement. Residual risk is what remains after mitigation measures and supplier-provided input are incorporated, primarily through conditional due diligence questionnaires (DDQs) tailored to the supplier's inherent risk level. As suppliers complete DDQs, their risk metric transitions from an inherent to a residual risk score on the dashboard.

What risk categories does apexanalytix's supplier risk management module cover?

The apexanalytix Supplier Risk Management module covers seven key risk categories: risk event monitoring (geopolitical, environmental, and cyber disruptions), financial risk (credit health, bankruptcy indicators, insurance lapses, and fraud signals via Equifax), sustainability and ESG risk, performance risk, compliance risk (100+ prohibited entity lists, 200+ PEP lists, and segment-specific requirements), capacity risk, and cyber risk (vulnerability monitoring and dark web threat intelligence). The platform also supports Bring Your Own Risk configuration for any company-specific risk factors.

How does configurable risk weighting work in apexanalytix?

apexanalytix allows organizations to define risk weighting at three levels. The composite score is the overall risk score for each vendor, aggregating all risk factors — and for vendors in different categories, specific risk areas can be included or excluded. The risk factor score is the sum of controls for a specific risk area, where automated monitoring results can be weighted against questionnaire responses. Individual question scoring allows organizations to assign greater weight to specific questions on a questionnaire — for example, an insurance question might outweigh other elements of a financial risk assessment.

How does apexanalytix integrate with existing risk tools and data sources?

apexanalytix integrates with 1,000+ data sources and supports API and ODATA integration to import risk data from existing third-party or homegrown systems. Notable integrations include Equifax for financial health assessments and Certificial for insurance verification. Organizations already using niche risk or sustainability tools can feed that data into apexanalytix scorecards, preserving existing workflows while centralizing risk visibility — and can transition those use cases to apexanalytix's native solutions over time.

How does apexanalytix use AI in supplier risk management?

apexanalytix uses Private AI capabilities to help risk teams quickly understand the context, impact, and best-practice remediation for any risk factor surfaced in the dashboard. Where risks require a response, the platform automatically engages relevant internal stakeholders and provides AI-generated recommendations based on company policy — or on industry best practices where no internal policy is available. Progress on each risk case can be tracked directly from the supplier dashboard.

Products
The apexanalytix Platform

Protect your company’s reputation and revenue from the first time you engage with a supplier and throughout the supplier lifecycle.

Portal

Supplier Registration

Supplier Risk Management

Overpayment Prevention

Inquiry

Supplier Discovery

Dynamic Discounting

On-Demand Training

Agents

Chatbot Agent

Ticket Response Agent

Risk Response Agent

Data

API Documentation

Read More

Download the report
Solutions
View All Use Cases

Our purpose-built and configurable platform brings together everything your company needs to optimize your supply base.

Supplier Management

Supplier Onboarding

Bank Account Validation

Supplier Invoice and Payment Software

Fraud Prevention

Supplier Management for Government Agencies

Customer Onboarding

Customer Success Services

Overpayment Prevention

View All

Supplier Risk Management

Supplier Risk Events

Supplier Financial Risk

Supplier Sustainability Risk

Supplier Performance Risk

Supplier Compliance Risk

Supplier Capacity Risk

Supplier Cyber Risk

Third-Party Risk Management

Bring Your Own Risk

View All

Audit & Recovery

AP Recovery Audit

Contract Compliance Audit

Unclaimed Property

Sales and Use Tax

Retail Merchandise

Fraud Detect

Audit & Recovery for Government Agencies

View All

Data

Data Scores & Insights

Third Party Data Validation & Enrichment

APIs For Developers

View All
Data
Resources
Resources

Explore e-books, white papers, customer-led webinars and more.

View All Resources

European Centre of Excellence

Blog

Reports

Live Events

On-Demand Webinars

Videos

Case Studies

Product Briefs

Support

For Suppliers

Software Support

Read More

Download the Report
Company
Our Why

To positively impact the lives and careers of our associates, customers and partners.

About Us

The world's leading provider of supplier onboarding, risk management and recovery solutions.

Careers

Join a dynamic environment where your contributions drive meaningful impact.

Leadership

Meet the leaders driving apexanalytix forward with expertise, vision, and innovation.

Media Mentions

Explore how apexanalytix innovations, insights, and technology are making headlines.

Partners

Strength in unity. There are no problems we cannot solve, together.

Newsroom

Stay informed with the latest press releases, featuring groundbreaking innovations and company updates.

Read More

Hungry. Humble. Smart. This place is for you.

Learn More

Get Started

Supplier Risk Management Module

Every risk. Every supplier. Every stakeholder. Under control.

Key Capabilities

Supplier Risk Management

The apexanalytix Supplier Risk Management solution establishes compliance and risk management best practices to protect your company from the first time you work with a supplier and throughout the complete supplier lifecycle.

View overall risk across all of your suppliers.

In one dashboard, you can map risk levels across your supply base. Visualize where risks reside: highlighting hotspots for regulatory, fraud, cyber or other risk types with a click.

Gain at-a-glance visibility of risk for any supplier.

Click into any supplier’s risk scorecard and see their levels of compliance against every risk policy in your business. Trend-lines help your team understand current risk levels in context over time.

Use Private AI capabilities to contextualize risk information.

Use Private AI capabilities to contextualize risk information. Quickly understand the context, impact and best-practice remediation of any risk factor using built-in AI capabilities. Each dashboard is supported by clear explanations and guidance, enabling more risk-aware decision-making.

Coordinate action plans from the supplier dashboard.

Where risks require a response, automatically engage relevant stakeholders and enable them with AI-generated recommendations based upon company policy (or best practices where no policy is available). Additionally, progress of each case can easily be tracked from the supplier dashboard.

Inherent & Residual Risk

Within apexanalytix, risk management is viewed in the context of ensuring that each supplier falls within your company’s policies, regulatory constraints and other factors. For each supplier, we automatically calculate the inherent risk that working with them could fall below those standards.

Residual risk is the level of risk that remains after inherent risks are mitigated in this process. To help close the gap further, workflows are generated to engage suppliers and mitigate concerns.

Inherent Risk

At its core, inherent risk refers to the risk associated with a supplier or engagement before any mitigation measures are applied. For instance, when a supplier is being evaluated but hasn’t yet provided any input, this is the phase where inherent risk is assessed.

How is it measured?

We evaluate inherent risk through three types of invites that leverage engagement-level assessments:

apexanalytix supplier registration and risk platform

Discovery Invite

This is used during the early evaluation stage for potential suppliers that have not been selected yet. When paired with the risk module, an engagement table is created to categorize different engagement types, such as SaaS offerings or professional services. Each engagement type comes with a unique inherent risk profile.

Full Registration Invite

Sent to suppliers who have already been selected. This invite is used to onboard them while still evaluating their inherent risk during the lifecycle.

Standalone Risk Module

Clients who don't use the Discovery or Registration modules can utilize the Risk module independently to assess inherent risk.

Inherent Risk Questionnaires

For every engagement type, we use Inherent Risk Questionnaires (IRQs). IRQs are typically answered by buyers or procurement personnel, capturing critical data to calculate engagement-specific risk scores. The risk assessment is consolidated into a dashboard, offering instant visibility of inherent risk scores.

Features that streamline the process:

• Integration with APIs allows clients to import pre-existing risk data from other systems.

• Automated data entry reduces manual intervention, making the process more efficient.

• The dashboard presents a full breakdown of scores for risk approvers to review before extending interaction with the supplier.

Beyond IRQs, our system supports assessments like financial stability, cyber risk, and sanctions checks to account for risks outside these questionnaires.

Residual Risk

Residual risk comes into play after mitigation measures or supplier-provided input has been incorporated into the evaluation process. The key transition from inherent to residual risk happens when suppliers provide responses through due diligence questionnaires (DDQs).

How is it measured?

• Residual risk assessments start with conditional due diligence questionnaires, tailored to the inherent risk levels. Suppliers with higher inherent risk may need to complete more comprehensive DDQs. Common categories include financial ethics, modern slavery practices, and young worker compliance.

• Clients can leverage one of our dozen customizable DDQ templates or adjust them based on their specific processes.

• Responses are reviewed and added to the existing risk scorecard, converting the metric from inherent to residual risk score.

apexanalytix supplier compliance event monitoring

Configurable Risk Weighting

User-defined weightings within the apexanalytix risk management module allow your company to define the areas of risk it is concerned about. This keeps your risk management and reporting consistent while remaining focused on business goals. Weighting can be defined at multiple levels of the risk hierarchy for each vendor.

Composite Score

Composite score: the overall risk score for each vendor. This score is an aggregate of each risk factor you manage. For vendors in different categories, you might choose that only specific risk areas contribute to this score (such as financial and compliance).

Risk factor score

Risk factor score: the sum of the controls associated with a specific risk factor. For example, you might choose that responses to cyber questionnaires are outweighed by the results of our automated incident monitoring.

Individual question score

Individual question score: the ability to assign weighting to individual questions on a risk questionnaire. For example, a question asking suppliers about their insurance might outweigh other elements of your financial risk questionnaire.

Integration Capabilities

We integrate with over 1,000 data sources to help build an actionable picture of risk among suppliers. Notable examples include an Equifax integration for credit reports and Certificial for insurance information.

You can also incorporate data from your existing niche risk solutions using a variety of methods including API integration. Our risk management module will treat this data the same as information apex’s solution collects.

A common use case might be that your sustainability function is already using an assessment tool to measure suppliers. This data can be incorporated to preserve their workflows while centralizing access to their critical data.

In time, you might choose to transition these use cases towards apexanalytix’s native solutions. For example, our ESG solution allows you to assess thousands of suppliers within a few days (rather than months per vendor). When you reach this decision, the highly configurable nature of our solution means you can keep collecting the key information that your processes already rely on.

apexanalytix supplier compliance and risk platform integrations

Supplier Risk Categories

The apexanalytix solution supports seven key risk areas of risk and can be configured to any risk that is specific to your company's requirements.

Risk Event Monitoring

apexanalytix’s risk event monitoring leverages multiple data sources to identify potential events that could impact suppliers and their critical locations. This starts with collecting the location of headquarters and key facilities (manufacturing, shipping, support) at onboarding and when there is a change.

With this data, apexanalytix can automatically elevate the risk of suppliers that could be impacted by geopolitical, environmental, cyber and other disruptive events based on news and dark web monitoring. A supplier’s risk gets elevated, and an internal risk manager is alerted with a detailed report. They can then filter by any risk attribute and visualize the risk across the globe. Since apexanalytix is an open platform, any solution supporting ordering, logistics or anything else can be integrated via ODATA and APIs.

Real-time risk modeling means your team can visualize the consequences of incidents, highlighting which suppliers are affected and the business units impacted to quickly determine the best next step.

apexanalytix supplier compliance and risk event monitoring

Financial Risk

apexanalytix assesses the viability of companies through a partnership with Equifax to provide the financial health of companies based on business failure risk rating system that includes bankruptcies, credit score, judgements, liens and more indicators of financial health.

In addition to the financial health assessment, apex integrates with trusted data sources to identify signals of risk.
• News monitoring: Has there been a news report of geo-political activity that could impact the supplier’s business?
• Insurance coverage: Lapses in insurance could indicate financial instability.
• Dark web: Cybercriminals selling a supplier’s data could be an indicator of future disruption or financial loss.
• Fraud indicators: apex continuously scans supplier identity and transactional data to identify fraudulent entities and bank account changes.
• Financial questionnaires: Best practice surveys are required at onboarding and throughout the lifecycle to identify risks that you would only know by asking the supplier.

apexanalytix supplier compliance and financial risk event monitoring

Sustainability / ESG

Align supply chain reporting with your company’s ESG goals by monitoring supplier compliance against regulatory requirements and your company’s priorities. This could include a wide variety of social and governance topics (e.g., supplier diversity, carbon emissions, labor standards or conflict minerals). apexanalytix combines a variety of data sources to evaluate your suppliers’ opportunity for impact.

• Integrated data sources (OSHA, NLRB, WOW)

• Web data harvesting

• News monitoring

• Benchmarking (industry, region, company size)

• Supplier questionnaires

apexanalytix supplier compliance and ESG risk event monitoring

Performance Risk

apexanalytix performance management scorecards are based on two key data sources to identify low-performing suppliers and initiate improvement plans (or replace suppliers altogether).

Internal questionnaires

• Identify performance from those who work directly with the supplier and know the market.

• Sent based on a specific time or based on upcoming agreement negotiations.

• Surveys can be by product line or specific aspects of the engagement.

Software Integrations

• Performance data from third-party solutions (quality, procurement, ERPs and other systems) can be fed into the scorecard.

Compliance

After confirming tax information with the appropriate government, apex begins assessing compliance risk with checks against critical data sources, segment-specific requirements and, if needed, engaging the supplier with questionnaires. All of these checks are performed at onboarding and continuously monitored.

• Critical compliance data sources: 100+ prohibited entity lists and 200+ PEP lists.

• Segment-specific: healthcare credentials, US DOT safety ratings, business registration, industry data sources

• Supplier public info: scanning supplier websites for public policies to comply with regulations (child labor, modern slavery, sustainability, etc.)

• News monitoring: events that may impact their compliance risk could be present in the news

• Segment-based supplier questionnaires

• Enterprise community data: apexanalytix’s database of 280 million suppliers contains data that can pre-populate their profiles at onboarding. Data could include public policies, previous alerts, annual revenue or other attributes.

Capacity

apexanalytix identifies supplier capacity risk through three key data categories:

Supplier questionnaires

• Automate standardized questions to suppliers and populate the capacity scorecard based on NLP and pre-defined weighting.

Internal surveys or data feeds

• Codify anecdotal knowledge through consistent internal surveys to identify suppliers that have missed shipments, had quality issues or are not performing to expectations.

• Integrate any third-party or homegrown data feeds into the capacity scorecard through ODATA or API.

Onsite assessments

• Capture data from onsite assessments and track issues or progress with critical suppliers.

apexanalytix supplier compliance and capacity risk event monitoring

Cyber Risk

apexanalytix provides visibility of cyber maturity across your third-party network which impacts the security of data shared between your organizations. This is done through three data sources:

• Vulnerability monitoring to identify security gaps in public infrastructure (compromised emails, missing patches, etc.).

• Threat intelligence to get notified once there is activity on the dark web regarding data breaches, ransomware or other cyber incidents.

• Supplier surveys and document upload requirements regarding cyber policies (e.g., data protection policies, password reset policies).

apexanalytix supplier compliance and cyber risk event monitoring

Bring Your Own Risk

On top of this, our built-in extensibility allows companies to measure and manage whatever other risk factors affect their corporate goals. Easily create and configure scorecards for any supplier segment based on your requirements and integrate third-party data sources.

Since different attributes will have a greater impact to different segments, weigh segment attributes based on segment impact and adjust scoring for a comprehensive, accurate picture of risk.

Our platform can integrate with sources of your industry-specific risk factor, providing the full benefits of our Risk Resolution Engine and consolidating reporting within supplier dashboards. Additionally, you can export scores and risk attributes to other systems to support any business unit.

If subject-matter-experts within your organization rely on specific tools or data providers, connecting apexanalytix streamlines risk visibility and eliminates blind spots caused by data siloes.

Engagement Level Risk

Understanding Risk Dashboards & Engagement Types

When accessing the risk dashboard for a vendor, you can review various scorecards, such as the inherent risk questionnaire (IRQ). These questionnaires are typically answered by the internal team, like the buyer or procurement specialist, and include ratings such as “meets expectations” or “doesn’t meet expectations.”

Each question is assigned possible points, determining its weight in the overall score. For example, if possible points are set to 10 for one question versus 1 for others, it will carry a higher weight in the risk assessment.

You can also add multiple engagements for a supplier, such as hardware, software, or consulting services. Each engagement is assigned its own unique risk score.

For instance, software engagements often emphasize security considerations like encryption and single sign-on, which might not apply to audit or consulting engagements. This customization ensures that different engagements are assessed with relevant questions and scorecards, aligning with their specific risk profiles.

apexanalytix supplier compliance and performance risk dashboards

Managing Supplier Engagements & Risk Evaluation

Using the apex’s Discovery module, you can easily add suppliers and define their engagements to be evaluated separately, which allows for tailored questions and assessments.

Once responses are captured, a risk dashboard is automatically generated with comprehensive engagement-level scores that can roll up into an overall supplier risk score. For larger teams, multiple engagements within the same company—such as those involving different departments—are assigned customized risk parameters.

This system provides flexibility, whether you’re conducting risk evaluations during initial discovery, full registration or as a standalone module. Risk dashboards and inherent risk scores ensure you maintain thorough oversight, no matter the type or scale of your supplier interactions.

apexanalytix supplier compliance and performance risk evaluation

Frequently Asked Questions

Why do companies need a dedicated supplier risk management solution?

Why do companies need a dedicated supplier risk management solution?
What is the difference
between inherent risk and residual risk in supplier management, and how does apexanalytix measure both?
How does apexanalytix help companies manage supplier financial risk?
How does apexanalytix help companies manage supplier cyber risk?
Can apexanalytix's supplier
risk management module work alongside existing risk tools and data sources our company already uses?

According to a 2025 RapidRatings survey, 81% of supply chain and procurement professionals had their business impacted by supplier disruptions in the past two years, and 30% of those disruptions cost organizations more than $5 million each.

Yet despite this exposure, most companies still lack the visibility needed to get ahead of problems: McKinsey research found that only 42% of organizations have risk visibility beyond their tier-one suppliers. The apexanalytix Supplier Risk Management module addresses this gap by giving procurement teams a single dashboard that maps inherent and residual risk levels across their entire supply base.

Covering supplier across multiple risk categories including financial, cyber, compliance, sustainability, performance, reputational, capacity, and geopolitical risk events. Rather than discovering a supplier problem after the damage is done, apexanalytix continuously monitors the full supply base and alerts internal stakeholders the moment a risk threshold is crossed.

Inherent risk is the level of risk a supplier presents before any mitigation steps are taken, such as when a potential new supplier is first being evaluated. Residual risk is what remains after that mitigation process has run its course.

Many organizations struggle to distinguish between the two because their tools do not calculate risk dynamically. apexanalytix handles both in a structured workflow: inherent risk is calculated through Inherent Risk Questionnaires answered by buyers or procurement personnel, which generate engagement-specific risk scores visible in a consolidated dashboard before any supplier interaction deepens.

Residual risk is then calculated as suppliers respond to conditional Due Diligence Questionnaires, with higher-risk suppliers required to complete more comprehensive assessments. The result is a risk scorecard that evolves throughout the supplier lifecycle rather than remaining static after onboarding.

Financial instability in a supplier base is one of the most underestimated sources of supply chain disruption. RapidRatings data shows that in some manufacturing sectors, more than a third of suppliers carry a high or very high risk of default.

apexanalytix addresses this through a partnership with Equifax to assess supplier viability using a business failure risk rating system that incorporates bankruptcies, credit scores, judgments, liens, and other financial health indicators. Beyond credit data, the platform continuously monitors news for geopolitical activity that could affect a supplier’s business, tracks insurance coverage lapses as indicators of financial instability, and scans the dark web for signals of a supplier’s data being compromised, which can foreshadow future financial disruption.

This combination of structured financial assessment and continuous external signal monitoring gives procurement teams a much more complete picture of financial risk than a periodic credit check alone.

apexanalytix Cyber Risk Management embeds cyber risk and compliance oversight directly into supplier approval, onboarding, and ongoing monitoring workflows, ensuring security considerations are addressed throughout the entire supplier lifecycle.

The solution enables organizations to rapidly assess supplier cybersecurity posture, gather documentation, and continuously monitor for incidents or vulnerabilities, while automating collaboration and remediation across procurement, risk, and security teams. Assessments and controls align with widely adopted frameworks such as NIST, CIS, and ISO, helping companies enforce consistent standards and maintain compliance while protecting sensitive data and operations from third party cyber threats.

Yes, and this is one of the more practical strengths of the platform. Many large organizations already have point solutions for specific risk categories, such as a sustainability assessment tool used by the ESG team or a niche financial risk provider.

Rather than requiring companies to rip and replace those investments, apexanalytix integrates with over 1,000 data sources and accepts data from existing tools via API, treating third-party inputs the same as data its own solution collects. A common use case is a sustainability team that already has an assessment workflow in place; their data can be pulled into apexanalytix’s central risk dashboard to preserve their process while giving the broader organization consolidated visibility.

Companies using technology for compliance consistently report better outcomes: according to PwC research, 64% report better risk visibility, 53% report faster issue identification and response, and 43% report increased productivity and cost savings.

apexanalytix has elevated the way we work with suppliers.

Amy Platis, Director of Finance, APM at Northwestern Medicine Hear Amy's Story

Time to onboard a supplier went down significantly.

John Kalina, VP Administrative Services at Independence Blue Cross Hear John's Story

The apexanalytix Platform

View All Use Cases

Resources

Our Why